Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Troubleshooting client & server DNS resolution issues when using Unbound?
« previous
next »
Print
Pages:
1
2
3
[
4
]
Author
Topic: Troubleshooting client & server DNS resolution issues when using Unbound? (Read 26800 times)
guest15389
Guest
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #45 on:
April 19, 2019, 07:57:25 pm »
System->Configuration->Backups
You can download a copy of your config and upload to a new install.
Logged
princ3ssa
Newbie
Posts: 26
Karma: 0
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #46 on:
April 19, 2019, 08:05:50 pm »
Oh that's really good. Thank you. It seems it would make sense if someone were to make a config that works with PIA for example with as generic as possible options (DHCP everywhere), maybe that would help other people out instead of having to go through so many steps. I'll give this a shot here and see how it works.
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #47 on:
April 20, 2019, 07:40:07 pm »
.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
princ3ssa
Newbie
Posts: 26
Karma: 0
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #48 on:
April 21, 2019, 12:34:33 am »
So I've mixed this up a little bit. I thought I'd try to test a few things. I've gone ahead and put OPNsense right on the head of my network with no other possible traffic at this point. I'm using a vanilla setup with really no customization. I thought I'd see if I could at least get Unbound responding to local traffic FIRST before setting up anything else whatsoever.
I'm able to talk to the internet just fine, no additional firewall rules, nothin' at all. Unbound is supposedly on:
But when I even test this I get a timeout:
Code:
[Select]
nslookup google.com 192.168.1.1
;; connection timed out; no servers could be reached
Now that has me really scratching my head! Any thoughts on this?
Logged
guest15389
Guest
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #49 on:
April 21, 2019, 12:36:32 am »
Can you ping 192.168.1.1?
If that returns, you should be able to use DNS.
Did you turn on logging and do you see any hits from the rules?
Logged
princ3ssa
Newbie
Posts: 26
Karma: 0
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #50 on:
April 21, 2019, 12:43:11 am »
Ah, lol, got it. Crazy me. I unthinkingly set the subnet to 192.168.0 instead of .1 this time around just powering through things. Thanks for the sanity catch there!!!! So nslookup DOES work now, that's really good!
Logged
princ3ssa
Newbie
Posts: 26
Karma: 0
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #51 on:
April 26, 2019, 06:43:41 am »
I had some things come up and haven't had much time to work on this, but I've managed to find some time to come back to this issue today. I thought I'd do some testing at each step in the process and unfortunately while I think I have a better picture of what's going on, I'm even more confused now.
First, one thing that has confused me is that I've managed to get the VPN working, but while IPv4 shows the right remote IP address, IPv6 appears to be skipping over the VPN and just using the local ISP/WAN interface and I can never get it to go through the VPN. I figured maybe I need to block it and I can't even figure out how to do that so just IPv4 is only used in case that's an issue (but I don't think it is since, I THINK, PIA has used IPv6 before).
So now I have things arranged a little differently. I have OPNsense as the primary gateway now for my network.
I have one test system assigned to the VPN_Recipients alias which means I can keep tests isolated for it. Everything else is just on the LAN and my goal is to make them all just behave normally and pass through the WAN port only without touching the VPN.
For some details:
192.168.0.211 is the only IP within VPN_Recipients
The VPN client is "PIA East" (
screenshot
)
Unbound is on and listening at 53 (
screenshot
)
I have 3 Interfaces:
LAN
,
PIAEast
, and
WAN
.
Outbound NAT (
Overview
,
Details
)
Firewall Rules (
Overview
)
Notice I put the first two rules under the Anti-Lockout Rule in order to pass all traffic from the LAN that's NOT within the VPN_Recipients list on out to the default WAN. I wanted to keep my network working while doing the configuration work and seems sane to do something like this.
So I've found a couple of things particularly strange and I'm hoping you can elucidate the issues. I really was hoping that I could do an nslookup in all cases, but here's what I'm seeing:
When I have the VPN turned OFF, I can, from regular LAN systems, ping anything fine and "nslookup google.com 192.168.0.1" works great. Same is true of 192.168.0.211.
When I turn on the VPN, I cannot ping anything, but I CAN run "nslookup google.com 192.168.0.1" fine. From 192.168.0.211 I CANNOT run nslookup (times out), and I cannot ping a domain (like google.com), but I CAN ping 8.8.8.8.
Leaving VPN on, if I change the "NON-VPN - Default allow LAN to any rule" rule so that Gateway is NOT "default" but is instead set to "WAN_DHCP", I can then ping 8.8.8, but nslookup and name resolution still won't work.
I'm just not really seeing exactly what's going on here. Why would DNS resolution work and it seems that at other times when I was playing here with the settings I got DNS resolution for OPNsense to work while the VPN was on, but I lost track of the settings that did this. I'm obviously not understanding a crucial part of the puzzle.
Logged
princ3ssa
Newbie
Posts: 26
Karma: 0
Re: Troubleshooting client & server DNS resolution issues when using Unbound?
«
Reply #52 on:
May 05, 2019, 04:28:01 pm »
I got to the point here where I thought it would be a good idea to test the
pfSense
tutorial on pfSense itself to see if that even worked for me with the same setup. (Unfortunately?) It did.
I followed the instructions and went right through the tutorial without any issues. pfSense is working correctly and I'm finding that VPN speeds are working as advertised with greatly enhanced performance that exceed the ISP limitations. It's very impressive actually, but I really wish I could have figured out what the differential is between the tutorial DNS section working fine with pfSense and not working with OPNsense.
Is there anything that can be done with this information? Can the configuration file be reviewed somehow to see what's being missed and migrated to OPNsense?
Logged
Print
Pages:
1
2
3
[
4
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Troubleshooting client & server DNS resolution issues when using Unbound?