My VPN DNS is used on all my subnets

Djinn1

Hi,

I have 3 subnets, LAN, LAN2 and LAN3. I have a Openvpn setup and routed traffic on LAN and LAN2 to use my VPN and LAN3 is using ISP. So far it works great. My problem here is LAN3 is using the VPN DNS, I want it to use the ISP DNS.

In general setting have my VPN providers DNS.

I tried to add one more DNS like 1.1.1.1 and LAN3 still uses the VPN DNS.

How can I fix this?

Thanks in regard.

Gertjan

@djinn1 said in My VPN DNS is used on all my subnets:

I want it to use the ISP DNS.

That is : you want the devices on LAN3 to use the ISP DNS.
Easy : the pfSense admin decides what DNS IP are handed over to the clients on a LAN.
This is done with the help DHCP server, and the DHCP client, who asks for an IP, a gateway, one ore more DNS servers, etc.
So : goto the LAN3 DHCP server settings page, and under 'DNS' set up the DNS you want.

Btw : 1.1.1.1 isn't your ISP DNS ;)

Djinn1

@gertjan said in My VPN DNS is used on all my subnets:

oto the LAN3 DHCP

Thanks I will try that.

I know 1.1.1.1 is not ISP DNS :), usually my ISP DNS is automatically selected when VPN is not active. Is it possible to let it choose my ISP DNS as default because I don't know what it is?

Djinn1

@gertjan said in My VPN DNS is used on all my subnets:

under 'DNS' set up the DNS you want.

I added the DNS, still on LAN3 I get my VPN DNS. Screenshot 2021-11-03 130922.png

Gertjan

@djinn1 said in My VPN DNS is used on all my subnets:

Is it possible to let it choose my ISP DNS as default because I don't know what it is?

If you have a "ISP router" in front of your pfSense : visit it's GUI and you will probably find it.
Or : Google them up ( see their FAQ),
Or : they are in the mail that came when you subscribed,
Or : call them ?

@djinn1 said in My VPN DNS is used on all my subnets:

I added the DNS, still on LAN3 I get my VPN DNS.

The DHCP server won't push this info to the DHCP clients.
Clients take the initiative to renew their DHCP leases.
There are many ways to force a DHCP transaction (make the client renew its IP info): rip out the LAN cable of the device for a moment, de activate the NIC in the device for a moment, or use the ancient commands like

ipconfig /relase
ipconfig /renew
ipconfig /all

(these are Windows commands - Linux and other OS users already know what to do)

or just wait for 12 hours (see for yourself how long the DHCP lease last = gets renewed).

The last command shows the DNSs I obtained from the DHCP server :

When I add something like :

on the DHCP server page of my LAN2 interface, and I renew my DHCP on a client on LAN2, I do get :

You see the 1.2.3.4 ?

( which breaks my IP4v DNS, as 1.2.3.4 is just an IP I invented, and probably not a DNS server)

Btw : there are other aspect to be taken in account : example : traffic from your LAN3 shouldn't be policy routed over the VPN-WAN.

Djinn1

@gertjan

I will try the ancient one its easy and I am familiar with it.

All LAN3 traffic goes behind VPN. That part works great.

Djinn1

@gertjan Everything works now. Thanks for all the help.