Integrate Local DNS Server for Local and remote Open VPN clients

Bambos

Hello everyone,

I have implemented a local DNS server using dnsmasq on Debian VM. This dns server is forwarding to local IP's succesfully.

What is the proper method of integrate this into pfSense configuration for local users ? Do i have to set it in General Settings, or in DHCP Server settings, or something else ?

Last, we have a VPN Server configured using Open VPN, and we need to have dns queries over VPN also. How this configuration can be implemented ?

Thanks for any guidance and comments !

Gertjan

@bambos said in Integrate Local DNS Server for Local and remote Open VPN clients:

I have implemented a local DNS server using dnsmasq on Debian VM. This dns server is forwarding to local IP's succesfully.
What is the proper method of integrate this into pfSense configuration for local users ?

DNS is not related to the concept of "users". More like "IP addresses" and networks.

@bambos said in Integrate Local DNS Server for Local and remote Open VPN clients:

or something else ?

Do know what you are doing, and why.
Why is the default resolver DNS set up not good for you ?

@bambos said in Integrate Local DNS Server for Local and remote Open VPN clients:

we have a VPN Server configured using Open VPN, and we need to have dns queries over VPN also. How this configuration can be implemented ?

Bt adding the OpenVPN server interface into this list :

so dnsmasq listens also on that interface for DNS requests.

Bambos

@gertjan Hello Sir,

with "users" meant the local network 192.168.6.0/24 and also the Open VPN Remote Access network 172.16.6.0/24.

The dnsmasq server is setup locally, on 192.168.6.2
to make this work, i have enabled the dns forwarder on pfsense, with domain override:

so for whatever host on the local domain, the dns server on 192.168.6.2 is able to return the IP succesfully.
In case DNS forwarder is enabled, DNS resolver can not be enabled at the same time.

This is just to explain that most probably, i know what i'm doing.

I have checked the screenshot of you, but something is not right, the interface OpenVPN (for remote users) that exists under firewall, does not exists on the DNS interfaces menu.

So coming back to my question, how to configure the OpenVPN remote users network, to have also DNS functionality from the local DNS server ?

Gertjan

@bambos said in Integrate Local DNS Server for Local and remote Open VPN clients:

I have checked the screenshot of you, but something is not right, the interface OpenVPN (for remote users) that exists under firewall, does not exists on the DNS interfaces menu

Go to Interfaces > Interface Assignments, after the "Available network ports: ", then pull down the interface list, select what is probably named "ovpns1" (from OpenVPN Server 1).
and then Add a new interface (green button).

Then rename it to something more useful : I've chosen OPENVPN (that wasn't the smartest choice) :

Now you have a new interface.
Populate it with firewall rules as empty == block all.
This newly created interface can be used by unbound, the forwarder, etc.

Bambos

@gertjan Thank you my friend.

with openvpn remote access tunnels, I'm using the default "OpenVPN" ta for firewall rules, so i don't have to assign interfaces for each remote access tunnel.
I have to assign interfaces for site to site only.

I get the DNS working for remote clients by pushing a DNS server the IP of pfsense. Assuming that the firewall can perform the forwarding succesfully, remote users have a routing to LAN, but not DNS or internet gateway. (We have used VPN only for remote access to servers).

So under advanced client settings in Open VPN Server configuration, i just push a DNS server, the pfsense address, like below:

Simple thing but i didn't knew that , because i never needed that until today.