Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Connection Intermittently Causing DNS Failure

    OpenVPN
    3
    8
    597
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      panzerscope
      last edited by panzerscope

      Hello all,

      Hopefully you can help my diagnose a DNS issues I am having which is seemingly related to my VPN connection. Hopefully posted in the right section, was not sure whether it should live in DNS or OpenVPN section, so I took a gamble.

      I currently have a split setup, with respects to only select LAN clients going out over the internet via the VPN while others go over the WAN. What I have noticed is that intermittently my internet will fail with respects to DNS resolution, no particular timing to it, but it is definitely related to the VPN connected. If I disconnect the VPN, DNS resolution will start to work again. Sometimes when I reconnect the VPN, it will behave for a few days before causing DNS issues again, or it can happen immediately once connected.

      When checking the logs, at the time that DNS starts becoming an issue I get the below, so I am within reason, confident it is related to this event.

      74d363c8-ce05-4d03-a46b-4fb5a0b94321-image.png

      Perhaps it is related to the "dyndns" entry ?

      I have the VPN configured to NOT pull DNS servers in VPN>OpenVPN>Clients and I have DNS forwarding enabled in Services>DNS Resolver>General Settings to ensure that all clients looking for DNS (which includes OpenVPN) to be directed to the DNS servers as configured in System>General Setup Screenshots as below referencing my configuration.

      6da5536b-7ca9-409f-9620-cac0c8930a6d-image.png

      e8651e73-d080-4d4a-9f70-d44b2cd6ed19-image.png

      df8c241a-c29d-4c24-b3c1-b216cc35549a-image.png

      While I would imagine this is not relevant, I have the below Firewall rules for the VPN.

      Floating Rule - VPN Killswitch

      7a1fb505-f558-4772-ae03-c5b981d73e08-image.png

      LAN Rules - One rule for directing specific LAN Alias over VPN, the other to direct all other LAN traffic over WAN.

      c48c4e43-a72e-4f56-b1ec-aabaf26fbd98-image.png

      DNS Rule

      Lastly, in my Firewall rules I have following rule for DNS, I will be honest, I am not sure if this should even exist/required. I have not tested disabling it yet to see if it resolves my issues. Comments welcome

      d09b9fea-058b-4bb7-9410-ae9ea17cb8ac-image.png

      Let me know if any further information is required.

      Many thanks in advance,
      P

      E GertjanG 2 Replies Last reply Reply Quote 0
      • E
        elegantd @panzerscope
        last edited by

        @panzerscope
        Sorry I can not help. I think I am having a problem similar to yours.

        NordVPN goin up and down is screwing up DNS Resolver.

        https://forum.netgate.com/topic/187260/nordvpn-goin-up-and-down-is-screwing-up-dns-resolver

        P 1 Reply Last reply Reply Quote 1
        • GertjanG
          Gertjan @panzerscope
          last edited by Gertjan

          @panzerscope

          f7da46dd-7e5e-4862-ac8c-54d88773efba-image.png

          DNNSEC is only useful when resolving.
          If forwarding, what you do, disable DNSSEC.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 1
          • P
            panzerscope @elegantd
            last edited by

            @elegantd said in VPN Connection Intermittently Causing DNS Failure:

            @panzerscope
            Sorry I can not help. I think I am having a problem similar to yours.

            NordVPN goin up and down is screwing up DNS Resolver.

            https://forum.netgate.com/topic/187260/nordvpn-goin-up-and-down-is-screwing-up-dns-resolver

            Yeah it seems to be a common issue, I will check out your topic as well.

            @Gertjan said in VPN Connection Intermittently Causing DNS Failure:

            @panzerscope

            f7da46dd-7e5e-4862-ac8c-54d88773efba-image.png

            DNNSEC is only useful when resolving.
            If forwarding, what you do, disable DNSSEC.

            Thanks for that. Since my original post I had already disabled DNSSEC and I also set it so that my outgoing DNS requests only go out over WAN and enabled "Strict Outgoing Network Interface binding"

            c814c729-9f93-4d1b-83ce-fe26fad44487-image.png

            I was trying these settings as it was mentioned in another similar topic here: https://forum.netgate.com/topic/186580/dns-suddenly-broken-on-some-vlans?_=1712323517348

            Unfortunately I do not think it has resolved my issue as I can see that I cannot access my home network remotely, so looks like I still have the issue :(

            1 Reply Last reply Reply Quote 0
            • E
              elegantd
              last edited by

              When you say DNS is down do you also mean the firewall itself can not resolve a hostname? Have you tried going into Diagnostics->DNS Lookup and see what is reporting back?

              1 Reply Last reply Reply Quote 0
              • E
                elegantd
                last edited by

                If you have this set like this

                4d1b571c-bb71-4db7-9c3d-6f89ec4f1c7d-image.png

                The firewall should always be able to reach to dns server because it will fallback to what your ISP provides.

                I am using both an OpenVPn server a two clients NordVPn and Surfshark. Other than the SNort problem I had. I do not have any problems with dns. I will show you what I have maybe that will help you.
                OpenVPN Server settings
                f4a10ea3-08e6-43c9-96ea-94a587f23454-image.png

                DNS resolver settings

                d26781c0-5d43-4c5e-ad9e-3c6e868a82fc-image.png

                1 Reply Last reply Reply Quote 1
                • E
                  elegantd
                  last edited by

                  Sorry had the wrong picture for OPenvpn server settings.

                  a710e000-6b0d-4645-b5c1-0605a333f4e4-image.png

                  P 1 Reply Last reply Reply Quote 1
                  • P
                    panzerscope @elegantd
                    last edited by

                    @elegantd said in VPN Connection Intermittently Causing DNS Failure:

                    Sorry had the wrong picture for OPenvpn server settings.

                    a710e000-6b0d-4645-b5c1-0605a333f4e4-image.png

                    Thanks for the information. I managed to solve the issue (been ok now for a fair few days) by restricting outgoing DNS requests over my WAN interface only. It is worth noting that I am using an OpenVPN client on PfSense, not a server.

                    Since having DNS go over WAN only, I have not had any hiccups. This is with the resolver forwarding DNS requests directly to remote DNS.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post