Trying to set up a VPN only LAN and DNS doesnt seem to work

[kernull]

Posted this on reddit then realized that's probably not as good as here...

First time using OPNsense and I love the UI- it looks great

From:
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm

step 9:
Navigate to Services -> Unbound DNS -> General.
[...]
DNS Query Forwarding: check;
[...]

I couldnt find this in General, but found it in it's own section under 
Services -> Unbound DNS ->  Query Forwarding.

when checked, it shows the DNS server IPs that I put in System -> Settings -> General as the nameservers that will be used, but they dont seem to work - I have a connection but cant resolve any names...

on a client on the LAN side, pinging 8.8.8.8 goes through the VPN as expected (confirmed via traceroute output) but ping google.com times out.

The only nameserver specified on the client (/etc/resolv.conf) is the LAN IP of OPNsense.  (maybe I should try setting it to the DNS Nord had in their walkthrough?)

Also, I believe through setting the DNS servers up this way, it will NOT fail over to my WAN's DNS server, is that correct?

Thanks for reading!

[zz00mm]

I had a similar issue when I created 2 VPN vLANs on my network, first I saw that I was unable to ping the GW when the VPN session was up, thus when I attempting nslookup against the GW it would fail. From some  threads here on the forum, I finally used the following solution. Created a floating rule using alias's to allow access to the GW on the vLAN. I've attached screenshots that will hopefully help. Another option would be to use a different DSN server(s) which I did initially as part of troubleshooting to figure out the problem.

[kernull]

Thanks for the suggestions!

I decided to re-do the walkthrough... it is kinda long, and I found where I screwed up.
Step 13, I had the rules in backwards, with the lan <--> lan above the lan <--> nord rule