OPNsense using DNS server for forwarding through VPN tunnel

[Maestro86]

Hello everyone,

I want to forward DNS queries to a DNS server on the other site of a IKEv2 Site2Site-Tunnel. My clients can resolve queries without problems to this DNS server, but the firewall does not, perhaps because of not having any valid IP address to the VPN tunnel by default.

Is there any way I can accomplish this?

Thanks in advance

[Maestro86]

Short update:

Code Select Expand

root@GLB-FIW-01:~ # ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
36 bytes from 62.155.246.135: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 f15d   0 0000  40  01 1264 93.239.13.84  10.0.0.1

36 bytes from 62.155.246.135: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 769d   0 0000  40  01 8d24 93.239.13.84  10.0.0.1

36 bytes from 62.155.246.135: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 0cb3   0 0000  40  01 f70e 93.239.13.84  10.0.0.1

36 bytes from 62.155.246.135: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 1427   0 0000  40  01 ef9a 93.239.13.84  10.0.0.1

36 bytes from 62.155.246.135: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 0054 3d88   0 0000  40  01 c639 93.239.13.84 10.0.0.1

This ping messages appear always. I created an outbound NAT to the LAN-Interface of OPNsense, created a firewall rule with the LAN interface as gateway, but nothing works. I just want to get traffic from the firewall itself (DNS redirects for a specific domain in this case) to be redirected to a dns server on the other site of a IKEv2 S2S tunnel.

Does anyone have an idea?