Update DNS Server w/ VPN Virtual IP

  • I have set up my network with multiple VPNs. One of the VPN connection needs to be the DNS server for the pfsense box. Every time the VPN connection is established, I get a new "Virtual IP" from the VPN provider. How can I update my DNS server with the newly acquired Virtual IP from the VPN server?

    I currently need to update the DNS server every time the VPN reconnects. This can be a bit frustrating. it became more of an issue when I am away from home and the wife needs the internet, but there is no DNS resolution

    See attached pics.

    ![VPN Status.png](/public/imported_attachments/1/VPN Status.png)
    ![VPN Status.png_thumb](/public/imported_attachments/1/VPN Status.png_thumb)
    ![main page.png](/public/imported_attachments/1/main page.png)
    ![main page.png_thumb](/public/imported_attachments/1/main page.png_thumb)
    ![General Setup.png](/public/imported_attachments/1/General Setup.png)
    ![General Setup.png_thumb](/public/imported_attachments/1/General Setup.png_thumb)

  • So, I have made a bit of progress. the following connads works to retrieve the "Virtual IP" from my VPN connection

    ifconfig ovpnc2 | grep "inet " | awk '{print $2}'

    Note: "ovpnc2" is to be replaced with the appropriate interface.

    I also found that the DNS server information is kept in:


    in my case it is the 3rd/last line on that file. 
    Now I just need to figure out how to pipe the output of the first command to replace the line containing "nameserver VPN VIRTUAL IP" without affecting the other lines in that file.

    There is another line with "nameserver" which I do not want to replace.

    I also have not figured out how I want the final product to run. should I run it on a preset interval. Or is there a way to make it run only if the VPN connection is restarted?

    Any suggestions?

  • LAYER 8 Netgate

    Whatever is on the other side should have a static DNS server address you can use.

    In other words, there has to be a better way.

  • LAYER 8 Global Moderator

    Who is your vpn provider?  It makes zero sense from them to change the dns every time you connect… They at worse case have a pool of addresses they hand out... What is your VPN provider so can do a simple google to what dns should be for them..

    Why would you be pointing dns to the IP pfsense gets??

  • This particular setup is with vyprvpn. For what I have been able to get from them, their DNS is managed internally once clients connect. Basically i need to use the address  provided in order to route DNS.

    I am able to use any other DNS server I want. However, for media consumption i.e Netflix and Hulu, I need to use their DNS server. If I don't, I get a location mismatch / proxy server error.

    I have tried multiple workarounds. This seems to be the only way I can get it to work properly.

  • LAYER 8 Global Moderator

    And what setup are you using - they do not list setting up openvpn with pfsense.  And their setups with dd-wrt, etc state they do not support vyperdns with them.

    Pointing dns to your IP you got from your vpn makes no sense - there will be nothing listening on this IP for dns..

  • I used this setup https://pixelsandwidgets.com/2014/10/setup-pfsense-openvpn-client-specific-devices/. I had to play with it as it is an older guide. I realize that pointing o the IP does not make sense. However, doing so gets me DNS resolution. The odd part of it is that even thou the IP is within their network, I do not get DNS resolution if the IP changes.

  • LAYER 8 Netgate

    Some three-year-old walkthrough is peobably going to lead you to take a wrong turn.

  • @Derelict:

    Some three-year-old walkthrough is peobably going to lead you to take a wrong turn.

    The setup seem pretty standard for what I have been able to research. I believe the biggest issue is that vypr does not provide their DNS server address

  • LAYER 8 Netgate

    Then use a different DNS server (or a different VPN provider). That configuration is completely non-standard. Your current path is dark and full or terrors.

  • @Derelict:

    Then use a different DNS server (or a different VPN provider). That configuration is completely non-standard. Your current path is dark and full or terrors.

    I'm going to look into different VPN. I really like vypr for media consumption. They are the fastest/lowest latency provider i have tested. definitely not for privacy/security. For the time being I'm probably going to figure out how to keep the address updated.

    p.s I like your GoT reference!

  • LAYER 8 Global Moderator

    Why don't you contact them… The providing you with a rfc1918 address for their dns would solve the problem, since this would only be available for sure via their vpn users, and not give anyway any sort of info of where their dns is located, etc.

  • I know it has been a while. I did contact them (vyprVPN). They would not provide their DNS information. So, I guess for the time being, I am kinda have to just deal with it. I have not had any time lately to continue playing with it. One of these weekends I can resume my adventure on my current path, "dark and full of terrors"

Log in to reply