View Single Post
  #2   (View Single Post)  
Old 18th May 2018
vns3 vns3 is offline
Port Guard
Join Date: Sep 2017
Posts: 23
Default UPDATE

I have it working, it turned out I needed to assign ip addresses (duh!) to the server and the client in iked.conf, which is in the iked.conf man page under the AUTOMATIC KEYRING POLICIES heading:

config option address
    Send one or more optional configuration payloads (CP) to the peer. 
    The configuration option can be one of the following with the expected
    address format:

    address address
        Assign a static address on the internal network.

    address address/prefix
        Assign a dynamic address on the internal network. The address 
        will be assigned from an address pool with the size specified by prefix.

    netmask netmask
        The IPv4 netmask of the internal network.

    name-server address
    The DNS server address within the internal network.

    netbios-server address
    The NetBIOS name server (WINS) within the internal network. This option is provided for
     compatibility with legacy clients.

    dhcp-server address
    The address of an internal DHCP server for further configuration.

    protected-subnet address/prefix
    The address of the protected subnet within the internal network.

    access-server address
    The address of an internal remote access server.
After setting a static address, netmask on both, and a name-server on the client in iked.conf, it was easy to route the DNS traffic through pf.

Are Tea Eff Im
Reply With Quote