• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Hostname Resolution over OpenVPN

Scheduled Pinned Locked Moved OpenVPN
7 Posts 2 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cyclocamp
    last edited by May 15, 2018, 10:27 AM

    I apologise if I have missed the answer to this question on another topic - I have been trying to fix this for a long time.

    My setup:

    I have a pfSense box (Site A) in my apartment, with devices and VM's connected to it. The connected devices use a pi-hole for DHCP and DNS (DNS resolver does not work for some unknown reason - it is incredibly slow/unresponsive).

    My apartment does not provide public IPs, so for remote access I have Site A pfSense connected as an OpenVPN client to a Vultr pfSense openVPN server instance (Site B) and the LAN of site A is routed over VPN.

    In this setup, I can connect my laptop from a remote location to the vultr pfSense (Site B) openVPN server and can access my home devices by typing their LAN IP address.

    Problem:
    From any remotely connected client, I want to be able to resolve my home (Site A) devices by their hostname. Ideally I would like to be able to push the pi-hole DNS server to clients, so it provides ad-blocking as well.

    Can anyone advise on what I need to do?
    Thank you

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by May 15, 2018, 10:47 AM

      Have you tried setting it as the DNS server that gets pushed to the OpenVPN clients in the OpenVPN server configuration?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • C
        cyclocamp
        last edited by May 15, 2018, 11:00 AM

        Thanks for your reply.

        I have tried specifying the LAN IP address of my pi-hole in Site B's OpenVPN Server DNS settings.
        When I remotely connect my laptop as a client to the server, the server pushes the LAN IP of the home DNS server, but it does not resolve when I try to visit a website or try nslookup.
        Strangely I can type in the LAN IP address of clients on my home LAN in the browser and access them, but nslookup does not respond even to LAN IP addresses.

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by May 15, 2018, 11:04 AM

          maybe the DNS server does not have a route back to the OpenVPN client's tunnel address?

          You should be able to troubleshoot this using dig commands targeted at the DNS server in question.

          A lot of this has to do with how the client, not pfSense, is configured too.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • C
            cyclocamp
            last edited by May 15, 2018, 12:28 PM

            Sorry could you clarify how to do this?

            As in

            'dig apple.com @_DNS Server LAN IP_ +trace' from my remote laptop?

            1 Reply Last reply Reply Quote 0
            • C
              cyclocamp
              last edited by May 15, 2018, 1:08 PM May 15, 2018, 12:42 PM

              I think I may have solved it. Thank you for your suggestion on using dig.

              Using dig and ping, I tried to access the DNS server on my home LAN.

              I checked the home LAN pfSense (Site A) firewall logs and it was blocking traffic from the OpenVPN interface to LAN interface that was ICMP type? Does this explain why I could contact the server if I typed its IP address into google chrome, but could not ping the server from command line?

              EDIT: Yes making a rule to pass ANY traffic from ovpn interface to LAN of ANY kind solved the problem! Thank you!

              1 Reply Last reply Reply Quote 0
              • D
                Derelict LAYER 8 Netgate
                last edited by May 15, 2018, 8:05 PM

                From the client:

                dig @dns_server_ip_address something.com

                Does that work? If not find out why not.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received