Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hostname Resolution over OpenVPN

    OpenVPN
    2
    7
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cyclocamp
      last edited by

      I apologise if I have missed the answer to this question on another topic - I have been trying to fix this for a long time.

      My setup:

      I have a pfSense box (Site A) in my apartment, with devices and VM's connected to it. The connected devices use a pi-hole for DHCP and DNS (DNS resolver does not work for some unknown reason - it is incredibly slow/unresponsive).

      My apartment does not provide public IPs, so for remote access I have Site A pfSense connected as an OpenVPN client to a Vultr pfSense openVPN server instance (Site B) and the LAN of site A is routed over VPN.

      In this setup, I can connect my laptop from a remote location to the vultr pfSense (Site B) openVPN server and can access my home devices by typing their LAN IP address.

      Problem:
      From any remotely connected client, I want to be able to resolve my home (Site A) devices by their hostname. Ideally I would like to be able to push the pi-hole DNS server to clients, so it provides ad-blocking as well.

      Can anyone advise on what I need to do?
      Thank you

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Have you tried setting it as the DNS server that gets pushed to the OpenVPN clients in the OpenVPN server configuration?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          cyclocamp
          last edited by

          Thanks for your reply.

          I have tried specifying the LAN IP address of my pi-hole in Site B's OpenVPN Server DNS settings.
          When I remotely connect my laptop as a client to the server, the server pushes the LAN IP of the home DNS server, but it does not resolve when I try to visit a website or try nslookup.
          Strangely I can type in the LAN IP address of clients on my home LAN in the browser and access them, but nslookup does not respond even to LAN IP addresses.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            maybe the DNS server does not have a route back to the OpenVPN client's tunnel address?

            You should be able to troubleshoot this using dig commands targeted at the DNS server in question.

            A lot of this has to do with how the client, not pfSense, is configured too.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • C
              cyclocamp
              last edited by

              Sorry could you clarify how to do this?

              As in

              'dig apple.com @_DNS Server LAN IP_ +trace' from my remote laptop?

              1 Reply Last reply Reply Quote 0
              • C
                cyclocamp
                last edited by

                I think I may have solved it. Thank you for your suggestion on using dig.

                Using dig and ping, I tried to access the DNS server on my home LAN.

                I checked the home LAN pfSense (Site A) firewall logs and it was blocking traffic from the OpenVPN interface to LAN interface that was ICMP type? Does this explain why I could contact the server if I typed its IP address into google chrome, but could not ping the server from command line?

                EDIT: Yes making a rule to pass ANY traffic from ovpn interface to LAN of ANY kind solved the problem! Thank you!

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  From the client:

                  dig @dns_server_ip_address something.com

                  Does that work? If not find out why not.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.