Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
DNS issues with VLANs on VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS issues with VLANs on VPN (Read 2767 times)
Medicineman25
Newbie
Posts: 14
Karma: 1
DNS issues with VLANs on VPN
«
on:
April 16, 2021, 04:01:37 pm »
I have a Proxmox server with a VM and VLAN aware Linux bridge, feeding through a 24 port switch with the appropriate tag profiles on the desired ports, then to an OPNSense appliance and out to the internet. I also have a laptop (Machine A) connected to the switch.
- The VM is tagged 5 in the Proxmox network adaptor settings and the /etc/default/interfaces has allowed for vids 2-4096
- Machine A is not tagged
Perhaps important to note that my proxmox server has but one ethernet PHY.
Now, I have setup the VLAN on OPNSense with the ibg0 port as parent according to this tutorial:
https://homenetworkguy.com/how-to/configure-vlans-opnsense/#_
igb0 as parent seems logical. After having the issues I describe below, I figured I might try making the VPN interface as parent but that didn't work as expected.
Anyway. Here is a basic diagram
Machine A on LAN-> 24portSW -> OPN -> internet
Proxmox on VLAN 2-5 -> 24portSW -> OPN -> internet
OPN igb0 port has all the VLANs as does the port which is connected to my Proxmox server (there are more VLANs but I'm just focused on VLAN 5 right now as they all face the same issue). igb0 is connected to 24portSW.
Then I setup NordVPN according to this tutorial:
https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
I have the following rules in VLAN 5 (see attached)
TCP/UDP VLAN5_net -> VLAN5_address -> Gateway = * (default)
ICMP ALL VLAN5_net -> *-> Gateway = * (default)
TCP/UDP VLAN5_net -> 53 -> Gateway = * (default)
TCP/UDP VLAN5_net -> 80 -> Gateway = * (default)
TCP/UDP VLAN5_net -> 443 -> Gateway = * (default)
I have the following rules on LAN
TCP/UDP VLAN5_net -> VLAN5_address -> Gateway = VPN
ICMP ALL VLAN5_net -> *-> Gateway = VPN
TCP/UDP VLAN5_net -> 53 -> Gateway = VPN
TCP/UDP VLAN5_net -> 80 -> Gateway = VPN
TCP/UDP VLAN5_net -> 443 -> Gateway = VPN
Both machines are getting respective DHCP leases from each LAN subnet (LAN and VLAN5) and I have checked with various VM types (TrueNAS, Arch Linux) on Proxmox across various tags (2, 3, & 5). All have the same issue.
Here's the issue:
1. Currently I have no VPN routing and thus obviously DNS leaks on this VLAN, my IP is completely exposed BUT I have full internet connectivity across allowed firewall ports from the VM on VLAN5. I retain internet connectivity on Machine A on LAN. Using dig I can see my public IP completely exposed from the VM on VLAN5, but protected from Machine A on LAN.
2. However, if I switch the Gateway on VLAN5 to the VPN Interface (which mimics the rules on LAN), then I retain some connectivity and can ping 8.8.8.8 but I lose DNS and cannot resolve anything.
To sum up, I am losing DNS on VLAN5 when switching to the VPN Gateway on firewall rules. If I leave it on default I have DNS leaks and no VPN routing.
EDIT: also I cannot even ping the VLAN interface IP when switching to VPN Gateway
«
Last Edit: April 16, 2021, 04:42:05 pm by Medicineman25
»
Logged
Medicineman25
Newbie
Posts: 14
Karma: 1
Re: DNS issues with VLANs on VPN
«
Reply #1 on:
April 16, 2021, 05:50:09 pm »
SOLVED!!!
The answer was to disable Unbound DNS, which is unfortunate... that is a problem for another time perhaps.
For now my VLANs are being routed over the VPN tunnel and DNS is resolving when using the VPN Gateway on Firewall rules.
Logged
airfoxthree
Newbie
Posts: 1
Karma: 0
Re: DNS issues with VLANs on VPN
«
Reply #2 on:
May 13, 2021, 01:31:29 pm »
One of the most common reasons why the VPN is connected but not working is a DNS configuration issue. It may also occur if you configure the VPN connection to use the default gateway on the remote network. This setting overrides the default gateway settings that you specify in your TCP/IP settings
Logged
nox player for pc
jiofi.local.html
ozturkvid
Newbie
Posts: 1
Karma: 0
Re: DNS issues with VLANs on VPN
«
Reply #3 on:
March 30, 2022, 01:42:55 pm »
What exactly isn't working? DNS resolution? Actual internet access, i.e. you can't ping an IP for example? What does a debug flow show?
Logged
vidmate apk download
insta downloader
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
DNS issues with VLANs on VPN