Only first connected user got DNS domain resolution.

Pippin

Look at "DNS Server enable" and "WINS server enable", those are tunnel IPs.
I doubt there is a DNS/WINS server listening on that address.

The following addresses are not usable in topology subnet:
192.168.100.0
192.168.100.1
192.168.100.254
192.168.100.255

*Edit to be more accurate.

Gertjan

This :
@Pippin said in Only first connected user got DNS domain resolution.:

https://www.youtube.com/watch?v=PtZxuC9IyTg
192.168.100.254
192.168.100.1

are valid addresses.
pfSense is delivered with a 192.168.1.1 on it's LAN.

"WINS" servers still exists these days ?

szneo

Thanks for the answers.

I'm attaching the rules for firewall view.

Please let me know if its needed more information.

Wan
ovpn wan.png

Lan
ovpn lan.png

Openvpn Tab
ovpn tab.png

Gertjan

Your OpenVPN firewall rule looks fine.
33,86 MB of traffic passed by : ok.

It's time to make this :

readable.

KOM

@Gertjan It must be your settings because his updated images look good to me. I can read every line, and I have pretty thick glasses.

szneo

Thanks for your comments again.

Ive just edited images at full image size, hope it works this time.

Pippin

Images look fine here too.

@Gertjan said in Only first connected user got DNS domain resolution.:

This :
@Pippin said in Only first connected user got DNS domain resolution.:

https://www.youtube.com/watch?v=PtZxuC9IyTg
192.168.100.254
192.168.100.1

are valid addresses.
pfSense is delivered with a 192.168.1.1 on it's LAN.

"WINS" servers still exists these days ?

It won't work...
.0 is the tunnel network designation
.1 is the servers tunnel IP
.254 is OpenVPNs internal DHCP server
.255 is broadcast
Leaving 252 addresses for clients.

There is an exception though. The servers tunnel IP could be used to point to a service if that service is running on the OpenVPN host.
Pointing to a service is typically not done on tunnel addresses.

szneo

@Pippin said in Only first connected user got DNS domain resolution.:

It won't work...
.0 is the tunnel network designation
.1 is the servers tunnel IP
.254 is OpenVPNs internal DHCP server
.255 is broadcast
Leaving 252 addresses for clients.

192.168.100.254 it's the pfsense gateway and we put the " IPv4 Tunnel Network " as 192.168.100.0/24 for supposedly new openvpn clients get an IP from the same Pfsense LAN ( 192.168.100.0/24 ).

Thanks for your comments.

Pippin

That's not how it works.

Your tunnel network cannot be your LAN network...case of conflicting subnets.

szneo

@Pippin said in Only first connected user got DNS domain resolution.:

That's not how it works.

Your tunnel network cannot be your LAN network...case of conflicting subnets.

@Pippin thanks for the clarification. Could you confirm to me if, after changing the ' Virtual Tunnel Network ' to anything else ( ie: 10.0.8.0/24 ), will be needed to add any rule to firewall/openvpn in order to that change work ?.

Regards,

Pippin

All rules related to the virtual tunnel network.

szneo

@Pippin said in Only first connected user got DNS domain resolution.:

All rules related to the virtual tunnel network.

@Pippin really appreciate all comments. Works great now. As you mention, the error were putting the LAN network as the Virtual Network. Now, all clients connects, resolve domains and ping lan ips : ).

Thank u all for the time.

Regards,

Pippin

Glad you got it working.