Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route general DNS traffic over VPN

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 319 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guenther4
      last edited by

      Hi guys,

      I've got a twisted brain right now and I can't find a solution. If this has been asked already, please assist in providing a link, as I did not find anything related to my issue.

      My setup:
      Regular Clients/LAN <-> Pfsense <-> ISP Router <-> WAN
      special Clients/LAN <-> Pfsense <-> OpenVPN <-> WAN

      I'm running pfsense 2.4.2 on an APU and I've configured pfsense to act as OpenVPN client for two networks. I can route traffic via that two VPNs easily and flawlessly. Everything works as expected and if I assign my special source devices to use one of the two VPNs as gateway, it works as well. I'm using this a) for privacy reasons and b) to utilize the VPN to take a different path to some sites (e.g. youtube) during busy hours.

      I've setup 3 DNS servers in System / General Setup / DNS and if I select a VPN GW for one of the DNS servers, there will be no DNS reply on the Diagnostics / DNS Lookup page.

      My routing table looks like this:

      [2.4.2-RELEASE][root@pfSense]/root: netstat -rn
Routing tables
Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.2.1        UGS         re0
1.1.1.1            192.168.197.2      UGHS        lo0
8.8.8.8            192.168.2.1        UGHS        re0
9.9.9.9            192.168.2.1        UGHS        re0

      192.168.2.1 is the ISP router.
      192.168.197.2 is the pfsense's client IP of the VPN.
      For example, 9.9.9.9 is not reachable that way. If I try to ping 1.1.1.1 the TTL expires, which makes me think that there's an issue with the routing itself.

      [2.4.2-RELEASE][root@pfSense.]/root: ping -c1 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  40  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  3f  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  3e  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  3d  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  3c  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  3b  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  3a  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  39  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  38  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  37  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  36  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  35  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  34  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  33  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  32  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  31  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  30  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  2f  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  2e  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  2d  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  2c  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  2b  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  2a  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  29  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  28  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  27  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  26  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  25  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  24  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  23  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  22  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  21  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  20  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  1f  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  1e  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  1d  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  1c  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  1b  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  1a  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  19  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  18  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  17  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  16  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  15  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  14  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  13  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  12  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  11  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  10  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  0f  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  0e  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  0d  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  0c  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  0b  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  0a  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  09  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  08  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  07  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  06  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  05  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  04  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  03  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Redirect Host(New addr: 192.168.197.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  02  01 0000 127.0.0.1  1.1.1.1

36 bytes from localhost (127.0.0.1): Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 223f   0 0000  01  01 0000 127.0.0.1  1.1.1.1

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[2.4.2-RELEASE][root@pfSense]/root:

      Any ideas what I might've missed? Thanks!

      1 Reply Last reply Reply Quote 0
      • P
        pfadmin
        last edited by

        192.168.197.2 should be 192.168.197.1 because your pfsense is not the Gateway, right?

        1 Reply Last reply Reply Quote 0
        • G
          guenther4
          last edited by

          Thanks for leading me in the right direction.

          I ended up recreating the VPN Gateways at System / Routing / Gateways and using hard coded IPs as GW instead of "dynamic".

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.