Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN not resolving internal DNS names

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 649 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      behemyth
      last edited by

      Setup:

      Tunnel Network 10.0.0.0/24
      LAN Network 192.168.1.0/24

      I can connect to devices on the LAN fine, but I cannot connect to them using their DNS names. I don't see any traffic being blocked by the firewall, and I'm not using ACL's on my DNS Resolver. What am I missing?

      1 Reply Last reply Reply Quote 0
      • B Offline
        behemyth
        last edited by

        If i set my tunnel network to my LAN IP space, it works fine. I feel like I'm missing a route somewhere, but the pfsense box wont let me route to the tunnel network.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          If you want vpn clients to use unbound, you have to add an ACL to allow your tunnel network to query it. Out of the box only your lan network would be allowed to query via the automatic ACL created.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • B Offline
            behemyth
            last edited by

            That did it, did not know that.

            Thank you Sir.

            1 Reply Last reply Reply Quote 0
            • B Offline
              behemyth
              last edited by

              I also changed my openvpn firewall rule to source : 10.0.0.0 (tunnel) dest: 192.168.1.0 (inside). I should do this right to limit what can talk to what over the tunnel.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Well the only thing that can talk over the tunnel - is your vpn clients.. But sure you can limit what your vpn clients can access if you want/desire to do so.

                The automatic acls should prob be updated to auto allow tunnel networks to be honest.. But anyone that understands how the acls work, would know that they need to adjust them, etc.

                Glad you got it sorted..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.