Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
OpenVPN DNS Resolution Failure - GOTCHA
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN DNS Resolution Failure - GOTCHA (Read 2178 times)
brim2full
Newbie
Posts: 11
Karma: 0
OpenVPN DNS Resolution Failure - GOTCHA
«
on:
May 18, 2020, 12:14:57 pm »
The Problem:
After following the OpenVPN How-To
for "Setup SSL VPN Road Warrior" in the documentation for version 20.1.6 of OPNsense and using the OpenVPN wizard
for an initial configuration. I could not connect to any internal or external websites. Trying to ping a URL (rather than and IP) also failed. I immaterially suspected the VPN tunnel was not finding the DNS server.
Diagnosing the Problem:
I could eliminate the first step since I could successfully connect to OpenVPN.
I next used
ping to confirm the end points (servers) could be seen.
Careful here because some servers and firewalls block ICMP and OPNsense will if no rule is in place to pass ICMP.
I also used traceroute to check packets were going in the right direction to the endpoints.
I then used the Packet Capture (Interfaces > Diagnostics > Packet Capture) to look at the LAN port and discovered DNS requests from OpenVPN were being rejected.
Your friendly DuckDuckGo representative informed me that "reject" does not mean blocked but there was likely to be a configuration issue.
My OPNsense configuration uses Unbound as the resolver. Since all devices on the LAN were working happily I assumed the basic configuration was correct. But I did work through each setting just to check. There it was the GOTCHA.
The GOTCHA:
It appears neither the OpenVPN wizard or the web GUI applies the appropriate setting to unbound. Neither is it mentioned in the Documentation. This when using Unbound as your DNS resolver and you cannot resolve DNS names through the VPN.
An Aside:
Also watch out if you manually setup the firewall rules. If you forget to press Apply there is no warning on any other screen that you have un-applied changes. May I suggest that after completing a manual configuration you reboot OPNsense and then recheck your configuration before proceeding to testing.
Regards
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
OpenVPN DNS Resolution Failure - GOTCHA