Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS resolution for OpenVPN cleints

    General pfSense Questions
    3
    16
    816
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudak
      chudak last edited by

      Hello all

      Trying to clarify some settings related to my DNS server and OpenVPN clients

      I see in information my DNS as:

      DNS server(s)
      127.0.0.1
      8.8.4.4
      156.154.71.1
      129.250.35.251

      My OpenVPN client log shows:

      2017-06-18 09:41:24 OPTIONS:
      0 [route] [192.168.90.1] [255.255.255.0]
      1 [redirect-gateway] [def1]
      2 [route-gateway] [192.168.2.1]
      3 [topology] [subnet]
      4 [ping] [10]
      5 [ping-restart] [60]
      6 [ifconfig] [192.168.2.3] [255.255.255.0]

      I'd like OpenVPN clients be able to resolve hosts by name, but not sure how to make it happen

      Thx in advance!

      1 Reply Last reply Reply Quote 0
      • GentleJoe
        GentleJoe last edited by

        In the OpenVPN setting enable 'DNS Server enable'.

        Verify DNS1 is your own local server.

        1 Reply Last reply Reply Quote 0
        • chudak
          chudak last edited by

          i tried that so far with no luck :(

          my Subnet 192.168.90.0

          i enabled in VPN-OpenVPN-Servers - "DNS Server enable" "Provide a DNS server list to clients" and added "DNS Server 1" 192.168.90.1

          looks ok?

          1 Reply Last reply Reply Quote 0
          • GentleJoe
            GentleJoe last edited by

            I have this enabled too: Redirect Gateway - Force all client generated traffic through the tunnel.
            See if that changes it for you.

            Plus this setting, Force DNS cache update.

            1 Reply Last reply Reply Quote 0
            • chudak
              chudak last edited by

              i had "Redirect Gateway Force all client generated traffic through the tunnel." enabled
              and enabled "Force DNS cache update" and no love still

              1 Reply Last reply Reply Quote 0
              • GentleJoe
                GentleJoe last edited by

                Are you accessing the hostname with the FQDN like printer.mydomain.com ?

                1 Reply Last reply Reply Quote 0
                • chudak
                  chudak last edited by

                  @Gentle:

                  Are you accessing the hostname with the FQDN like printer.mydomain.com ?

                  i do now!!!!

                  seems working, thx a million !

                  1 Reply Last reply Reply Quote 0
                  • GentleJoe
                    GentleJoe last edited by

                    Great ! :)

                    chudak 1 Reply Last reply Reply Quote 0
                    • chudak
                      chudak @GentleJoe last edited by

                      @GentleJoe

                      Had to dig out this old post, but it's exactly the same issue, so hope can be resolved ...

                      I made a copy of my existing OpenVPN server and added a second one.
                      All same settings. But no matter what I do I can't get host names DNS resolutions on the second server !

                      Wonder WTH and how to troubleshoot it ?

                      chudak 1 Reply Last reply Reply Quote 0
                      • chudak
                        chudak @chudak last edited by

                        Either I missing something or it's a bug in VPN sever setup

                        What else has to be set in order to pass host names to a VPN client?

                        0b6f990f-e64f-47ec-9c9e-a7f666e72666-image.png

                        Looking for experts...

                        1 Reply Last reply Reply Quote 0
                        • dotdash
                          dotdash last edited by

                          It's always worked for me with just the domain and the DNS servers specified. (No force cache update checked). What does ipconfig /all show on the TAP adapter client side?

                          chudak 1 Reply Last reply Reply Quote 0
                          • chudak
                            chudak @dotdash last edited by

                            @dotdash

                            I’m on iPhone OpenVPN client
                            Shows my tun ip

                            dotdash 1 Reply Last reply Reply Quote 0
                            • dotdash
                              dotdash @chudak last edited by dotdash

                              @chudak said in DNS resolution for OpenVPN cleints:

                              I’m on iPhone OpenVPN client

                              Sorry, I've got nothing for that. I've only had to deal with the name resolution on Windows and Android devices.
                              Edit- the OpenVPN connect client (at least on Android) shows the domain and dns pulled in the connect log.

                              1 Reply Last reply Reply Quote 0
                              • chudak
                                chudak last edited by

                                I think it would not matter what client.

                                In my case this is how I test. Connect to cellular network on iPhone, connect to VPN and ping host by name. And my 1st server works as expected, but the new server does not !!!

                                dotdash 1 Reply Last reply Reply Quote 0
                                • dotdash
                                  dotdash @chudak last edited by

                                  @chudak said in DNS resolution for OpenVPN cleints:

                                  my 1st server works as expected, but the new server does not !!!

                                  This would seem to indicate a problem with the new server on the DNS server. If you're testing from the phone, maybe get an app that does nslookup or dig.

                                  1 Reply Last reply Reply Quote 0
                                  • chudak
                                    chudak last edited by

                                    Well after lots of testing and trying here is why.

                                    I had DNS Resolver options checked for:

                                    'Enable Forwarding Mode'
                                    'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers'

                                    Un-checking them and checking back fixed the problem!

                                    I suspect that reboot will help as well, but I not very often reboot my router.

                                    Hope maybe beneficial to somebody else.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post

                                    Products

                                    • Platform Overview
                                    • TNSR
                                    • pfSense
                                    • Appliances

                                    Services

                                    • Training
                                    • Professional Services

                                    Support

                                    • Subscription Plans
                                    • Contact Support
                                    • Product Lifecycle
                                    • Documentation

                                    News

                                    • Media Coverage
                                    • Press
                                    • Events

                                    Resources

                                    • Blog
                                    • FAQ
                                    • Find a Partner
                                    • Resource Library
                                    • Security Information

                                    Company

                                    • About Us
                                    • Careers
                                    • Partners
                                    • Contact Us
                                    • Legal
                                    Our Mission

                                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                    Subscribe to our Newsletter

                                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                    © 2021 Rubicon Communications, LLC | Privacy Policy