Messages

1

Virtual private networks / Re: openvpn to nordvpn: dns not getting back to LAN pc's

« on: February 23, 2022, 03:29:49 pm »

Okay never heard from anyone here or from NordVPN.

After several resets to factory defaults, and starting completely over, I finally got openvpn on opnsense to connect to nordvpn, but it is so fragile.  After a while, it just stops working.  If I make the slightest change, it stops working.  Restarting services does nothing.  Getting tired of rebooting the firewall all of the time.  I'm not impressed.

2

Virtual private networks / Re: openvpn to nordvpn: dns not getting back to LAN pc's

« on: February 22, 2022, 11:14:53 pm »

I guess I should add this is a fresh new install, and I updated/rebooted before configuring the openvpn to nordvpn.

Installed OPNsense on the vnopn mini-pc:

https://www.amazon.com/gp/product/B09J4H9ZXY/ref=ppx_yo_dt_b_asin_title_o01_s00?ie=UTF8&psc=1

3

Virtual private networks / openvpn to nordvpn: dns not getting back to LAN pc's

« on: February 22, 2022, 11:12:29 pm »

Hi all!

My first post here.  I'm new to OPNsense and BSD, but not to firewalls, routers or linux.

I followed the instructions on the nordvpn site, it's out of date now, I saw at least 3 discrepancies, noted below.
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
I also opened a support ticket with NordVPN, but I haven't heard back yet.  Figured I would also try here.

Basically, the openvpn interface is up, has an IP address, and routing is taking place.  From a linux workstation, I can ping 1.1.1.1 no problem.

DNS appears to be working too.  From the OPNsense web interface, can ping yahoo.com no problem.

From a linux workstation on the LAN:

I can ping 1.1.1.1 from a linux workstation on the LAN.

but ping yahoo.com comes back:
ping: yahoo.com: Temporary failure in name resolution

also: host google.com
;; connection timed out; no servers could be reached

same with nslookup and dig google.com
;; connection timed out; no servers could be reached

==================================

From the OPNsense web interface, DNS seems to be working.  From Diagnostics -> DNS Lookup
looked up yahoo.com, came back with all the A Type Addresses
query times from:
127.0.0.1 -> 23 msec
103.86.96.100 -> 180 msec
103.86.99.100 -> no response

ping yahoo.com resolves fine and pings

=========================

Following the howto guide on nordvpn, I noted 3 discrepancies:

Services -> Unbound DNS -> General
Outgoing Interfaces:  the guide says use (OpenVPN client (NordVPN_US8577)) but there is also a NordVPN interface.  I've tried each, and both.

NAT -> Outbound
advanced outbound NAT entry:  same thing, 2 interfaces, guide says use NordVPN, I also tried OpenVPN

Firewall -> Rules -> LAN
After following the directions, there are only 2 rules, but the picture/sample shows 3.  The first rule for the anti-lockout is missing.  I tried to add it, but am unsure which choices to select.

The VPN/OpenVPN log file has a few notable warnings:

WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
ioctl(TUNSIFMODE): Debice busy (errno=16)

I'd be grateful for any suggestions.  Thanks for reading.