Posted this on reddit then realized that's probably not as good as here...
First time using OPNsense and I love the UI- it looks great
From:
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
step 9:
Navigate to Services -> Unbound DNS -> General.
[...]
DNS Query Forwarding: check;
[...]
I couldnt find this in General, but found it in it's own section under
Services -> Unbound DNS -> Query Forwarding.
when checked, it shows the DNS server IPs that I put in System -> Settings -> General as the nameservers that will be used, but they dont seem to work - I have a connection but cant resolve any names...
on a client on the LAN side, pinging 8.8.8.8 goes through the VPN as expected (confirmed via traceroute output) but ping google.com times out.
The only nameserver specified on the client (/etc/resolv.conf) is the LAN IP of OPNsense. (maybe I should try setting it to the DNS Nord had in their walkthrough?)
Also, I believe through setting the DNS servers up this way, it will NOT fail over to my WAN's DNS server, is that correct?
Thanks for reading!
I had a similar issue when I created 2 VPN vLANs on my network, first I saw that I was unable to ping the GW when the VPN session was up, thus when I attempting nslookup against the GW it would fail. From some threads here on the forum, I finally used the following solution. Created a floating rule using alias's to allow access to the GW on the vLAN. I've attached screenshots that will hopefully help. Another option would be to use a different DSN server(s) which I did initially as part of troubleshooting to figure out the problem.
Thanks for the suggestions!
I decided to re-do the walkthrough... it is kinda long, and I found where I screwed up.
Step 13, I had the rules in backwards, with the lan <--> lan above the lan <--> nord rule