OpenVPN works but no local DNS
-
Same here.
It seems the set DNS Server is only used for the set domain name.
In my case it‘s home and everything ending with .home is resolved and available in my OpenVPN Split Tunnel. But other name resolution seems to happen with any other DNS Server (unknown). -
Had same issue. Unticked: "Provide a DNS server list to clients. Addresses may be IPv4 or IPv6."
Fixed :)
-
@john_galt said in OpenVPN works but no local DNS:
I can now get local DNS over OpenVPN but I don't know why. I would like to if anyone can explain.
In Services > DNS Resolver > General Settings I changed the Network Interfaces from "All" to selecting all the interfaces and saving.
I've spent a lot of time trying to figure this out and really would like to understand why one setting
doesn't work but the other does when essentially they are both the same?Thanks,
Doug
// Edit//
Here's the forum thread that gave me this fix.
Actually I had an issue using another router behind a PFsense, with full functionalities. I just wanted to have a separeted network without using VLAN and I wanted to preserve the reserved IP addresses, long sotry... Anyway, I couldn't figure out why on earth I can't get the clients behind the second router to properly resolve DNS. I used the same trick as you selecting every interface by hand rather than using the "ALL" option. IT SOLVED finally my issue. I definitely think there is a glitch somewhere.
-
@soutruth how on earth did that go ok for you? What dns is your client using then?
Other than that, I am having the same issue and am trying to solve it.
the problem for me is that I am not even trying to user pfblockerng, only use the local acl to access local assets. -
I made an account here just to say that this resolved my issue as well. I am running pfSense 2.5.2-RELEASE (amd64) and I could connect to VPN without any trouble but any local DNS wouldn't work to the site I was connected to. Once I removed the DNS Resolver from "All" to manually choosing all of the IPv4 interfaces on the "Network Interfaces" and "Outgoing Network Interfaces" within the DNS Resolver, it just started to work as I would expect.
Maybe there is a bug or something there.
Thanks for listening - hope this can help improve pfSense!
-
@john_galt This also worked for me. Very strange.
-
@johnpoz can confirm the same issue here. Once I changed the Network Interfaces from "All" to selecting all the interfaces and saving, presto! Working.
Time for a bug report I guess.
-
@john_galt Works for me, too. Very strange. (I did find that I had to log out of the VPN and log back in, to see the effect of the changes. And I selected all the devices, except “All”, for just Network Interfaces.)
-
@fadushin very strange.
-
@zoltrix Were you able to submit a bug report? I tried but redmine won’t let me log in, depsite password resets.
-
@fadushin I've moved on to using ZeroTier, so not so much of a concern for me now...
-
@zoltrix I submitted Issue 13041, but it appears that the issue is actually due to the DNS resolver (
unbound) not getting updated when an OpenVPN entry is added (See Issue 12991).I was able to revert Network Interfaces back to "All", and internal DNS resolution is working.
So for anyone out there experiencing this issue, simply try to restart the DNS resolver, and see if that works.
-
Still present. Thanks for the above info. It helped me to resolve the DNS issue.
-
@nrgia bit of a shame hey...
-
I just spent hours beating my head on the wall with the same exact symptoms. Could connect everything was configured right but DNS would time out!
Turned out it was a firewall rule under OpenVPN from the guide I had followed when I manually setup the server. The rule was only allowing TCP traffic from my OpenVPN subnet....
Changing the rule to allow any protocol to any source and any destination has fixed it!
Found the info here --> https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/firewall-rules.html
-
@fadushin +1
-
M madbrain referenced this topic on Apr 14, 2023, 2:52 AM