• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS through OpenVPN

Scheduled Pinned Locked Moved OpenVPN
4 Posts 2 Posters 4.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chrisburger
    last edited by Aug 18, 2015, 1:05 PM

    I Have setup an site to site OpenVPN tunnel using PFsense between 3 sites.

    Site 1
    OpenVPN Server
    IP: 192.168.100.1
    Tunnel: 10.0.10.0/24 and 10.0.11.0/24 for server connection for each client applicance.
    OpenVPN on firewall rules are open to any
    Wan firewall rule is open to openVPN 1194 and 1195

    Site 2
    VPN Client
    IP: 192.168.110.1
    Remote network: 192.168.100.0/24
    OpenVPN on firewall rules are open to any

    Site3
    OpenVPN Client
    IP: 192.168.120.1
    Remote network: 192.168.100.0/24
    OpenVPN on firewall rules are open to any

    Each appliance on the client side acts as a DHCP and DNS server as default settings permit.
    I have the VPNs up and running and ping the PCs IP I need to connect to on the VPN server’s local subnet from PCs on both client networks. I Cannot resolve the hostname of the PC on the server network though. I actually only need to be able to connect to one specific PC since the accounting software package installed on it needs DNS resolution to activate over the network.

    I have been through countless forums but to no avail. I can’t get my head around the forwarding. I have tried the DNS forwarding method in this article http://meandmymac.net/2014/08/pfsense-ipsec-site-to-site-with-dns-resolving/ but still get no resolution.
    Can anybody help me step by step to possibly resolve “no pun intended” this issue?
    Also tried disabling the Windows firewall on the target PC.

    Thanks in advance

    1 Reply Last reply Reply Quote 0
    • D
      divsys
      last edited by Aug 18, 2015, 7:12 PM

      What I have done in the past is to create a domain for each site within pfSense and reference them in the DNS forwarders of each box using DHCP.

      (1) "System->General Setup->Domain", create "site1" in 192.168.100.1 "site2" in 192.168.110.1, etc.
      (2) "Services->DNS Forwarder" Enable "DHCP Registration" and "Static DHCP".
      (3) "Services->DNS Forwarder" Make an entry under "Domain Overrides" for each domain created in (1).
            For 192.168.100.1 ("site1") to access 192.168.110.1 (site2):
            Domain:site2
            IP address:192.168.110.1
            Source IP:192.168.100.1
            For 192.168.100.1 ("site1") to access 192.168.120.1 (site3):
            Domain:site3
            IP address:192.168.120.1
            Source IP:192.168.100.1
      (4) Repeat the steps in (3) on the other two boxes referring the appropriate domains to the IP of the pfSense box "hosting" the domain.

      Now any entry managed by DHCP in one box can be referenced in another

      "bobpc" -> 192.168.100.5
      "jeffpc" -> 192.168.110.7
      "georgepc" -> 192.168.120.8

      You can reference "jeffpc.site2",  "georgepc.site3", "bobpc.site1" from any other site (or locally).

      It's not a perfect solution, but I find it works well in many situations.

      -jfp

      1 Reply Last reply Reply Quote 0
      • C
        chrisburger
        last edited by Aug 19, 2015, 7:38 AM

        Thanks for the quick reply. I will give it a go today. I did notice though from a previous tinkering session that DNS forwarding is not enabled by default but DNS Resolving is. When I tried to enable DNS Forwarding it complains that the port is already in use and I should either use a different port or Disable Resolver. Should I go ahead and disable DNS Resolution on all appliances or only on the client appliances to make your solution work? If so, having two OpenVPN client appliances, how do I setup the OpenVPN server appliance to forward to both clients? Or am I going around this the wrong way?

        Regards

        1 Reply Last reply Reply Quote 0
        • D
          divsys
          last edited by Aug 20, 2015, 7:32 AM Aug 19, 2015, 2:12 PM

          pfSense 2.2.x added the DNS resolver (Unbound) as an alternate DNS service to the original DNS forwarder.
          The resolver is definitely a more full featured DNS provider for pfSense and is now the default for new installs.

          Most of my systems are upgrades from older versions of pfSense so they typically use DNS forwarder, which is "simpler" but still adequate for my needs.
          You setup one or the other to work with your systems.

          As far as the solution I suggested, you can follow the same steps, just do the "Services->DNS Forwarder" pieces in "Services->DNS Resolver" instead.
          I would suggest you keep the Resolver as is and simply add the changes I suggested.

          You could mix and match the Forwarder vs Resolver across different sites, but there's little advantage and much confusion to be had going that route.

          As I said earlier, pick one or the other and configure as necessary.

          -jfp

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received