DNS Resolution on pfsense box itself via site-to-site VPN

MontanaIce

I am missing a step somewhere.

I have two pfsenses boxes linked via an openvpn gateway - one server box and one client box. I can ping across each other from the networks or from the pfsense boxes. Computers on the networks are getting the correct dns server and domain override is set. I can resolve dns across the vpn from the network computers but I cannot resolve dns from the pfsense box itself.

If I go to diagnostics on the client pfsense box, I can ping across the vpn but I cannot resolve the domain names. Where the heck am I missing the setting to make the pfsense box itself talk to the server's network dns for domain lookup? :)

rogerpre

This happens over IPsec VPN.  I'm not sure if its the same problem over OpenVPN.  But you can try…

See the explanation here:
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

In DNS Resolver settings, you can set the "Outgoing Network Interfaces" to LAN and Localhost, instead of All.

However, if you want other services to be able to work from the router over the VPN, you could add a route instead:

To add this route to pfSense, perform the following configuration:

Navigate to System > Routing on the Gateways tab
Click + to add a gateway
Select LAN for the Interface
Enter the Local LAN IP address in the Gateway (e.g. 192.168.0.1)
Check Disable Gateway Monitoring
Click Save
Click Apply Changes

Navigate to the Static Routes tab
Click +
Enter the remote VPN network in the Destination Network box (e.g. 192.168.1.0/24)
Select the LAN IP Gateway that was created before
Add a Description if desired
Click Save
Click Apply Changes