Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Is there a way to use FQDN for OpenVPN client instead of IP?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Finger79
      last edited by

      Let's say I want to establish a VPN client tunnel to us-newyorkcity.privateinternetaccess.com, which resolves to:

      209.95.50.15
      209.95.50.18
      209.95.50.19
      107.182.231.28
      209.95.50.102
      209.95.50.103
      173.244.223.122
      209.95.50.129
      209.95.50.133
      209.95.50.142
      209.95.50.149
      209.95.50.162
      209.95.50.163

      among many other A records.  Assume that new A records are added and removed all the time.  I also have the DNS Resolver (unbound) to only resolve DNS out the VPN connection.  I've lately just hardcoded an IP address I've chosen at random into the client configuration, but this limits me to always connecting to one endpoint, and it may or may not go down for maintenance or suffer other issues.  Plus I want my VPN IP to change every time the tunnel is established and not limit myself to just one address, for privacy reasons.

      My goal is to use FQDN in the client configuration; e.g. use us-newyorkcity.privateinternetaccess.com instead of 209.95.50.15, but as it currently is, since DNS resolves over the VPN tunnel (to prevent DNS leaking out over the naked WAN connection to my ISP), it will be unable to resolve and find an A record in order to connect.

      Are there any advanced options/settings where I can tell unbound to resolve DNS over the naked WAN if and only if the VPN tunnel hasn't been established yet?

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        You can set a different DNS server in general settings.
        pfsense itself will use that one. Clients behind it will use unbound

        1 Reply Last reply Reply Quote 0
        • F
          Finger79
          last edited by

          @heper:

          You can set a different DNS server in general settings.
          pfsense itself will use that one. Clients behind it will use unbound

          That was way too easy.  I overthought it.  Thanks.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            But are you not worried that you will be leaking dns from pfsense when it checks for updates and package list, etc. <rolleyes>;)</rolleyes>

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.