Setting up PfSense with OpenDNS and Windows server

mgodinez

Hi everyone,
I am still learning on how to configure PfSense and I am trying to setup PfSense 2.4.4 with OpenDNS for web filtering BUT in an environment that already uses Windows server 2008 R2 that has already DHCP and DNS in it.

Does anyone know of such tutorial on how to add PfSense and OpenDNS to the current system? Windows server will be handling all DHCP/DNS.

I have been searching around and I can't seem to find any help on setting up both(PfSense and OpenDNS ) into the Windows server environment. Hopefully someone can point me to the right tutorial?

Thank you in advance!

Regards

Manny G.

bmeeks

This is very simple. Turn on "forwarding" for your Windows 2008 R2 server's DNS service and put the IP addresses of the OpenDNS servers in for the forwarding address. This will cause the Windows DNS server to forward all IP and domain lookups that it is not "authorative" for to the OpenDNS servers.

On your pfSense firewall, I would disable the resolver and enable the forwarder and point pfSense to your Windows 2008 R2 server. This way pfSense can easily do reverse lookups on LAN clients. You could also use overrides within the pfSense forwarder's configuration, but to me it is simpler to just point pfSense to your Windows DNS server.

Make sure all of your clients are configured to use the Windows DNS server. I assume they already are.

mgodinez

Thank you bmeeks, I really appreciate your help, just wondering on the configuration of the DNS forwarder... What settings should I enable or disable and what fields should I fill with what( e.g. "DNS Query Forwarding" and "Interfaces", etc.) ??

Thank you again.

Regards

Manny G.

bmeeks

On pfSense, just go to SYSTEM > GENERAL SETUP and put the IP address of your Windows 2008 R2 server in the DNS Servers box. Leave the default gateway selection set to "none". Be sure the DNS Server Override checkbox immediately below is unchecked.

Now go to SERVICES > DNS RESOLVER and disable it by unchecking the Enable checkbox. Save the change.

Go to the SERVICES > DNS FORWARDER screen and enable the forwarder by checking the Enable checkbox. Save the change.

Sometimes when testing things on my virtual machines I have to reboot pfSense to get all these changes to happen properly. Your mileage may vary with a live firewall. Should work without a reboot, though.

mgodinez

Thanks again bmeeks, just the way I understand, step by step. Awesome!

Hopefully that will do the trick, also, one more question, can OpenVPN be added to this setup? Since PfSense doesn't handle the DHCP/DNS I was wondering if that is even possible....

Thank you again for your help!

Regards,

Manny G.

bmeeks

@mgodinez said in Setting up PfSense with OpenDNS and Windows server:

Thanks again bmeeks, just the way I understand, step by step. Awesome!

Hopefully that will do the trick, also, one more question, can OpenVPN be added to this setup? Since PfSense doesn't handle the DHCP/DNS I was wondering if that is even possible....

Thank you again for your help!

Regards,

Manny G.

Not sure I understand your question fully. You can simply point your VPN clients to your Windows server for DNS/DHCP services.

mgodinez

Yes, I would like to install on PfSense the OpenVPN service there too in the future, since the PfSense is only a transparent firewall, I was just wondering if it was possible since Windows server does all the DHCP/DNS - I am still a newbie on this :)
Do you know of a good and understandable book for PfSense? And up to date also :)

Regards

Manny G.

bmeeks

Here is the official documentation site: https://docs.netgate.com/pfsense/en/latest/. And here is a link to the pfSense Book (or more like the pfSense Bible): https://docs.netgate.com/pfsense/en/latest/book/. You should find everything you need in these two links.

mgodinez

Thank you bmeeks!

Regards,

Manny G.