Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
LAN DNS resolution fails through OpenVPN when Adguard is enabled
« previous
next »
Print
Pages: [
1
]
Author
Topic: LAN DNS resolution fails through OpenVPN when Adguard is enabled (Read 2552 times)
baz
Jr. Member
Posts: 52
Karma: 1
LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
on:
October 20, 2022, 09:46:58 pm »
When I connect to OpenVPN with my roadwarrior, unbound DNS resolution for local servers on the home network works fine. However when AdGuard is enabled, DNS resolution for local computers fails when connected to the VPN, but works fine otherwise. Any ideas what the issue could be?
«
Last Edit: October 21, 2022, 04:10:46 am by baz
»
Logged
tiermutter
Hero Member
Posts: 1102
Karma: 61
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #1 on:
October 21, 2022, 06:45:50 am »
How do you achieve that clients use AGH? Are there port forwards redirecting DNS to AGH? Is AGH listening on OVPN IP? Does it work for roadwarriors not connected to LAN?
Logged
i am not an expert... just trying to help...
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #2 on:
October 21, 2022, 09:48:05 am »
Are you running AdGuard Home on your OPNsense or are you running AdGuard in your client systems. Two different products.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
baz
Jr. Member
Posts: 52
Karma: 1
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #3 on:
October 24, 2022, 04:22:07 pm »
>Are there port forwards redirecting DNS to AGH?
Adguard is set to port 53 and unbound was changed to port 5353, so no changes were needed to get clients to go to adguard on port 53, the only config change was setting adguard to use unbound for upstream.
> Is AGH listening on OVPN IP?
When I go to "setup guide" in adguard I do see my openvpn tunnel address listed: "172.16.1.1" - this is the root address of the tunnel network I setup "172.16.1.0/24".
> Does it work for roadwarriors not connected to LAN?
Yes, when I am on the mobile netowrk, for example, I can navigate lan servers by name.
> Are you running AdGuard Home on your OPNsense or are you running AdGuard in your client systems.
Adguard is running directly on the opnsense box through opnsense, same IP except on port 8080.
«
Last Edit: October 24, 2022, 04:36:26 pm by baz
»
Logged
baz
Jr. Member
Posts: 52
Karma: 1
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #4 on:
October 24, 2022, 04:36:13 pm »
UPDATE:
@tiermutter your probing led me to discover something. In my openvpn client on my phone, I have been setting "override DNS settings by Server" to manually specify my DNS server at 192.168.10.1. This allows everything to work while I am on the mobile network but then causes DNS resolution to fail when I reconnect back to the LAN.If I undo this setting, and let the server specify everything, the reverse happens: I am able to navigate to services while connected to the LAN but not when on the mobile network. What is going on?
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #5 on:
October 24, 2022, 06:20:59 pm »
Quote from: baz on October 24, 2022, 04:22:07 pm
Adguard is running directly on the opnsense box through opnsense, same IP except on port 8080.
AdGuard cannot run on OPNsense. AdGuard Home can.
This is AdGuard, available for Windows, Mac, iOS, Android:
https://adguard.com/en/welcome.html
This is AdGuard Home, a DNS based ad blocker available for various platforms:
https://adguard.com/en/adguard-home/overview.html
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
baz
Jr. Member
Posts: 52
Karma: 1
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #6 on:
October 25, 2022, 01:38:41 am »
Gotcha, I am running Adguard Home installed through the plugins.
Logged
Rene78
Newbie
Posts: 7
Karma: 0
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #7 on:
October 26, 2022, 07:13:27 pm »
I have exactly the same issue. Switching off Adguard plugin, setting unbound back to port 53 (from 5353) and reconnecting to the OpenVPN server solves the issue.
The log from Adguard does show DNS requests from the connected OpenVPN client ip (from the openVPN client ip range). Apparently the reply does not arrive back at the client for some reason. I am unable to track where it is blocked.
Logged
Rene78
Newbie
Posts: 7
Karma: 0
Re: LAN DNS resolution fails through OpenVPN when Adguard is enabled
«
Reply #8 on:
October 26, 2022, 09:13:26 pm »
Problem solved. The problem was caused by two mistakes I made in the configuration.
1) I forgot to activate the “DNS local domain” setting in the OpenVPN server setting and enter the local domain name in that settling. This makes sure that local names get trailed by the local domain for proper resolution
2) I initially entered the local LAN ip for the local DNS server (192.168.10.254) in the OpenVPN server settings to pass to connected clients as DNS to use. This actually needs to be the (unassigned) interface address of the ovpns interface that hosts the tunnel network. In my case this is 192.168.20.1, which is automatically set when configuring the tunnel network as 192.168.20.0/24.
These two changes solved the problem. In Adguard settings I noticed that Adguard also listens on 192.168.20.1 next to 192.168.10.254. While I am unsure why it does work properly with 192.168.10.254 set in OpenVPN server as client DNS without Adguard installed (DNS local domain needs to be set in both cases) I guess it has something to do with routing between the two networks. As mentioned in my previous post the DNS request comes in, is forwarded to the local DNS (192.168.10.254:5353), a correct reply is received by Adguard, but somehow the reply is not sent back from 192.168.10.254 to the client at 192.168.20.x/24. While this does work without AdGuard….. Maybe an Adguard application issue..?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
LAN DNS resolution fails through OpenVPN when Adguard is enabled