How to send DNS Resolver queries over VPN?
-
I've configured the Unbound outgoing interfaces as my VPN interfaces (NordVPN), but when attempting a DNS Lookup in pfSense GUI it times out talking to 127.0.0.1. I've checked I can ping 127.0.0.1 and reach port 53, and the VPN connections work when used as a source for pings, so I'm stumped.
I've also tried adding the VPN addresses to the Unbound ACLs without luck
Do I need to set up NAT or firewall rules?
-
I think I've solved this, but I don't understand why. I have to set the default gateway in Routing to a VPN client for the outgoing interface as VPN to work. Automatic, None, or WAN result in no DNS resolution when only VPN interfaces are selected as outgoing.
Is that intended? It seems like its either a bug, or the outgoing interface should override default gateway.
-
@jackyaz
Possibly you were missing the outbound NAT rule for 127.0.0.0/8 on the VPN interface before setting the default gateway. -
@viragomann said in How to send DNS Resolver queries over VPN?:
@jackyaz
Possibly you were missing the outbound NAT rule for 127.0.0.0/8 on the VPN interface before setting the default gateway.So if I set that NAT rule and set my default gateway to WAN, then it should work?
-
@jackyaz
Not sure. But the NAT rule might be necessary to allow pfSense to communicate with the public world over the VPN.
Maybe setting the VPN as default gateway let pfSense generate it automatically. -
@viragomann said in How to send DNS Resolver queries over VPN?:
@jackyaz
Not sure. But the NAT rule might be necessary to allow pfSense to communicate with the public world over the VPN.
Maybe setting the VPN as default gateway let pfSense generate it automatically.NAT rule didn't help. I have found that more generally, I'm unable to ping anything via the VPN interface in Diagnostics -> Ping. So I'm obviously missing something somewhere.