Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS through OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrisburger
      last edited by

      I Have setup an site to site OpenVPN tunnel using PFsense between 3 sites.

      Site 1
      OpenVPN Server
      IP: 192.168.100.1
      Tunnel: 10.0.10.0/24 and 10.0.11.0/24 for server connection for each client applicance.
      OpenVPN on firewall rules are open to any
      Wan firewall rule is open to openVPN 1194 and 1195

      Site 2
      VPN Client
      IP: 192.168.110.1
      Remote network: 192.168.100.0/24
      OpenVPN on firewall rules are open to any

      Site3
      OpenVPN Client
      IP: 192.168.120.1
      Remote network: 192.168.100.0/24
      OpenVPN on firewall rules are open to any

      Each appliance on the client side acts as a DHCP and DNS server as default settings permit.
      I have the VPNs up and running and ping the PCs IP I need to connect to on the VPN server’s local subnet from PCs on both client networks. I Cannot resolve the hostname of the PC on the server network though. I actually only need to be able to connect to one specific PC since the accounting software package installed on it needs DNS resolution to activate over the network.

      I have been through countless forums but to no avail. I can’t get my head around the forwarding. I have tried the DNS forwarding method in this article http://meandmymac.net/2014/08/pfsense-ipsec-site-to-site-with-dns-resolving/ but still get no resolution.
      Can anybody help me step by step to possibly resolve “no pun intended” this issue?
      Also tried disabling the Windows firewall on the target PC.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        What I have done in the past is to create a domain for each site within pfSense and reference them in the DNS forwarders of each box using DHCP.

        (1) "System->General Setup->Domain", create "site1" in 192.168.100.1 "site2" in 192.168.110.1, etc.
        (2) "Services->DNS Forwarder" Enable "DHCP Registration" and "Static DHCP".
        (3) "Services->DNS Forwarder" Make an entry under "Domain Overrides" for each domain created in (1).
              For 192.168.100.1 ("site1") to access 192.168.110.1 (site2):
              Domain:site2
              IP address:192.168.110.1
              Source IP:192.168.100.1
              For 192.168.100.1 ("site1") to access 192.168.120.1 (site3):
              Domain:site3
              IP address:192.168.120.1
              Source IP:192.168.100.1
        (4) Repeat the steps in (3) on the other two boxes referring the appropriate domains to the IP of the pfSense box "hosting" the domain.

        Now any entry managed by DHCP in one box can be referenced in another

        "bobpc" -> 192.168.100.5
        "jeffpc" -> 192.168.110.7
        "georgepc" -> 192.168.120.8

        You can reference "jeffpc.site2",  "georgepc.site3", "bobpc.site1" from any other site (or locally).

        It's not a perfect solution, but I find it works well in many situations.

        -jfp

        1 Reply Last reply Reply Quote 0
        • C
          chrisburger
          last edited by

          Thanks for the quick reply. I will give it a go today. I did notice though from a previous tinkering session that DNS forwarding is not enabled by default but DNS Resolving is. When I tried to enable DNS Forwarding it complains that the port is already in use and I should either use a different port or Disable Resolver. Should I go ahead and disable DNS Resolution on all appliances or only on the client appliances to make your solution work? If so, having two OpenVPN client appliances, how do I setup the OpenVPN server appliance to forward to both clients? Or am I going around this the wrong way?

          Regards

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            pfSense 2.2.x added the DNS resolver (Unbound) as an alternate DNS service to the original DNS forwarder.
            The resolver is definitely a more full featured DNS provider for pfSense and is now the default for new installs.

            Most of my systems are upgrades from older versions of pfSense so they typically use DNS forwarder, which is "simpler" but still adequate for my needs.
            You setup one or the other to work with your systems.

            As far as the solution I suggested, you can follow the same steps, just do the "Services->DNS Forwarder" pieces in "Services->DNS Resolver" instead.
            I would suggest you keep the Resolver as is and simply add the changes I suggested.

            You could mix and match the Forwarder vs Resolver across different sites, but there's little advantage and much confusion to be had going that route.

            As I said earlier, pick one or the other and configure as necessary.

            -jfp

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.