Pfsense 2.3.5 not allowing private DNS address on openvpn tunnel

Mr. Waste

Re: Pfsense 2.3.3 now allowing private DNS address

I am wanting to point my Pfsense Resolver to the OpenVpn Tunnel - (10.2.0.1) but it says I can't. I have no other ways of getting the dns traffic to the other Pfsense Server with the openvpn tunnel because I am not allowing to go on port 53 to the external ip address of the server.

I can only point to the tunnel IP then the Other Pfsense Resolver can pick it up. After that it forwards it to my pi hole server on the same subnet and then out to the internet.

Its a site to site vpn but I don't get access to the remote network part of the subnets, it's just a normal openvpn server.

I need to beable to point my dns traffic to the tunnel then I can grab and tranfer it..

NO dhcp relay or anything like. I am not doing a site to site VPN. Just the tunnel I need to work.

Edit: I mean Pfsense 2.4.5, sorry

Mr. Waste

If they is no way to add a private dns to a OpenVpn Tunnel I am screwed. Proof:

Mr. Waste

If your looking at this, any advice?

viragomann

@Mr-Waste said in Pfsense 2.3.5 not allowing private DNS address on openvpn tunnel:

I am wanting to point my Pfsense Resolver to the OpenVpn Tunnel - (10.2.0.1)

How do you do that?

@Mr-Waste said in Pfsense 2.3.5 not allowing private DNS address on openvpn tunnel:

but it says I can't.

What exactly?

Mr. Waste

@viragomann

I mean Pfsense 2.4.5, sorry

Go to System: General Setup: DNS Server Settings: DNS Servers:
Try pointing to the ip address of the vpn it doesn't allow it on the gateway because its the tunnel.. It says

Mr. Waste

It won't allow me to change the "POST"

Pfsense 2.4.5 not allowing private DNS address on openvpn tunnel

Post content was flagged as spam by Akismet.com

What is Akismet.com ?

akuma1x

@Mr-Waste said in Pfsense 2.3.5 not allowing private DNS address on openvpn tunnel:

What is Akismet.com ?

Akismet stops spam.

"Used by millions of websites, Akismet filters out hundreds of millions of spam comments from the Web every day. Add Akismet to your site or forum so you don't have to worry about spam again."

Jeff

viragomann

@Mr-Waste
What you intend to do, requires that you assign interfaces to the OpenVPN instances on both sites, server and client.

Then you should be able to set a private IP for DNS server and select the VPN gateway to be used for that connection.

On the other site go into the Resolver settings and add the VPN interface to the Network Interfaces, so that the Resolver is listening on it.

roncbk

@viragomann I have a similar issue, but my site-to-site VPN is IPSec. How do I assign an interface to that type of VPN?

viragomann

@roncbk
I'm not familiar with IPSec on pfSense. As far as I know this should be realizable with "Routed IPSec" on pfSense 2.4.4 and newer.
Possibly open a new topic for asking that.