DNS over VPN, but DNS needed to dial VPN



  • I'm in a Catch 22 here.  I'm running OpenVPN in Client mode.  My firewall rules route HTTP(s) and DNS traffic over the VPN tunnel.  My VPN is setup to dial based upon a DNS entry.  The problem is, when everything starts from fresh, pfSense tries to resolve the DNS name in order to dial the VPN tunnel, but this lookup fails because the VPN tunnel isn't established.

    Is there any way to let pfSense itself connect directly to the internet for DNS, but send all other queries through the VPN tunnel?



  • In my experience, when traffic, including DNS, is forced through the tunnel, that only happens when the tunnel is up.  There's no reason to block outgoing DNS requests.  Failing that, does the OpenVPN server have a static address?  If so, then you can use that, instead of a host name, when setting up the tunnel.



  • Hmm….  Disabling the Service and tearing down the tunnel, the traffic still flows fine.  I've re-enabled my DNS rule.  I'll see what happens.



  • I have worked around this situation by just using the VPN server's IP address instead of its hostname in the VPN client config.


Log in to reply