Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Domain overrides with openvpn

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 4 Posters 990 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmarc
      last edited by

      Hello,

      I have an ipsec tunnel between my office and a remote office.
      Both offices use a different domain for now.
      I've setup a domain override in my dns fw options for my lan.
      ex: seconddomain.com > 192.168.2.4 which is the dns of the remote office.
      How do i get users that connect to my openvpn to be able to reach the network on the remote office?

      Thanks

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Provide them your internal DNS server.
        But ensure that it also can resolve public names.

        1 Reply Last reply Reply Quote 0
        • J
          jmarc
          last edited by

          They already have my internal dns server's address and it doesn't work.

          lan ip: 192.168.17.0/24
          vpn ip: 192.168.16.0/24
          remote office ip: 192.168.2.0/24

          I've added the remote office's ip range in the openvpn server settings. I can ping an ip over there, but i cant reach a web app with the fqdn.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            So the clients obviously can't resolve it. Consider that they have to use the FQDN, not only the host name, also the domain part.

            1 Reply Last reply Reply Quote 0
            • C
              cybis
              last edited by cybis

              For me the domain override doesn't work either.

              I have set up a Site-to-Site OpenVPN tunnel between two sites as described in the documentation. Currently only the LAN networks are tunneled, i.e. a single network on both sites. The OpenVPN server firewall rule allows all traffic and the tunnel is working as expected, clients can communicate between the sites by IP without any issues.

              Both sites have their own local domain, e.g. siteA (VPN server) and siteB (VPN client). For testing I added a domain override on siteA in the Domain Overrides section under Services -> DNS Resover. It contains the the siteB domain name and the DNS server IP of siteB's LAN interface, i.e. the DNS server that the clients on siteB get assigned via DHCP which is the pfsense box itself. No dedicated port was specified and the SSL/TLS DNS is unchecked, i.e. default DNS on port 53.

              Pinging siteB's DNS server works, resolving it's FQDN, i.e. host.siteB, unfortunately not. What am I missing here?

              EDIT: Both sites are running pfsense 2.4.5-RELEASE-p1.

              1 Reply Last reply Reply Quote 0
              • C
                cybis
                last edited by

                I was able to solve the issue by adding the VPN tunnel subnet/network to a DNS resolver ACL in siteA's settings under DNS Resolver -> Acces Lists. By additionally adding a domain override in siteB's resolver settings and adding the very same ACL there, siteA FQDN requests are now properly resolved from within siteB too.

                1 Reply Last reply Reply Quote 0
                • bingo600B
                  bingo600
                  last edited by bingo600

                  Unbound ACL's ?

                  Ohh a bit to late ...

                  If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                  pfSense+ 23.05.1 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.