News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: DNS forwarder initiating query to DNS server over IPsec VPN
Pages: [1]
Topic: DNS forwarder initiating query to DNS server over IPsec VPN  (Read 2451 times)
« on: August 11, 2010, 06:02:24 »
ivanfetch *
Posts: 1
Hello,

This FAQ entry:

http://doc.m0n0.ch/handbook/faq-snmpovervpn.html

makes this statement, which I'd like to know more about:

"There's an annoying but mostly harmless side-effect to this - every LAN
packet to the tunnel elicits a no-change ICMP Redirect."

Would someone shed more light on what the above snippet means? What are the ramifications of defining a route like this:

interface: LAN
network: LAN net of a second m0n0wall (connected by IPsec VPN)
Gateway: LAN IP of this (first) m0n0wall


Why I am doing this: active directory was recently installed at site 1. Site 2 is small enough that there will not be a local domain controller. Both sites are connected by a m0n0wall 1.3 IPsec VPN. I would like m0n0wall at site 2, to proxy DNS lookups for active directory, to the domain controller at site 1. I have found that m0n0wall at site 2 does not properly initiate a connection to the DNS server at site 1, apparently due to the IPsec kludge referenced in the above FAQ.

Setting up the route on m0n0wall at site 2 seems to allow m0n0wall 2 to do DNS lookups with the server at site 1, but I would like to know how this may impact the VPN connection from the clients (workstation) perspective.

Thank you,

Ivan.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines