[SOLVED] Is there a way to use FQDN for OpenVPN client instead of IP?



  • Let's say I want to establish a VPN client tunnel to us-newyorkcity.privateinternetaccess.com, which resolves to:

    209.95.50.15
    209.95.50.18
    209.95.50.19
    107.182.231.28
    209.95.50.102
    209.95.50.103
    173.244.223.122
    209.95.50.129
    209.95.50.133
    209.95.50.142
    209.95.50.149
    209.95.50.162
    209.95.50.163

    among many other A records.  Assume that new A records are added and removed all the time.  I also have the DNS Resolver (unbound) to only resolve DNS out the VPN connection.  I've lately just hardcoded an IP address I've chosen at random into the client configuration, but this limits me to always connecting to one endpoint, and it may or may not go down for maintenance or suffer other issues.  Plus I want my VPN IP to change every time the tunnel is established and not limit myself to just one address, for privacy reasons.

    My goal is to use FQDN in the client configuration; e.g. use us-newyorkcity.privateinternetaccess.com instead of 209.95.50.15, but as it currently is, since DNS resolves over the VPN tunnel (to prevent DNS leaking out over the naked WAN connection to my ISP), it will be unable to resolve and find an A record in order to connect.

    Are there any advanced options/settings where I can tell unbound to resolve DNS over the naked WAN if and only if the VPN tunnel hasn't been established yet?



  • You can set a different DNS server in general settings.
    pfsense itself will use that one. Clients behind it will use unbound



  • @heper:

    You can set a different DNS server in general settings.
    pfsense itself will use that one. Clients behind it will use unbound

    That was way too easy.  I overthought it.  Thanks.


  • LAYER 8 Global Moderator

    But are you not worried that you will be leaking dns from pfsense when it checks for updates and package list, etc. <rolleyes>;)</rolleyes>


Log in to reply