OpenVPN works but no local DNS

Mr. Waste

@x3rl
Ipv4 Tunnel Network is set as: 10.0.1.0/24
Dns Server 1 is set as: 10.0.0.1

Change the dns server to 10.0.1.1

I am doing more complex vpns. Having 2 vpns together to get the most out of the filtering.
Home Pfsense (Connecting) to Cloud Remote Pfsense (Actual VPN) to DNS Server VPN (Actual VPN through the Cloud VPN)
Home = Cloud = DNS

Hope this helps.

x2rl

@Mr-Waste did not work pal pfbocker was not working when setting that dns

Mr. Waste

This post is deleted!

Mr. Waste

@x3rl

Go to Firewall/pfBlockerNG/IP
IP Interface/Rules Configuration:

Inbound Firewall Rules:
Wan

Outbound Firewall Rules:
Lan
OpenVpn Server interface

Make sure you have that interface highlighted. This might be the problem.
Make sure you have the dns resolver on as well. Local DNS Resolver to up stream DNS Server/ like cloud flare or google.

Make sure everything else are all GREEN/ ON or it will not work. - (Resolver)
pfb_dnsbl is down something isn't right. Like with the first picture. - (The interfaces)

Mr. Waste

x2rl

My dns is set to 127.0.0.1 I have all the rules and everything is active.

Gertjan

Side note :
@Mr-Waste :

x2rl

@Gertjan pfsense does the resloving.

Jochim

@x3rl
Try resetting everything to the way it was in your screenshot, then change the option "DNS Default Domain" to just "localdomain". Next add the tunnel network (10.0.1.0/24 in your case) to the DNS Resolver access list by going to Services > DNS Resolver > Access Lists and adding a new entry for the tunnel network.

Hopefully that solves the issue.

Jochim

x2rl

@Jochim nope still does not use piholes adblocker via pfsense DNS.

renegade

Same here.
It seems the set DNS Server is only used for the set domain name.
In my case it‘s home and everything ending with .home is resolved and available in my OpenVPN Split Tunnel. But other name resolution seems to happen with any other DNS Server (unknown).

soutruth

Had same issue. Unticked: "Provide a DNS server list to clients. Addresses may be IPv4 or IPv6."

Fixed :)

Byter

@john_galt

@john_galt said in OpenVPN works but no local DNS:

@johnpoz

I can now get local DNS over OpenVPN but I don't know why. I would like to if anyone can explain.

In Services > DNS Resolver > General Settings I changed the Network Interfaces from "All" to selecting all the interfaces and saving.

I've spent a lot of time trying to figure this out and really would like to understand why one setting
doesn't work but the other does when essentially they are both the same?

Thanks,

Doug

// Edit//

Here's the forum thread that gave me this fix.

Actually I had an issue using another router behind a PFsense, with full functionalities. I just wanted to have a separeted network without using VLAN and I wanted to preserve the reserved IP addresses, long sotry... Anyway, I couldn't figure out why on earth I can't get the clients behind the second router to properly resolve DNS. I used the same trick as you selecting every interface by hand rather than using the "ALL" option. IT SOLVED finally my issue. I definitely think there is a glitch somewhere.

nonyhaha

@soutruth how on earth did that go ok for you? What dns is your client using then?

Other than that, I am having the same issue and am trying to solve it.
the problem for me is that I am not even trying to user pfblockerng, only use the local acl to access local assets.

Allistah

@john_galt

I made an account here just to say that this resolved my issue as well. I am running pfSense 2.5.2-RELEASE (amd64) and I could connect to VPN without any trouble but any local DNS wouldn't work to the site I was connected to. Once I removed the DNS Resolver from "All" to manually choosing all of the IPv4 interfaces on the "Network Interfaces" and "Outgoing Network Interfaces" within the DNS Resolver, it just started to work as I would expect.

Maybe there is a bug or something there.

Thanks for listening - hope this can help improve pfSense!

Schuby

@john_galt This also worked for me. Very strange.

Zoltrix

@johnpoz can confirm the same issue here. Once I changed the Network Interfaces from "All" to selecting all the interfaces and saving, presto! Working.

Time for a bug report I guess.

fadushin

@john_galt Works for me, too. Very strange. (I did find that I had to log out of the VPN and log back in, to see the effect of the changes. And I selected all the devices, except “All”, for just Network Interfaces.)

Zoltrix

@fadushin very strange.

fadushin

@zoltrix Were you able to submit a bug report? I tried but redmine won’t let me log in, depsite password resets.

Zoltrix

@fadushin I've moved on to using ZeroTier, so not so much of a concern for me now...