OpenVPN Rules and DNS



  • I'm relatively new to pfSense, so please bare with me if this sounds like a trivial question.

    To control access, I'm using OpenVPN Client-Specific Overrides to assign static IP addresses to each user.  Then I'm creating OpenVPN Rules to provide access only to internal network resources that the user needs (RDP, etc.) and blocking everything else (Default set to Deny at bottom of Rules list).

    I have one user that I want to only allow them to RDP into their computer using the registered Computer Name in DNS, but I can't get DNS to work and NSLOOKUP on the name fails.  The Windows DNS Servers are showing up on the client's IPCONFIG.

    The attachment is a screenshot of what I created so far.  The first user assigned to .102 has unlimited access (the boss).  The second user with .106 is the one I'm trying to limit to RDP but allow DNS.  I tried adding another OpenVPN Rule to allow DNS but that doesn't seem to work, either.

    If I change the last line to Pass, DNS works.  What am I missing?



  • Quote from http://en.wikipedia.org/wiki/Domain_Name_System

    DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve requests.[3] DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. The Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks such as zone transfers. Some resolver implementations use TCP for all queries.

    This doc of some pfSense example rules also talks about DNS on port 53 UDP and TCP - http://doc.pfsense.org/index.php/Example_basic_configuration
    Allow both UDP and TCP to port 53.



  • <smacks head="">  Thank you!  Worked perfectly.</smacks>


Locked