VPN Client Not Using pfSense DNS Server (10.60.0.252) After Connecting via OpenVPN
-
Hi everyone,
I'm facing a DNS issue with pfSense + OpenVPN.
Setup:
VPN: OpenVPN remote access (SSL/TLS)
DNS Server in LAN: 10.60.0.252 (pfSense itself running DNS Resolver)
DNS Settings in OpenVPN Server:
"Provide a DNS server list to clients" is enabled.DNS Server 1: 10.60.0.252
DNS Server 2: 8.8.8.8
I created some record in pfsense so when dev visit gitlab.xperlean.com it doesnt work
-
@zikou said in VPN Client Not Using pfSense DNS Server (10.60.0.252) After Connecting via OpenVPN:
I created some record in pfsense so when dev visit gitlab.xperlean.com it doesnt work
So connected clients could not resolve that URL?
If you pass 8.8.8.8 to clients they could be using that directly.
Also clients can choose to ignore DNS servers passed to them. That would be a client side setting.
Have you checked what DNS server the clients are actually using? -
@stephenw10
here is the settings in dns resolver
openvpn settings
in my local machine the url work fine but the dev team told it is not working
I tried on my phone (connected to vpn) and the url is not working also
so what is the issue -
The only part of that config that matters in the host override in Unbound. Is that present?
But you need to test from a failing client to see what DNS server it's actually using.
Why are you passing 8.8.8.8 to clients? That will fail to resolve a local host.
-
@stephenw10 I deleted the dns server 2 and now in my phone I can access that url it worked, can you explain to me why it worked after deleting that dns server 2 (those are the configuration I found Im not network engineer, I'm devops)
-
Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.
Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.
