Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Catch 22 - VPN Kill - DNS Can't Recover

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 111 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4
      4o4rh
      last edited by 4o4rh

      I have

      • enabled two VPN connections with Tier1, Tier2 gateway failover config
      • DNS Resolver set to use only the VPN connections for forward requests

      Scenario 1 - "Skip rules when gateway is down" not checked

      • still able to do DNS resolution and browse (despite HTTP rule explicitly selecting VPN gateway)
      • summary, not the desired effect

      Scenario 2 - "Skip rules when gateway is down" checked (test with single VPN enabled)

      • droping VPN neither DNS nor IP browsing works
      • summary, desired effect

      Scenario 3 - "Skip rules when gateway is down" checked (test with two VPNs enabled)

      • drop VPN1 - DNS and IP browsing works
      • VPN1 up and then drop VPN2 - DNS and IP browsing works
      • VPN 2 up and then drop VPN1 - DNS and IP browsing works
      • drop VPN2 (so both VPNs down) - DNS and IP browsing does not work (desired effect)
      • re-establish one or both VPNs - DNS and IP browsing does not work (NOT desired effect)

      Problem

      • seems when both VPNs are down, rules are removed per check box
      • when re-establishing the VPN after complete failure, the DNS no longer works - even if resolver is restarted
      • this means a reboot is required to restart everything

      ** i might add, trying to go into status resolver after restarting resolver, hangs

      Is there a way to regenerate the rules for a gateway that goes down upon re-establishment to avoid having to do full reboot?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.