Redirecting all client web traffic via VPN - only IP addresses work but no hostnames



  • I have a running OpenVPN server on pfsense and the client (Ubuntu 16.04) can connect without problems. However, I want that the client redirects all traffic via the VPN. That works, but only with IP addresses. I can ping e.g. 172.217.21.132, but I cannot ping www.google.com. So there seems to be a problem with DNS. I have used the wizard and checked the box: "route all client traffic via VPN" or similar. I have also specified DNS servers from within the wizard (8.8.8.8 and 9.9.9.9 and 208.37.222.222) and the DNS resolver service is running. Any ideas what could be the problem?



  • Try adding an access list for your VPN tunnel network (Services > DNS Resolver > Access Lists). For example, if your tunnel network is 192.168.1.0/24, add an access list for that same network to the DNS resolver.



  • Thanks,
    I have done that, but it makes no difference... I figured it now out after realizing that the setup works without problems on MacOSX. The client is running on Ubuntu 16.04 and it appears mandatory to update DNS information manually. The default configuration does not allow for this to happen automatically for security reasons. There is a script included in the Ubuntu package of openvpn that updates this information (/etc/openvpn/update-resolv-conf). But in order for this to work one needs to a) call the script from within the openvpn configuration file and b) pass a parameter to openvpn when starting the service to allow script execution (openvpn --config pfsense.conf --script-security 2). I put a quick blog post up if others experience the same issue: https://jeltsch.org/openvpn



  • Glad you figured it out, and thanks for posting detailed information about how.