Hostname Resolution over OpenVPN

  • I apologise if I have missed the answer to this question on another topic - I have been trying to fix this for a long time.

    My setup:

    I have a pfSense box (Site A) in my apartment, with devices and VM's connected to it. The connected devices use a pi-hole for DHCP and DNS (DNS resolver does not work for some unknown reason - it is incredibly slow/unresponsive).

    My apartment does not provide public IPs, so for remote access I have Site A pfSense connected as an OpenVPN client to a Vultr pfSense openVPN server instance (Site B) and the LAN of site A is routed over VPN.

    In this setup, I can connect my laptop from a remote location to the vultr pfSense (Site B) openVPN server and can access my home devices by typing their LAN IP address.

    From any remotely connected client, I want to be able to resolve my home (Site A) devices by their hostname. Ideally I would like to be able to push the pi-hole DNS server to clients, so it provides ad-blocking as well.

    Can anyone advise on what I need to do?
    Thank you

  • LAYER 8 Netgate

    Have you tried setting it as the DNS server that gets pushed to the OpenVPN clients in the OpenVPN server configuration?

  • Thanks for your reply.

    I have tried specifying the LAN IP address of my pi-hole in Site B's OpenVPN Server DNS settings.
    When I remotely connect my laptop as a client to the server, the server pushes the LAN IP of the home DNS server, but it does not resolve when I try to visit a website or try nslookup.
    Strangely I can type in the LAN IP address of clients on my home LAN in the browser and access them, but nslookup does not respond even to LAN IP addresses.

  • LAYER 8 Netgate

    maybe the DNS server does not have a route back to the OpenVPN client's tunnel address?

    You should be able to troubleshoot this using dig commands targeted at the DNS server in question.

    A lot of this has to do with how the client, not pfSense, is configured too.

  • Sorry could you clarify how to do this?

    As in

    'dig @_DNS Server LAN IP_ +trace' from my remote laptop?

  • I think I may have solved it. Thank you for your suggestion on using dig.

    Using dig and ping, I tried to access the DNS server on my home LAN.

    I checked the home LAN pfSense (Site A) firewall logs and it was blocking traffic from the OpenVPN interface to LAN interface that was ICMP type? Does this explain why I could contact the server if I typed its IP address into google chrome, but could not ping the server from command line?

    EDIT: Yes making a rule to pass ANY traffic from ovpn interface to LAN of ANY kind solved the problem! Thank you!

  • LAYER 8 Netgate

    From the client:

    dig @dns_server_ip_address

    Does that work? If not find out why not.

Log in to reply