VPN Client Not Using Configured DNS Server with Split Tunneling

[dgcas2024]

I have setup VPN server using setup-ipsec-vpn with the following command:

sudo VPN_DNS_SRV1=a.b.c.d sh vpn.sh

I have also configured Split Tunneling as follows: leftsubnet=a.b.c.d/32 However, when the VPN is enabled on the client, it does not use the DNS server a.b.c.d.

Additional Information:

• VPN server and DNS server are on the same machine (a.b.c.d)
• The goal is for the VPN client to use the specified DNS server without changing its IP address.

[hwdsl2]

@dgcas2024 Hello! For your use case, it looks like you are using split tunneling by setting leftsubnet to a single IP address in the format a.b.c.d/32, and you want VPN clients to use the same IP for the DNS server.

Check that the following parameters are set to your desired DNS server a.b.c.d:

1. modecfgdns in /etc/ipsec.d/ikev2.conf (for IKEv2 mode),
2. ms-dns in /etc/ppp/options.xl2tpd (for IPsec/L2TP mode), and
3. modecfgdns in /etc/ipsec.conf (for IPsec/XAuth mode).

Run sudo service ipsec restart and sudo service xl2tpd restart when finished, then re-connect the VPN client.

If the VPN client still does not use the configured DNS server, it may be a limitation of split tunneling, either on the VPN client side or with Libreswan. In that case, I would suggest that you look into alternative methods to achieve your goal, for example, by setting the DNS server directly on the VPN client, without using the VPN.