How to enable DNS resolution for hosts connected to pfsense from an OpenVPN client without forcing all DNS queries over the VPN?



  • How to enable name resolution of computers connected to pfsense (192.168.1.1/24) when connecting remotely as a client (into 192.168.2.1/24)?

    What has been done so far:

    • Clean install of pfsense 2.4.4 + update to 2.4.4-RELEASE-p2
    • Set up OpenVPN a "Remote Access SSL/TLS + User Auth)"
    • Installed the "OpenVPN Client Export" package
    • Created users + user ceritifaces
    • Exported their certificates / config files

    Observations/Diagnostics:

    • The OpenVPN client connects successfully onto the 192.168.2.1/24 subnet however it does not resolve any hostnames from the 192.168.1.1/24 subnet.
    • The OpenVPN client can SSH into machines on the 192.168.1.1/24 subnet using their IP addresses.
    • Machines on the 192.168.1.1/24 subnet resolve the names of other machines on the subnet using their hostnames only or FQDN format: hostname.localdomain.
    • Both Windows 10 and Android OpenVPN clients are not resolving hosts on the 192.168.1.1/24 subnet.

    What needs to be done in order for a OpenVPN client on the 192.168.2.1/24 subnet to be able to resolve 192.168.1.1/24 subnet?

    The OpenVPN client can have high latency so ideally only the DNS queries for the 192.168.1.1/24 subnet would be done over the VPN and all other resolutions through either the clients existing DNS or 8.8.8.8.


Log in to reply