Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NETGATE 2100 OPENVPN DNS QUESTION

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    3
    34
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      turbogn87
      last edited by

      Hey guys I'm sure this is a stupid question. I'm self-taught here so don't beat me up too much. I setup an open vpn to connect to my small business from my laptop and so forth. All that works I can connect and ping what devices I need to. The issue I'm having is I can ping by ip address but not by name. I had maybe once or twice it actually pinged by name. I'm assuming I'm having a DNS issue. The openvpn tunnel address are 10.0.30.0/24 my inside office lan is 192.168.1.0/24 my netgate is 192.168.1.1. Ive read for hours and tried all kinds of things others with the same issue with no difference. Can anyone offer any suggestions or help?? Thanks in advance

      V GertjanG 2 Replies Last reply Reply Quote 0
      • V
        viragomann @turbogn87
        last edited by

        @turbogn87
        Basically the client might reside in another domain and so you would have to attach the domain to the hostname (FQDN).

        But you can try to provide a DNS domain to the client by checking "DNS Default Domain" and entering the domain in the OpenVPN server settings.
        Also you have to provide the local DNS server to the clients, of course, and allow the access to it.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @turbogn87
          last edited by Gertjan

          @turbogn87

          This is my VPN tunnel network :

          0f038389-3dc1-42fa-b3a9-78567424bae5-image.png

          My DNS VPN settings :

          984c8731-1088-49ec-b778-7cac565dfecd-image.png

          I accept all traffic coming from my remote OpenVPN client :

          70665abc-93a9-461c-8c19-ec746c04098a-image.png

          The resolver listens to all interfaces- and this includes the OpenVPN interface :

          fadf9676-97ef-4cdf-bb37-29d883790539-image.png

          Let's check :

          [24.11-RELEASE][root@pfSense.bhf.tld]/root: sockstat | grep 'unbound'
unbound  unbound    69172 3   udp6   *:53                  *:*
unbound  unbound    69172 4   tcp6   *:53                  *:*
unbound  unbound    69172 5   udp4   *:53                  *:*
unbound  unbound    69172 6   tcp4   *:53                  *:*
.......

          So, its listing on all interfaces using TCP and UDP, on port 53.

          I connect my OpenVPN client, I checked the OpenVPN client log, where I can see :

          ...
          [Dec 03, 2024, 09:34:11] NIP: adding DNS 192.168.3.1
          ...
          so the connection uses 192.168.3.1 as its DNS.

          I use an app on my OpenVPN client device (a phone) to 'test' the DNS access :
          I told the app the use "192.168.3.1" as the DNS (normally, it would use 192.168.3.1 anyway) :

          053e79a1-d267-4387-a30d-2f47586384da-image.png

          and I got an answer.
          Was it from pfSense, the resolver ? Let's check :

          As I use pfBLockerng, I have access to the logged DNS requests the resolver receives :
          Here is my OpenVPN client device, 192.168.3.2 asking for the www.google.com :
          ee59b4c8-c4f8-42dc-a532-43bbbdaada6d-image.png

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • First post
            Last post