• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] Is there a way to use FQDN for OpenVPN client instead of IP?

Scheduled Pinned Locked Moved OpenVPN
4 Posts 3 Posters 2.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    Finger79
    last edited by Aug 14, 2017, 2:48 PM Aug 14, 2017, 10:03 AM

    Let's say I want to establish a VPN client tunnel to us-newyorkcity.privateinternetaccess.com, which resolves to:

    209.95.50.15
    209.95.50.18
    209.95.50.19
    107.182.231.28
    209.95.50.102
    209.95.50.103
    173.244.223.122
    209.95.50.129
    209.95.50.133
    209.95.50.142
    209.95.50.149
    209.95.50.162
    209.95.50.163

    among many other A records.  Assume that new A records are added and removed all the time.  I also have the DNS Resolver (unbound) to only resolve DNS out the VPN connection.  I've lately just hardcoded an IP address I've chosen at random into the client configuration, but this limits me to always connecting to one endpoint, and it may or may not go down for maintenance or suffer other issues.  Plus I want my VPN IP to change every time the tunnel is established and not limit myself to just one address, for privacy reasons.

    My goal is to use FQDN in the client configuration; e.g. use us-newyorkcity.privateinternetaccess.com instead of 209.95.50.15, but as it currently is, since DNS resolves over the VPN tunnel (to prevent DNS leaking out over the naked WAN connection to my ISP), it will be unable to resolve and find an A record in order to connect.

    Are there any advanced options/settings where I can tell unbound to resolve DNS over the naked WAN if and only if the VPN tunnel hasn't been established yet?

    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by Aug 14, 2017, 2:01 PM

      You can set a different DNS server in general settings.
      pfsense itself will use that one. Clients behind it will use unbound

      1 Reply Last reply Reply Quote 0
      • F
        Finger79
        last edited by Aug 14, 2017, 2:47 PM

        @heper:

        You can set a different DNS server in general settings.
        pfsense itself will use that one. Clients behind it will use unbound

        That was way too easy.  I overthought it.  Thanks.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Aug 14, 2017, 3:13 PM

          But are you not worried that you will be leaking dns from pfsense when it checks for updates and package list, etc. <rolleyes>;)</rolleyes>

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received