[SOLVED] Local DNS over OpenVPN

manjotsc · Feb 11, 2021, 2:46 AM

I am trying to get local dns resolve working on openvpn, but no luck. My Pfsense ip is 192.168.40.1

OpenVPN Config

viragomann · Feb 11, 2021, 2:11 PM

@manjotsc
Is DNS access to 192.168.40.1 allowed on the OpenVPN interface?

Did you include the domain in the hostname when you try to access it?

johnpoz · Feb 11, 2021, 2:28 PM

Common mistake when trying to do this is the unbound ACLs

By default unbound ACLs allow for any locally attached network to query it. But this does not include your vpn tunnel network.. So if you want vpn clients to be able to query your unbound running on pfsense you would have to create/adjust your unbound ACLs to allow the vpn tunnel network.

manjotsc · Feb 11, 2021, 6:53 PM

@johnpoz @viragomann This is what I have as settings

johnpoz · Feb 11, 2021, 7:01 PM

Well do a query direct from the client.. Do you timeout, do you get back a refused..

Sniff on pfsense vpn interface, do you see the query come down the vpn..

I always turn off the automatic acls - not sure if when that is active, if manual acls are used..

manjotsc · Feb 11, 2021, 10:03 PM

@johnpoz OpenVPN logs are flooded with these

Feb 11 14:08:23	openvpn	16284	admin/204.48.94.175:33001 UDPv4 READ [124] from [AF_INET]204.48.94.175:33001: P_DATA_V2 kid=0 DATA len=123
Feb 11 14:08:22	openvpn	16284	admin/204.48.94.175:33001 Authenticate/Decrypt packet error: cipher final failed

manjotsc · Feb 11, 2021, 10:34 PM

@johnpoz Update : The Issue is fixed now by re exporting the client profile and dns is also seems to be working.