OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: genfoch01 on May 06, 2021, 02:56:00 am

Title: vpn works but no dns
Post by: genfoch01 on May 06, 2021, 02:56:00 am

I am using OPNsense 20.7.8-amd64

I am trying to get vpn to work and found the following
https://homenetworkguy.com/how-to/configure-openvpn-opnsense/

i am trying to set up vpn for my iphone and ipad. 

when i connect to the vpn, i can see i'm on the 10.10.0.x network which is the ipv4 tunnel network ( as described in the doc above )

I can get to my internal ip addresses  ( 192.168.x.x ) but I can't get to anything internal ( i have unbound dns running on opnsense )  via dns. 
I can see in the vpn log on the iphone it says dns server 192.168.10.1 was added its just not working. I CAN get to the IP address (and thus to the opnssense gui ) just not via the dns name.

i'm not sure what logs/config info would be helpful, but i'm happy to provide anything that would be helpful. Not sure what  i did wrong.

thanks for your time,
John 

Title: Re: vpn works but no dns
Post by: genfoch01 on May 14, 2021, 03:37:23 pm

so my issue seems to be with the vpn client not being able to connect to the dns server on opnsense. 
i changed the dns in the vpn config to use 8.8.8.8 and i could resolve and connect to everything but my internal servers (which use opnsense unbound overrides )

then i set up an internal dns server which in turn forwards requests to opnsense and pointed my vpn clients to the new machine and everything seems to be working now.

so i'm guessing there is a FW rule missing ?  I tried adding rules to opensense lan interface to allow all traffic from the vpn interface but that didnt seem to help.

I have never used vpn before so i'm not quite sure how to attack this issue. Ideally i'd like to use the opnsense dns server directly instead of needing an intermediate box forwarding vpn requests to opnsense.

if there is any doc you could point me to i'd really appreciate it 

Title: Re: vpn works but no dns
Post by: Inxsible on May 14, 2021, 05:49:14 pm

Quote from: genfoch01 on May 06, 2021, 02:56:00 am

I CAN get to the IP address (and thus to the opnssense gui ) just not via the dns name.

When setting up the VPN server -- Under Client Settings --> DNS Servers

Enable DNS Servers and then provide your OPNsense firewall IP in #1. This will push your server side DNS to the client machines allowing the client machines to use your server side DNS to resolve the services.

Title: Re: vpn works but no dns
Post by: errored out on May 15, 2021, 07:31:51 am

Just a FYI, there is board dedicate to VPN issues. You might have better luck over there.  https://forum.opnsense.org/index.php?board=36.0

Title: Re: vpn works but no dns
Post by: genfoch01 on May 16, 2021, 04:57:33 am

Inxsible :  thanks for the response,  when testing I did add the lan ip of my opnsense server under vpn server client settings.  when i connected with the client i could see in the logs dns server 192.168.10.1 was added. I just could not get a connection.    when i swapped that out with 8.8.8.8 i could then get to everything externally but then nothing internal would resolve.  when I set up a forwarding dns server inside my network and changed the vpn server client dns to use that ip, everything started to work.

when I did have the fw ip as the vpn server client dns, i was able to point a browser at the ip of the opnsense server and get a connection so i know its not a fw rule blocking me. I could also point my browser to any other internal ip.  the issue seems to be the vpn can not connect to the unbound dns server.


Errored out :  thanks for the response I completely missed that board when i posted my question!
   do you know if i can move a post from one board to another or if i should simply repost this on the other one?

Title: Re: vpn works but no dns
Post by: Inxsible on May 18, 2021, 05:46:41 am

Quote from: genfoch01 on May 16, 2021, 04:57:33 am

...  the issue seems to be the vpn can not connect to the unbound dns server.

I don't think that is a true as I use a road-warrior vpn as well as a P2P vpn and in both cases I can have my server side DNS server resolve the local services and I don't use the forwarder at all. There might be a setting or two that you might have missed.

Title: Re: vpn works but no dns
Post by: genfoch01 on May 18, 2021, 06:19:51 am

Inxsible :
things i have tried:
     setting the vpn client dns to the ip address of my lan  (no joy, ip addresses work, but no names resolve
     I added the dns service to the vpn interface  and changed the vpn client to point to the vpn interface (vpn tunnel in my case this is 10.10.0.x  my lan is 192.168.10.x )  with the same results.

in both cases I can point a browser at the fw lan ip address and get a response so i know its not being blocked by an fw rule (or i should say i think it is not as i am clearly not an opnsense expert )

as noted when doing research i changed the vpn client dns server to 8.8.8.8 and that also worked (for external stuff anyway ) so it appears the issue is not with dns specifically nor with making a connection to the vpn.
i found a post on issues with open vpn and unbound  (https://forums.openvpn.net/viewtopic.php?t=26983 ) though it is from 2018 it did not have a solution.

this prompted me to take unbound out of the equation ( and also opnsense as well ) by building a forwarding dns server sitting inside my lan. it forwards requests to opnsense and this solution does work.

I'd really like to fix this issue rather than use yet another server. but i'm not sure what to check.