Hostname Resolution over OpenVPN
-
I apologise if I have missed the answer to this question on another topic - I have been trying to fix this for a long time.
My setup:
I have a pfSense box (Site A) in my apartment, with devices and VM's connected to it. The connected devices use a pi-hole for DHCP and DNS (DNS resolver does not work for some unknown reason - it is incredibly slow/unresponsive).
My apartment does not provide public IPs, so for remote access I have Site A pfSense connected as an OpenVPN client to a Vultr pfSense openVPN server instance (Site B) and the LAN of site A is routed over VPN.
In this setup, I can connect my laptop from a remote location to the vultr pfSense (Site B) openVPN server and can access my home devices by typing their LAN IP address.
Problem:
From any remotely connected client, I want to be able to resolve my home (Site A) devices by their hostname. Ideally I would like to be able to push the pi-hole DNS server to clients, so it provides ad-blocking as well.Can anyone advise on what I need to do?
Thank you -
Have you tried setting it as the DNS server that gets pushed to the OpenVPN clients in the OpenVPN server configuration?
-
Thanks for your reply.
I have tried specifying the LAN IP address of my pi-hole in Site B's OpenVPN Server DNS settings.
When I remotely connect my laptop as a client to the server, the server pushes the LAN IP of the home DNS server, but it does not resolve when I try to visit a website or try nslookup.
Strangely I can type in the LAN IP address of clients on my home LAN in the browser and access them, but nslookup does not respond even to LAN IP addresses. -
maybe the DNS server does not have a route back to the OpenVPN client's tunnel address?
You should be able to troubleshoot this using dig commands targeted at the DNS server in question.
A lot of this has to do with how the client, not pfSense, is configured too.
-
Sorry could you clarify how to do this?
As in
'dig apple.com @_DNS Server LAN IP_ +trace' from my remote laptop?
-
I think I may have solved it. Thank you for your suggestion on using dig.
Using dig and ping, I tried to access the DNS server on my home LAN.
I checked the home LAN pfSense (Site A) firewall logs and it was blocking traffic from the OpenVPN interface to LAN interface that was ICMP type? Does this explain why I could contact the server if I typed its IP address into google chrome, but could not ping the server from command line?
EDIT: Yes making a rule to pass ANY traffic from ovpn interface to LAN of ANY kind solved the problem! Thank you!
-
From the client:
dig @dns_server_ip_address something.com
Does that work? If not find out why not.