Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bind not answering to openvpn peer

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      macktic
      last edited by

      I seem to have a strange problem for which I can't seem to find an answer with google.

      I've got two networks with pfsense box between the modem and the network
      I've got bind running on both for some internal domains and lookup / cache the rest
      I've got the two networks connected via openvpn between the pfsense boxes

      local domain lookups within either network work
      local domain lookups from any computer within either network to the bind service running on the remote pfsense box works
      local domain lookups from either pfsensebox to the other box just time out.

      1 Reply Last reply Reply Quote 0
      • T
        thermo
        last edited by

        You need to check the logs or trace/tcpdump where it is being dropped. Could be firewall blocking or bind not configured to allow query from certain ip. Difficult to say with the information given.
        Can you ping from pfsense to pfsense over openvpn? I remember something changing a while back where my lan had access to the remote network over openvpn, but no connectivity from the pfsense box to the remote gateway! Turned out I needed to revert from Hybrid Nat to manual and then it just worked.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          It'll source that traffic from the IP nearest the destination, the OpenVPN tunnel IP. Need to allow BIND to answer that.

          1 Reply Last reply Reply Quote 0
          • M
            macktic
            last edited by

            tcp dump was showing dns requests from the firewall where using the openvpn ip and across the networks their respective network address.

            Even though I had allowed bind to answer to the openvpn ip it still didn't work.
            There doesn't seem to be an option to let bind specifically listen on the openvpn interface, but even adding this by hand didn't work.

            I have now solved it by putting NAT on hybrid and forcing the lan ip to be used when requesting port 53 over the vpn.
            This works, but is not really elegant….

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.