Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN Client, CARP, and DNS settings

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 168 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tiwing
      last edited by

      Hi, I have PFsense 2.4.4.p3 running in a CARP setup that so far is working fine. Exact setup details below... My question is about using DNS Resolver versus the DNS setup on the "general Setup" page. What is best practice for setting this up? I've read a lot of the guides but I haven't found anything yet that covers this exact combination.

      My issue is that I "think" the router itself isn't connecting to the internet because it's not updating, and thinks that 2.4.4 p3 is the most recent version. I also can't see packages to install and I want to use pfblocker. I've read somewhere that if the router itself cannot connect to the internet it will not be able to update. Hence looking at DNS...... and starting to question if my setup is correct. Are there any guides folks know of that can help here, or previous threads that didn't come up in a basic search?

      My setup is uncommon as it uses a single incoming WAN from a home ISP into a consumer grade router which sets the CARP WAN IP as the DMZ IP address, and hands fixed IP addresses to the primary and secondary firewall. So in a way it's double NATted, but since it's set as DMZ I've never had an access issue for incoming connections.

      Primary router is a stand-alone (old) box with a quad port intel gigabit card, and the secondary is a VM contained with an identical network card passed through to the VM. CARP works perfectly and has for almost a year.

      I have two VPN clients from different providers set up in a gateway group that also "fails over" and "falls back" based on tiering in a gateway group. If both VPNs are down (in a test scenario), clients lose connectivity to the outside world (which is what I want!), although some clients are set to bypass the VPN gateway group by using an alias and specific firewall rules.

      I have LAN and GUEST networks set up and connected to different physical ports on the intel NIC. I'm using a MIST Access Point with two physical connections - main goes to the LAN switch, Guest and IOT ssids go to the GUEST switch. I'm using limiters for LAN and GUEST interfaces.

      What else do you need to know?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.