Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Rules and DNS

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wchestnut
      last edited by

      I'm relatively new to pfSense, so please bare with me if this sounds like a trivial question.

      To control access, I'm using OpenVPN Client-Specific Overrides to assign static IP addresses to each user.  Then I'm creating OpenVPN Rules to provide access only to internal network resources that the user needs (RDP, etc.) and blocking everything else (Default set to Deny at bottom of Rules list).

      I have one user that I want to only allow them to RDP into their computer using the registered Computer Name in DNS, but I can't get DNS to work and NSLOOKUP on the name fails.  The Windows DNS Servers are showing up on the client's IPCONFIG.

      The attachment is a screenshot of what I created so far.  The first user assigned to .102 has unlimited access (the boss).  The second user with .106 is the one I'm trying to limit to RDP but allow DNS.  I tried adding another OpenVPN Rule to allow DNS but that doesn't seem to work, either.

      If I change the last line to Pass, DNS works.  What am I missing?
      Capture.JPG
      Capture.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Quote from http://en.wikipedia.org/wiki/Domain_Name_System

        DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve requests.[3] DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. The Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks such as zone transfers. Some resolver implementations use TCP for all queries.

        This doc of some pfSense example rules also talks about DNS on port 53 UDP and TCP - http://doc.pfsense.org/index.php/Example_basic_configuration
        Allow both UDP and TCP to port 53.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • W
          wchestnut
          last edited by

          <smacks head="">  Thank you!  Worked perfectly.</smacks>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.