Answer the question
In order to leave comments, you need to log in
Q
Q
qRoC2016-05-31 16:55:16
qRoC, 2016-05-31 16:55:16
How to set the first DNS server issued by DHCP on OS X?
There is a server on which there is strongswan, bind9, isc-dhcp-server.
/etc/ipsec.conf
config setup
conn %default
dpdaction=clear
dpddelay=35s
dpdtimeout=2000s
keyexchange=ikev2
auto=add
rekey=no
reauth=no
fragmentation=yes
#
left=%any
leftsubnet=10.10.10.0/24
leftcert=vpn.site.com.crt
leftsendcert=always
#
right=%any
rightsourceip=%dhcp
eap_identity=%identity
conn ikev2-mschapv2
rightauth=eap-mschapv2
conn ikev2-mschapv2-apple
rightauth=eap-mschapv2
leftid=vpn.site.com/etc/strongswan.d/charon/dhcp.conf:
dhcp {
force_server_address = yes
interface = vmbr1
load = yes
server = 10.10.10.255
}The problem is that when connecting to a VPN, the DNS server issued by DHCP becomes the second one:
$ scutil --dns
NS configuration (for scoped queries)
resolver #1
nameserver[0] : 192.168.1.1
if_index : 4 (en0)
flags : Scoped, Request A records
Reachable, Directly Reachable Address
resolver #2
nameserver[0] : 10.10.10.1
if_index : 12 (ipsec0)
flags : Scoped, Request A records
Reachable, Transient Connection, Connection Required, Automatic Connection On Demandresolver #1 - taken from the first connection (Wi-Fi).
You cannot drag a VPN connection in the network settings.
Is it possible to make it so that it would become the first, or even be the only one?
2 answer(s)
@Bobson8
V
Vladimir Kuzin, 2016-05-31 @Bobson8
I can suggest swapping left and right in the config like this:
#
right=%any
leftsubnet=10.10.10.0/24
leftcert=vpn.site.com.crt
leftsendcert=always
#
left=%any
rightsourceip=%dhcp
eap_identity=%identity
Kakbe it is a crutch, even rather an experiment with the config.
Or look in the bind settings for what's with the redirectors, set the one you need, maybe it will work.
Similar questions
T
V
M
E
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question