DNS Server and openVPN

[praetorianer777]

Hey guys,

I am having some trouble with the DNS stuff...
I successfully created the openvpn server on opnsense.
I also get clients to connect to it and all traffic goes over the server.
I have access to my home network but only while using the ip adress.
IPconfig on Windows shows, that my DNS server in my home network is published to the client.
What is wrong here?

[Gauss23]

Hey guys,

I am having some trouble with the DNS stuff...
I successfully created the openvpn server on opnsense.
I also get clients to connect to it and all traffic goes over the server.
I have access to my home network but only while using the ip adress.
IPconfig on Windows shows, that my DNS server in my home network is published to the client.
What is wrong here?

What DNS servers are this? Maybe they block requests from outside their subnet?

[praetorianer777]

I am using a Pihole... but I didn't find settings for this except this, which is enabled (see attachment).

[Gauss23]

Is the client following you "Redirect gateway" rule? Some clients ignore it or make it optional.

Do you have a firewall rule allowing VPN clients traffic to your 192.168.1.0/24 network? Are you able to ping the DNS servers from the VPN client?

Enable logging on the rules for OpenVPN and check in live view if you see the requests.

[praetorianer777]

WHen I check my public IP with the client, it has the same as my router at home, this seems working...
A ping to my Pihole is also successful
My home network is 192.168.1.0/24 and the VPN network 10.10.0.0/24
I attached the logs, only one IPv6 packet was denied
192.168.1.26 is the IP of the opnsense server, 192.168.1.3 the pihole and 192.168.1.1 the fritzbox...

[Gauss23]

So the Fritzbox is the default Gateway for all your devices in 192.168.1.0/24?
From the logs it looks like your VPN client is source natted with the IP of the OPNsense. At least I can't see a request coming from your OpenVPN client. Why is that?

[praetorianer777]

That is correct, the fritzbox is the default gateway...
and I have absolutely no idea what's the problem :(
I sticked to the official road warrior tutorial

[Gauss23]

Did you enable logging for the OpenVPN rule?

Do you see any traffic from the 10.10.0.0/24 network?

Please send screenshots of:
Firewall Floating rules
Firewall OpenVPN rules

[praetorianer777]

Ok, I forgot to enable logging for the openvpn rules ...
But there are no floating firewall rules!
DNS requests are transported but not resolved at client side

[Gauss23]

Default route/gateway of the piHole is definitely the OPNsense?

[praetorianer777]

The gateway for the pihole is the fritzbox (192.168.1.1), but there I added a static route (see attachment)
Ping from Pihole to client is also possible

[Gauss23]

On the OpenVPN client, are you able to open a command window and start nslookup?

Then change servers: 192.168.1.1 and make a query
change to 192.168.1.3 and make a query again.

And at last you could change to 1.1.1.1 and start another query.

What are the results?

I really can't see why this is not working. Your setup seems to be right.

Unfortunately you still did not send a screenshot of the OpenVPN Firewall section.

[praetorianer777]

I forgot sry, attached the firewall section and the nslookup
-> the client also has a fritzbox

[praetorianer777]

Hmm,

I connected my laptop over my smartphone hotspot and here it works... :<

[praetorianer777]

I found the solution in this post: https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working
You have to set the metric of the vpn network adapter to a lower value than the normal adapter! :D:D
Thanks anyway for your help Gauss23 ;)