OPNsense Forum

English Forums => Virtual private networks => Topic started by: nicedevil on October 02, 2021, 08:49:58 pm

Title: IPsec VPN to Offsite with DNS forwarding
Post by: nicedevil on October 02, 2021, 08:49:58 pm

Heya all,

I'm realy new to OPNsense and I'm a bit lost here. I came from my good old Sophos UTM Home Edition and started to get all setup like it was (or close) on my UTM.

I have successfull setup a VPN tunnel over IPsec to my Offsite where a DNS server is located that can resolve all "offsite.org" domain entries for me. That is working if I do tell my windows client to forcefully use the DNS server of the offsite to resolve all but not with Domain Overrides on Unbound DNS.

So this is the VPN part of the forum, why I post it here?

Let me explain: I can ping from my client any server/client on my offsite and do this DNS stuff. I can not do all this stuff directly on the OPNsense itself. So what I found was this here (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html)) for the pfSense but nothing about how to do it on OPNsense. I already tryed to setup my OPNsense like it is described on the pfSense page, without success.

In my opinion if this routing problem is fixed everything will work afterwards (DNS, PING etc. directly from the OPNsense).

EDIT: Ok what I found as well is that a default deny rule is blocking my ICMP (ping) or DNS requests to the offsite DNS servers? I already setup a "allow" rule for ICMP or Port 53, so why this is still blocked?