Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolution for OpenVPN cleints

    Scheduled Pinned Locked Moved General pfSense Questions
    16 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak
      last edited by

      Hello all

      Trying to clarify some settings related to my DNS server and OpenVPN clients

      I see in information my DNS as:

      DNS server(s)
      127.0.0.1
      8.8.4.4
      156.154.71.1
      129.250.35.251

      My OpenVPN client log shows:

      2017-06-18 09:41:24 OPTIONS:
      0 [route] [192.168.90.1] [255.255.255.0]
      1 [redirect-gateway] [def1]
      2 [route-gateway] [192.168.2.1]
      3 [topology] [subnet]
      4 [ping] [10]
      5 [ping-restart] [60]
      6 [ifconfig] [192.168.2.3] [255.255.255.0]

      I'd like OpenVPN clients be able to resolve hosts by name, but not sure how to make it happen

      Thx in advance!

      1 Reply Last reply Reply Quote 0
      • GentleJoeG
        GentleJoe
        last edited by

        In the OpenVPN setting enable 'DNS Server enable'.

        Verify DNS1 is your own local server.

        1 Reply Last reply Reply Quote 0
        • chudakC
          chudak
          last edited by

          i tried that so far with no luck :(

          my Subnet 192.168.90.0

          i enabled in VPN-OpenVPN-Servers - "DNS Server enable" "Provide a DNS server list to clients" and added "DNS Server 1" 192.168.90.1

          looks ok?

          1 Reply Last reply Reply Quote 0
          • GentleJoeG
            GentleJoe
            last edited by

            I have this enabled too: Redirect Gateway - Force all client generated traffic through the tunnel.
            See if that changes it for you.

            Plus this setting, Force DNS cache update.

            1 Reply Last reply Reply Quote 0
            • chudakC
              chudak
              last edited by

              i had "Redirect Gateway Force all client generated traffic through the tunnel." enabled
              and enabled "Force DNS cache update" and no love still

              1 Reply Last reply Reply Quote 0
              • GentleJoeG
                GentleJoe
                last edited by

                Are you accessing the hostname with the FQDN like printer.mydomain.com ?

                1 Reply Last reply Reply Quote 0
                • chudakC
                  chudak
                  last edited by

                  @Gentle:

                  Are you accessing the hostname with the FQDN like printer.mydomain.com ?

                  i do now!!!!

                  seems working, thx a million !

                  1 Reply Last reply Reply Quote 0
                  • GentleJoeG
                    GentleJoe
                    last edited by

                    Great ! :)

                    chudakC 1 Reply Last reply Reply Quote 0
                    • chudakC
                      chudak @GentleJoe
                      last edited by

                      @GentleJoe

                      Had to dig out this old post, but it's exactly the same issue, so hope can be resolved ...

                      I made a copy of my existing OpenVPN server and added a second one.
                      All same settings. But no matter what I do I can't get host names DNS resolutions on the second server !

                      Wonder WTH and how to troubleshoot it ?

                      chudakC 1 Reply Last reply Reply Quote 0
                      • chudakC
                        chudak @chudak
                        last edited by

                        Either I missing something or it's a bug in VPN sever setup

                        What else has to be set in order to pass host names to a VPN client?

                        0b6f990f-e64f-47ec-9c9e-a7f666e72666-image.png

                        Looking for experts...

                        1 Reply Last reply Reply Quote 0
                        • dotdashD
                          dotdash
                          last edited by

                          It's always worked for me with just the domain and the DNS servers specified. (No force cache update checked). What does ipconfig /all show on the TAP adapter client side?

                          chudakC 1 Reply Last reply Reply Quote 0
                          • chudakC
                            chudak @dotdash
                            last edited by

                            @dotdash

                            I’m on iPhone OpenVPN client
                            Shows my tun ip

                            dotdashD 1 Reply Last reply Reply Quote 0
                            • dotdashD
                              dotdash @chudak
                              last edited by dotdash

                              @chudak said in DNS resolution for OpenVPN cleints:

                              I’m on iPhone OpenVPN client

                              Sorry, I've got nothing for that. I've only had to deal with the name resolution on Windows and Android devices.
                              Edit- the OpenVPN connect client (at least on Android) shows the domain and dns pulled in the connect log.

                              1 Reply Last reply Reply Quote 0
                              • chudakC
                                chudak
                                last edited by

                                I think it would not matter what client.

                                In my case this is how I test. Connect to cellular network on iPhone, connect to VPN and ping host by name. And my 1st server works as expected, but the new server does not !!!

                                dotdashD 1 Reply Last reply Reply Quote 0
                                • dotdashD
                                  dotdash @chudak
                                  last edited by

                                  @chudak said in DNS resolution for OpenVPN cleints:

                                  my 1st server works as expected, but the new server does not !!!

                                  This would seem to indicate a problem with the new server on the DNS server. If you're testing from the phone, maybe get an app that does nslookup or dig.

                                  1 Reply Last reply Reply Quote 0
                                  • chudakC
                                    chudak
                                    last edited by

                                    Well after lots of testing and trying here is why.

                                    I had DNS Resolver options checked for:

                                    'Enable Forwarding Mode'
                                    'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers'

                                    Un-checking them and checking back fixed the problem!

                                    I suspect that reboot will help as well, but I not very often reboot my router.

                                    Hope maybe beneficial to somebody else.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.