unable to to connect (no dns)
-
I have been using pfsense with a vpn provider using aliases to direct some of the traffic through the vpn while the rest just trough my isp. I recently moved and was forced to obtain a new ISP using DSL instead of Cable. Seemed pretty simple, just change my WAN to WAN/PPOE with the required user name/password info. This works to some extent but I have no internet on my local isp computers, the ones that connect through the VPN work fine. They seem to not be able to resolve DNS, i can hook up a small router in place of my pfsense box and they connect fine. i have been through all the settings i can think of to no avail, any help/suggestions will be greatly appreciated.
-
Well why is dns not working? You have unbound forwarding through your vpn? You have it trying to resolve just from your isp connection?
Out of the box pfsense just resolves - would use your isp connection and talk to roots and down to the authoritative ns to resolve what your looking for.. If you have modified that setup or that is not working - maybe this new isp dicks with dns?
your going to have to give more insight into how you have dns setup, if you want use to help you figure out its not working.
Can pfsense resolving anything using the diag, dns lookup?
-
@johnpoz yes it was able to resolve ebay.com in 24 seconds, and it used my isp dns servers. as far as i can remember i just created a rule to redirect dns to my vpn for the alias that is the computers i wish to be on the vpn. in my rule for "all others not on vpn" under gateway it is showing WAN_DHCP but i don't have a gateway named this anymore, now my gateway is WAN-PPPOE, I am concerned this may be my issue but i don't see that i can edit the gateway name in the rule
-
Well your trying to route traffic out a gateway doesn't exist - not going to work anywhere.. Its normally better to just let normal routing handle choice of gateway, and just policy route out traffic you want out your vpn out your vpn.
-
ok, maybe I have it fixed, MAYBE!, on the rule edit page it was set as "default" but on the rule itself it showed WAN_DHCP so I changed it to WAN_PPPOE, but got no joy. Frustrated, I gave up and went out to tend to my yard, when I came back in, I changed it back to default. Now it has an "*" under gateway, and I am replying from one of the computers "NOT" on the VPN!! so here is the maybe part, I'm a little confused because when I check at "ipleak.net" from my "NOT" on the VPN computer, it shows that my DNS server is from my ISP, but it shows my IP address as if it where coming through the VPN. This may have been like this since I set it up, I only have rules for DNS not DHCP , does this even matter?
-
So are you pointing your clients to your ISP for dns or pfsense?
Pfsense will resolve out of the box, clients point to pfsense for dns. So when you do a dnsleak test it will look like your IP from your wan, or your vpn IP if you have unbound routing out your vpn to look up dns..
Here is how it would look out of the box.
That shows my normal wan IP
Then I set unbound to use only my vpn connection.
Now dns goes through my vpn.. All depends on what you want to do, and what helps you sleep at night... My isp doesn't mess with my dns, I just let unbound through my wan - I don't give two shits if my isp can see my dns and knows I go to amazon.com or pfsense.org ;)
I don't use a vpn, but I do have openvpn running on a vps I have, so I can route traffic through that if I so desire for testing stuff..
-
ok, i'm getting back to this finally. to answer your question the way my system has been working, with my old reliable cable internet, traffic connected to my isp dns through their dhcp server but i had a rule set up so that the alias (which were the computers i wanted on the vpn) to go to my vpn's dns servers.
At any rate the system worked as i described in my last post for about a week, then all went haywire and i had no internet again, so i decided to start fresh. i built a new box from spare parts and installed the latest and greatest pfsense on it. for my internet connection (wan) i selected PPPOE and put my user name and password in. then i configured my CA certificate stuff and went to the open vpn to add a client, on the line labeled "interface" i select wan (my PPPOE connection to the internet) i fill in alllllllll the other things and then when I save, I get a message saying that "An IPv4 protocol was selected, but the selected interface has no IPv4 address" so what am I doing wrong?