Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS resolution for OpenVPN cleints

    General pfSense Questions
    3
    16
    822
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudak
      chudak last edited by

      Hello all

      Trying to clarify some settings related to my DNS server and OpenVPN clients

      I see in information my DNS as:

      DNS server(s)
      127.0.0.1
      8.8.4.4
      156.154.71.1
      129.250.35.251

      My OpenVPN client log shows:

      2017-06-18 09:41:24 OPTIONS:
      0 [route] [192.168.90.1] [255.255.255.0]
      1 [redirect-gateway] [def1]
      2 [route-gateway] [192.168.2.1]
      3 [topology] [subnet]
      4 [ping] [10]
      5 [ping-restart] [60]
      6 [ifconfig] [192.168.2.3] [255.255.255.0]

      I'd like OpenVPN clients be able to resolve hosts by name, but not sure how to make it happen

      Thx in advance!

      1 Reply Last reply Reply Quote 0
      • GentleJoe
        GentleJoe last edited by

        In the OpenVPN setting enable 'DNS Server enable'.

        Verify DNS1 is your own local server.

        1 Reply Last reply Reply Quote 0
        • chudak
          chudak last edited by

          i tried that so far with no luck :(

          my Subnet 192.168.90.0

          i enabled in VPN-OpenVPN-Servers - "DNS Server enable" "Provide a DNS server list to clients" and added "DNS Server 1" 192.168.90.1

          looks ok?

          1 Reply Last reply Reply Quote 0
          • GentleJoe
            GentleJoe last edited by

            I have this enabled too: Redirect Gateway - Force all client generated traffic through the tunnel.
            See if that changes it for you.

            Plus this setting, Force DNS cache update.

            1 Reply Last reply Reply Quote 0
            • chudak
              chudak last edited by

              i had "Redirect Gateway Force all client generated traffic through the tunnel." enabled
              and enabled "Force DNS cache update" and no love still

              1 Reply Last reply Reply Quote 0
              • GentleJoe
                GentleJoe last edited by

                Are you accessing the hostname with the FQDN like printer.mydomain.com ?

                1 Reply Last reply Reply Quote 0
                • chudak
                  chudak last edited by

                  @Gentle:

                  Are you accessing the hostname with the FQDN like printer.mydomain.com ?

                  i do now!!!!

                  seems working, thx a million !

                  1 Reply Last reply Reply Quote 0
                  • GentleJoe
                    GentleJoe last edited by

                    Great ! :)

                    chudak 1 Reply Last reply Reply Quote 0
                    • chudak
                      chudak @GentleJoe last edited by

                      @GentleJoe

                      Had to dig out this old post, but it's exactly the same issue, so hope can be resolved ...

                      I made a copy of my existing OpenVPN server and added a second one.
                      All same settings. But no matter what I do I can't get host names DNS resolutions on the second server !

                      Wonder WTH and how to troubleshoot it ?

                      chudak 1 Reply Last reply Reply Quote 0
                      • chudak
                        chudak @chudak last edited by

                        Either I missing something or it's a bug in VPN sever setup

                        What else has to be set in order to pass host names to a VPN client?

                        0b6f990f-e64f-47ec-9c9e-a7f666e72666-image.png

                        Looking for experts...

                        1 Reply Last reply Reply Quote 0
                        • dotdash
                          dotdash last edited by

                          It's always worked for me with just the domain and the DNS servers specified. (No force cache update checked). What does ipconfig /all show on the TAP adapter client side?

                          chudak 1 Reply Last reply Reply Quote 0
                          • chudak
                            chudak @dotdash last edited by

                            @dotdash

                            I’m on iPhone OpenVPN client
                            Shows my tun ip

                            dotdash 1 Reply Last reply Reply Quote 0
                            • dotdash
                              dotdash @chudak last edited by dotdash

                              @chudak said in DNS resolution for OpenVPN cleints:

                              I’m on iPhone OpenVPN client

                              Sorry, I've got nothing for that. I've only had to deal with the name resolution on Windows and Android devices.
                              Edit- the OpenVPN connect client (at least on Android) shows the domain and dns pulled in the connect log.

                              1 Reply Last reply Reply Quote 0
                              • chudak
                                chudak last edited by

                                I think it would not matter what client.

                                In my case this is how I test. Connect to cellular network on iPhone, connect to VPN and ping host by name. And my 1st server works as expected, but the new server does not !!!

                                dotdash 1 Reply Last reply Reply Quote 0
                                • dotdash
                                  dotdash @chudak last edited by

                                  @chudak said in DNS resolution for OpenVPN cleints:

                                  my 1st server works as expected, but the new server does not !!!

                                  This would seem to indicate a problem with the new server on the DNS server. If you're testing from the phone, maybe get an app that does nslookup or dig.

                                  1 Reply Last reply Reply Quote 0
                                  • chudak
                                    chudak last edited by

                                    Well after lots of testing and trying here is why.

                                    I had DNS Resolver options checked for:

                                    'Enable Forwarding Mode'
                                    'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers'

                                    Un-checking them and checking back fixed the problem!

                                    I suspect that reboot will help as well, but I not very often reboot my router.

                                    Hope maybe beneficial to somebody else.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post