Local DNS over VPN
-
@guile
You should use pfSense if you forward any requests to the AD DNS. For pfSense you can be sure that it's permitted to access it.Just read this:
Using the "nslookup" command shows the OpenDNS IP (208.67.222.222) that's why is not resolving the local addresses.
So the client is ignoring the pushed DNS server from the OpenVPN?
Or do you push the OpenDNS?Check the OpenVPN logs to see if the DNS server is set or the IP settings of the client.
-
@viragomann Yea, I forward to AD DNS. The ACL I configured the VPN network, not the AD DNS. ill try this later.
I push the pfSense DNS to clients... i also tried the AD DNS. Both didn't work. Yea, looks like the VPN clients is ignoring the local DNS, and just forward to OpenDNS.
If everything working fine when im on local network, probably is something related to VPN config. only.
-
@guile
Other idea. Do you have "redirect gateway" checked to direct the whole clients upstream traffic over the VPN?If so, you can easily intercept it. Just redirect the DNS traffic from the VPN client to localhost (Resolver).
-
@viragomann The "Redirect IPv4 Gateway" is unchecked. If i check this the clients will use Internet through VPN, right?
-
@guile
Correct. -
@viragomann i dont want VPN clients using internet through VPN, but ill try it. ill try this and the ACL idea.
Thanks for now!
-
@viragomann said in Local DNS over VPN:
If so, you can easily intercept it. Just redirect the DNS traffic from the VPN client to localhost (Resolver).
To redirect DNS is a NAT rule, right?
-
@guile
Yes, port forwarding.
destination: any
dest. port: 53
redirect target: localhost 53Ensure that localhost is enabled in the Resolvers "Network Interfaces".
-
This post is deleted! -
@viragomann I tested and the "Redirect IPv4 Gateway" and "NAT rule" made it work.
BUT... I don't want all VPN clients using internet through VPN. Is there a way to make this work, without the "Redirect IPv4 Gateway" option checked?
-
@guile
If it's a Windows client you can try to check "Block Outside DNS" in the OpenVPN server settings. -
@viragomann the redirect gateway is the best option for me, bc some clients is using mac/linux.. thanks for your help!
-
@guile
If you know the DNS server the clients are using like OpenDNS you can also only route this over the VPN by adding its IP(s) to the "local networks" and then redirect it to pfSense. I.e. if you control the clients. -
@viragomann the problem is I have no idea which DNS each client is using. Some use ISP DNS, others Google, others OpenDNS, others quad 9.. and so on. And some clients are from others countries..
In this case, i think the best option is let the clients use internet through VPN.
Thanks for your help. I really appreciate it!