Hostname Resolution over OpenVPN
I apologise if I have missed the answer to this question on another topic - I have been trying to fix this for a long time.
I have a pfSense box (Site A) in my apartment, with devices and VM's connected to it. The connected devices use a pi-hole for DHCP and DNS (DNS resolver does not work for some unknown reason - it is incredibly slow/unresponsive).
My apartment does not provide public IPs, so for remote access I have Site A pfSense connected as an OpenVPN client to a Vultr pfSense openVPN server instance (Site B) and the LAN of site A is routed over VPN.
In this setup, I can connect my laptop from a remote location to the vultr pfSense (Site B) openVPN server and can access my home devices by typing their LAN IP address.
From any remotely connected client, I want to be able to resolve my home (Site A) devices by their hostname. Ideally I would like to be able to push the pi-hole DNS server to clients, so it provides ad-blocking as well.
Can anyone advise on what I need to do?
Have you tried setting it as the DNS server that gets pushed to the OpenVPN clients in the OpenVPN server configuration?
Thanks for your reply.
I have tried specifying the LAN IP address of my pi-hole in Site B's OpenVPN Server DNS settings.
When I remotely connect my laptop as a client to the server, the server pushes the LAN IP of the home DNS server, but it does not resolve when I try to visit a website or try nslookup.
Strangely I can type in the LAN IP address of clients on my home LAN in the browser and access them, but nslookup does not respond even to LAN IP addresses.
maybe the DNS server does not have a route back to the OpenVPN client's tunnel address?
You should be able to troubleshoot this using dig commands targeted at the DNS server in question.
A lot of this has to do with how the client, not pfSense, is configured too.
Sorry could you clarify how to do this?
'dig apple.com @_DNS Server LAN IP_ +trace' from my remote laptop?
I think I may have solved it. Thank you for your suggestion on using dig.
Using dig and ping, I tried to access the DNS server on my home LAN.
I checked the home LAN pfSense (Site A) firewall logs and it was blocking traffic from the OpenVPN interface to LAN interface that was ICMP type? Does this explain why I could contact the server if I typed its IP address into google chrome, but could not ping the server from command line?
EDIT: Yes making a rule to pass ANY traffic from ovpn interface to LAN of ANY kind solved the problem! Thank you!
From the client:
dig @dns_server_ip_address something.com
Does that work? If not find out why not.