On Tue, 2015-04-07 at 10:36 +0000, Sam McLeod wrote: > We're trying to get OpenConnect working to replace the Junos Pulse > client on OSX and Linux clients connecting to our Juniper MAG 2600 > VPN gateway. > OpenConnect correctly authenticates and establishes the connection > however DNS does not work over the link. > > - I've checked /etc/resolv.conf on my OSX machine and our internal > DNS server has been correctly added. On OSX it's not sufficient to fix resolv.conf; it has multiple redundant ways of handing DNS configuration (yay Apple). There was a fix recently in vpnc-script which ought to have made this work better: http://git.infradead.org/users/dwmw2/vpnc-scripts.git/commitdiff/e8b30a2be9 > - A tcpdump shows the DNS request traffic on the utun1 interface > however the MAG 2600 returns an NXDomain: > > 20:20:57.596050 IP nal IP of MAG>.55812 ><internal IP of DNS Server>.domain: 31256+ A? <internal hostname>. (28) > 20:20:57.623131 IP .domain > .55812: 31256 NXDomain 0/0/0 (28) Hm the internal IP address of the MAG? Do you mean the VPN IP address of the *client*? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150407/65c767cf/attachment.bin>
