OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: brando56894 on August 30, 2016, 10:38:34 am
-
Hey Guys, I setup OpenVPN (for the first time ever) on my router and I can connect just fine, and at first DNS didn't work at all when forcing all resolution queries through the VPN. After some searching I saw that a good way to check it to push a public DNS server out from the VPN server, so I set mine to 8.8.8.8, disconnected, and then reconnected and external DNS resolution worked perfectly (google and other sites).
VPN clients (which are on subnet 10.10.10.0/32) are allowed to contact my main network (192.168.1.0/24) and routing is correct since I can access my internal sites and clients via their IP addresses, but internal DNS resolution doesn't work at all when I push my internal DNS resolver at 192.168.1.1, nor does external DNS resolution (Google, yahoo, etc...). What's wrong here? I don't see any requests blocked by the firewall.
Here's my server config
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local [external IP]
tls-server
server 10.10.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
client-cert-not-required
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Time based One Time Password VPN Access Server' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'SSL+VPN+Server+Certificate' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DOMAIN mydomain.us"
push "dhcp-option DNS 192.168.1.1"
push "register-dns"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
Client Config
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote [external IP] 1194 udp
lport 0
auth-user-pass
ca router-udp-1194-ca.crt
tls-auth router-udp-1194-tls.key 1
ns-cert-type server
comp-lzo adaptive
Edit:After some more investigation, it seems that DNS queries are going to 10.10.10.1:53 instead of 192.168.1.1:53, even though I'm forcing 192.168.1.1!
-
No one can help?
-
There queries usually go where OpenVPN listens to (selected interface). Isn't that the case here? Are you using DNS resolver setups where "ALL" is not used for interface selections?
-
@brando56894 - have you been able to resolve your issue with DNS and OpenVPN?
I am in a similar situation that road-warriors can't resolve internal hostnames...
-
after some try and error I can give the answer to myself :)
when using DNS forwarder, the interface-option was set to "all" - after changing it to LAN and OpenVPN I am able to resolve hostnames from a road warrior!