Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS names not resolving when connected via VPN

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 672 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JLundberg
      last edited by

      I'm setting this up on my companies network. Its replacing a SonicWall firewall. The network currently is running an older Windows 2003 domain and DNS server (oh yes I know. I'm working on the 2016 replacement as I finely got our finance software working on it but that's a later date. What a pain. Ok so I was able to get the netgate installed and have OpenVPN working I found that my local DNS names are not being resolved when connected via VPN. Local computers still work but not over VPN. I can type in the local address and get to it but I can't start several programs because the servers can't be located. I tried several things I found using DNS resolver but I must not be doing it correctly.

      Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        When you connect to the VPN server, did your device (PC) receive a DNS IP ?
        Use

        ipconfig  /all
        

        You should also us "nslookup".

        On your VPN server firewall tab, what are the fire wall rules ?
        => Can UDP/TCP traffic enter ?

        Is the pfSense Resolver set up to listen on this interface ?
        This setting :
        63ab203c-65e9-4412-97ec-7847791e84ab-image.png
        handles this question just fine.

        Resolver settings : you're not using CL settings ?
        These :
        434cda3b-c583-419e-80f5-f79c0ef6da05-image.png

        Also : does the pfSense Resolver actually contain the local host names ?
        Execute

        cat /etc/hosts
        

        to find out.

        When all this works as aspected, then - and only then - throw in the " Windows 2003 domain and DNS server" part.
        If this "Windows 2003 domain and DNS server" is also running DHCP ( and pfSense doesn't) then it's normal the Resolver isn't aware of the local host names . The DNS IP given to the OpenVPN clients should be the IP of your "Windows 2003 domain and DNS server" - and this "Windows 2003 domain and DNS server" should be set up to accept connecting coming from the OpenVPN network (which is not the case - I guess, by default)

        This is just a small list of the things to be tested.
        Many other possibilities exists, but you did not give any details - so impossible to detail more (there is just to much)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          @JLundberg said in DNS names not resolving when connected via VPN:

          Ok so I was able to get the netgate installed and have OpenVPN working I found that my local DNS names are not being resolved when connected via VPN.

          What DNS Server did you configure in your OVPN server settings? Which one is handed out to the client? Also do you have the Flush DNS option set in your server configuration? For Win10 clients the option to block outside DNS is also extremely useful to stop clients making DNS calls to their local home routers but instead use the DNS server you push via OVPN

          Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          J 1 Reply Last reply Reply Quote 0
          • J
            JLundberg
            last edited by

            Thank's everyone for the input. I will review what I have set and get back to you. I currently have it removed and back at the house so I'm limited as to what I can do. Our office is closing this Friday for an extended weekend. I plan on being there first thing setting this back up. No holiday for me but at least I can bring down the network as needed.

            I hope some of you will be browsing this page and able to lend a hand if needed. I'm in Louisiana and will probably be there around 8:00am US Central Time.

            I know this is all volunteer and any help is appreciated. I have learned so much already.

            Take care everyone. I will get the information soon.

            1 Reply Last reply Reply Quote 0
            • J
              JLundberg @JeGr
              last edited by

              @JeGr
              Im my OVPN Client Setting I set DNS Server 1 on my ODNS Server 208.67.222.222 Is this incorrect? When the netgate is NOT installed and I do a nslookup I get 1.1.1.1 for my Default Server. I'll have to check to see if I have Flush DNS set.

              I only have three remote Windows 10 computers that connect to the network. Currently, we are using SonicWall that is EOL and starting to have issues. I wanted to set up a new firewall before a total death happens. We use the Dell SonicWall Global VPN Client currently.

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @JLundberg
                last edited by

                @JLundberg said in DNS names not resolving when connected via VPN:

                .... I set DNS Server 208.67.222.222 ....... I get 1.1.1.1 for my Default Server.

                All those DNS servers don't know nothing about your local network devices.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • J
                  JLundberg @Gertjan
                  last edited by

                  @Gertjan
                  Some of the questions I have to wait until I get the netgate connected back up.

                  Under the firewall rules I have the protocol set to TCP. Should I use UDP/TCP for all my NAT Settings?
                  Yes the Network Interfaces is set to All
                  I'm not using CL Settings
                  for the local host names:
                  d3941a5d-38e2-4017-9f4a-1400657e2755-image.png

                  It may be as @Gertjan pointed out. I don't have my local DNS set in the OVPN settings. I will try setting that tomorrow morning and see what I get. Also I'll be better set to get more info when it's connected to the network.

                  I'll look up more info on getting my settings set correctly in the OVPN DNS section.

                  1 Reply Last reply Reply Quote 0
                  • J
                    JLundberg
                    last edited by

                    When making a change to the OVPN Advanced Client Settings by changing the DNS settings and I correct in assuming that I will need to recreate the user certificates for our users?

                    1 Reply Last reply Reply Quote 0
                    • JeGrJ
                      JeGr LAYER 8 Moderator
                      last edited by

                      @JLundberg said in DNS names not resolving when connected via VPN:

                      Under the firewall rules I have the protocol set to TCP. Should I use UDP/TCP for all my NAT Settings?

                      TCP set for what? You didn't show us the ruleset :)

                      @JLundberg said in DNS names not resolving when connected via VPN:

                      It may be as @Gertjan pointed out. I don't have my local DNS set in the OVPN settings. I will try setting that tomorrow morning and see what I get. Also I'll be better set to get more info when it's connected to the network.

                      If you use any public DNS as your DNS setting in OVPN server settings you won't get any answers for internal IPs or internally used domains. Obviously ;)
                      So if you want them it depends: do you use pfSense for your internal DNS or do normal clients get DHCP/DNS via your Windows DC? If you want your OVPN clients to get the same, you have to hand them your pfSense or Windows DC/DNS IP as their DNS server, otherwise no one knows about your internal domains and can't resolve it :)

                      \jens

                      Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.