Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolves before OpenVPN tunnel is up, but how?

    Scheduled Pinned Locked Moved
    DHCP and DNS
    1
    1
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zonian18
      last edited by

      Hello all, and thank you for anyone who replies. Forgive me for rambling or not making sense.

      I have a new pfsense box setup for my VPN connection to Private Internet Access (wanted AirVPN for better encryption but they don't accept prepaid vanilla visa), and i have this configured after reviewing several guides, so that ALL of my traffic will ONLY go out the PIA VPN connection.

      If the VPN connection goes down, then I lose internet (even though my ISP connection is still up).

      I have DNS configured under System>General Setup> to use two PIA DNS servers, and I have the gateway pointed to use the PIA VPN interface.

      I should mention my PIA VPN interface is set to be my default gateway as well as my LAN FW rules configured to point ALL LAN traffic out the PIA VPN Gateway

      My OpenVPN Client configuration is using the PIA hostname (not IP address) so that it pulls from a pool of available IP addresses. This means that DNS needs to work for it to bring the tunnel up.

      If my VPN connection drops, or if PIA changes the IP on their side, I usually have to reboot my pfsense box to get it back online. I end up with some error messages in the logs (like below):

      openvpn[75731]: RESOLVE: Cannot resolve host address: us-florida.privateinternetaccess.com: hostname nor servname provided, or not known

      php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use PIAVPN_VPNV4.

      I'm still looking for a fix so that if PIA changes/updates the VPN IP on their side, that I don't have to reboot my pfsense box everytime to fix it.

      My original question here is, how does the VPN tunnel ever come up to begin with? I mean how does it resolve the configured hostname BEFORE the VPN tunnel comes up, so that it can bring the tunnel up? If it can do it then, why can't it do it when the IP updates?

      TLDR:

      If my VPN tunnel drops, it cannot fix itself automagically because it cannot resolve DNS because all traffic is routed out VPN tunnel (which is down). Rebooting pfsense fixes this.

      So….if all of my traffic only ever goes out the PIA VPN tunnel, then how does the tunnel even come up after a reboot ?

      PS: I can provide screenshots of any part of my pfsense box configuration tomorrow (no time to right now)

      Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post