Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot resolve locally hosted tld's when connected to Openvpn

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 358 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eskimoroll345
      last edited by

      Hello all, newish pfsense user here.

      Openvpn clients sometimes cannot resolve full tld's which are hosted locally.

      192.168.20.0/24 = dmz

      192.168.30.0/24 and 192.168.4.0/24 = vpn & lan

      10.0.10.0/24 = tunnel/user network

      When we connect to the VPN, we get access to 192.168.20.0/24, 192.168.30.0/24 and 192.168.4.0/24

      Also, when connected, we can ping/navigate to domains on the web...but we cannot resolve domains that are hosted locally. For example, our smtp server (192.168.20.xxx) is hosted locally but is not resolveable with (...say) mail.example.com (which is properly natted). When I am connected to the vpn, Thunderbird cannot resolve 'mail.example.com'. I need to disconnect in order for that to happen. Oddly though, I can ping 'mail.example.com' fine when connected.

      In the VPN config, I have listed 4 DNS servers:

      1. Pfsense
      2. My ISP's DNS server
      3. 8.8.8.8
      4. 8.8.4.4

      This part seems to work because, when I am connected, I can see the 4 DNS servers 'pushed' to me with the 'nmcli' command.

      Lastly, a 'dig' command (when connected) on any of the above DNS servers resolves 'mail.example.com' to the proper IP.

      I am not sure how to debug this any further rn...any ideas?

      Thanks

      1 Reply Last reply Reply Quote 0
      • E Offline
        eskimoroll345
        last edited by

        Enabling NAT Reflection fixed my issue.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.