Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN and DNS - not resolving internal names

    DHCP and DNS
    1
    2
    998
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eddi1984 last edited by

      Hi folks,

      I have the following setup and working:

      Pfsense 2.3.4 with DNS and DHCP working. I also have openvpn setup and its working (somewhat). When I am local in my LAN, I can resolve internal names, for example nas.example.net.
      When I use openvpn, I tunnel all internet traffic thru the tunnel. When I go to google.com, it resolves and works just fine. When I enter an IP address of my NAS into the browser like 192.168.1.50, I can get the NAS web interface no problem. However, when I enter nas.example.com when using the vpn tunnel, it does not get resolved.

      The DNS Resolver has the proper Access List entered, and I permit the VPN tunnel subnet to access the DNS resolver (local LAN is 192.168.1.0/24; VPN is 192.168.4.0/24).

      I have static DHCP and DHCP Reg. checked. In Host Overrides, I have entered the proper info (its working fine from internal LAN).

      So basically everything is working find and as it should from local LAN, browsing the internet and accessing local servers and sites via IP over the tunnel works fine, just using DNS names over the tunnel for internal servers and sites, does not work.

      Any ideas?

      Thanks.

      Eddi

      1 Reply Last reply Reply Quote 0
      • E
        eddi1984 last edited by

        Doing some more digging and found this issue:

        On a remote PC (client), the Win7 Pro install gets a domain from an AD. So the PC has mycompany.com as domain name. I have OpenVPN installed, and as I said in my first post, everything is working fine, besides resolving names as entered in Host Overrides.

        When I do "nslookup -d nas.example.net", these are are the details I get:

        
        C:\Users\eduard>nslookup -d nas.example.net
        ------------
        Got answer:
            HEADER:
                opcode = QUERY, id = 1, rcode = NOERROR
                header flags:  response, auth. answer, want recursion, recursion avail.
                questions = 1,  answers = 1,  authority records = 0,  additional = 0
        
            QUESTIONS:
                1.1.168.192.in-addr.arpa, type = PTR, class = IN
            ANSWERS:
            ->  1.1.168.192.in-addr.arpa
                name = pfsense.example.net
                ttl = 3600 (1 hour)
        
        ------------
        Server:  pfsense.example.net
        Address:  192.168.1.1
        
        ------------
        Got answer:
            HEADER:
                opcode = QUERY, id = 2, rcode = NXDOMAIN
                header flags:  response, want recursion, recursion avail.
                questions = 1,  answers = 0,  authority records = 1,  additional = 0
        
            QUESTIONS:
                nas.example.net.mycompany.com, type = A, class = IN
            AUTHORITY RECORDS:
            ->  (root)
                ttl = 3396 (56 mins 36 secs)
                primary name server = a.root-servers.net
                responsible mail addr = nstld.verisign-grs.com
                serial  = 2017051701
                refresh = 1800 (30 mins)
                retry   = 900 (15 mins)
                expire  = 604800 (7 days)
                default TTL = 86400 (1 day)
        
        

        So what is happening, is, that windows will append example.com, to the internal FQDN that I am trying to reach, in this case nas.example.net.mycompany.com, but it should just be nas.example.net.

        When I do a DNS leak test, it all clears and nothing is leaked, so the remote DNS server does not see my DNS queries …

        Hope this makes sense.

        Am I missing something, or why is this not working?

        Cheers.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy