DNS not working from OPENVPN connected Machine
-
We have a remote Open VPN user connected to the infra.
User is able to ping the remote private IP, when connected to OpenVPN, but not able to acces sthe URL via the local browser.
Which DNS configuration is missing in Pfsense FW ? (The private network have DNS server configured, and there is entry for the host name.)
As the remote user is connected to LAN private networks, via OpenVPN, is there anything i should do configure on WAN or any DNS configurations with the WAN public IP ?
I am confused with DNS resolver and DNS forwarder configurations. Please help me.
Do I need to configure the Host overrides and Domain overrides for the Host IPs and domain under DNS resolver section. Please advise me.
-
@praveen02 said in DNS not working from OPENVPN connected Machine:
The private network have DNS server configured, and there is entry for the host name.
You can provide this DNS server to the VPN clients by entering its IP in the OpenVPN server settings.
Consider that you have also to allow the access by firewall rules if you have restricted the access.
Also you probably need to add the VPN tunnel network to the DNS servers access ACLs. -
@viragomann said in DNS not working from OPENVPN connected Machine:
need to add the VPN tunnel network to the DNS servers access ACLs.
Yeah this is one that is always missed. The automatic ACLs that are created for unbound - I do not believe unless there has been a recent change do not include the tunnel networks you create for the vpn connection. So some client on a tunnel network IP would not have access to unbound via the built in ACLs..
-
- You can provide this DNS server to the VPN clients by entering its IP in the OpenVPN server settings.
Do you mean to push the route - private network (DNS server) on the OpenVPN configurations? (Though I do not have the route (DNS server/Network) pushed on the Open VPN server.)
- Consider that you have also to allow the access by firewall rules if you have restricted the access.
Also you probably need to add the VPN tunnel network to the DNS servers access ACLs.
The rules for Open VPN is allowed for any any.
The Rules for LAN section is also any any allowed.
png) -
@praveen02 not sure what your wanting to say here?
Where have you adjusted the ACLs of unbound to allow for your tunnel network to query it?
Also there is no reason to push those routes through options, when in a road warrior setup you just put in what local networks you have that you want the client to be able to get to in the vpn setup gui.
-
@praveen02 said in DNS not working from OPENVPN connected Machine:
Do you mean to push the route - private network (DNS server) on the OpenVPN configurations? (Though I do not have the route (DNS server/Network) pushed on the Open VPN server.)
Also for this the GUI provides fields where you can state up to four DNS servers to be pushed to the clients.
-
The Local network is added only one LAN network. All the other internal LAN network been added via the push route option. all are reachable via VPN.
In one of the LAN segment I have two URLs with different domain names. The DNS - A record is configured in local winodws DNS server.
Can you help me how to configure ACL for unbound ?
Im able to ping the IP address of the host from Open VPN connection, but not able to access the URLs from the openvPN.
The model network diagram is attached. Please guide.
-
@praveen02 said in DNS not working from OPENVPN connected Machine:
The DNS - A record is configured in local winodws DNS server.
Well if your pointing your dns to windows - that has nothing to do with unbound.
Where do you point your vpn clients for dns - if its unbound, you need to allow for their vpn IPs in your acls..
If your pointing them to windows dns - then you need to make sure your windows box allows them to query, possible windows firewall issue and the vpn IPs.
unbound acls can be created here
