BO VPN works fine except for DNS queries in one direction only
we've succesfully created a BO IPSEC VPN tunnel between our M370 and a remote pfSense. Everything works fine and it works so well we use it in production without any issues.
Site A: 192.168.2.0/24 with Firebox M370
Site B: 192.168.3.0/24 with pfSense
The only thing I'm banging my head into since I've discovered it is that the queries from a workstation in site B (e.g. 192.168.3.3) to a DNS server in site A (192.168.2.3) just go timeout.
I've used a mix of tools to understand the following:
1. the DNS packets are correctly received from pfsense
2. pfSense allow the packets in its firewall rules
3. the packets are routed through the VPN
4. using tcpdump on the Firebox I see the packets being correctly received:
Here comes the funny: even if (in the Firebox) I've created a very raw policy on top of all the others to allow the DNS protocol from ANY to ANY and I've enable the logging for that, I can't see any trace of the packets in the Traffic Monitor. I've monitored the packets on the DNS server using Wireshark and there's no trace of those incoming packets. I've disabled the internal Windows firewall.
It looks like the dns packets just die in the Firebox, but if they were marked as unhandled I should see the in the Traffic Monitor, shouldn't I?