OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [SOLVED] OpenVPN: No DNS resolution Using Internal Resolver
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] OpenVPN: No DNS resolution Using Internal Resolver  (Read 12617 times)

brando56894

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
[SOLVED] OpenVPN: No DNS resolution Using Internal Resolver
« on: August 30, 2016, 10:38:34 am »
Hey Guys, I setup OpenVPN (for the first time ever) on my router and I can connect just fine, and at first DNS didn't work at all when forcing all resolution queries through the VPN. After some searching I saw that a good way to check it to push a public DNS server out from the VPN server, so I set mine to 8.8.8.8, disconnected, and then reconnected and external DNS resolution worked perfectly (google and other sites).

VPN clients (which are on subnet 10.10.10.0/32) are allowed to contact my main network (192.168.1.0/24) and routing is correct since I can access my internal sites and clients via their IP addresses, but internal DNS resolution doesn't work at all when I push my internal DNS resolver at 192.168.1.1, nor does external DNS resolution (Google, yahoo, etc...). What's wrong here? I don't see any requests blocked by the firewall.

Here's my server config

Code: [Select]
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local [external IP]
tls-server
server 10.10.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
client-cert-not-required
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Time based One Time Password VPN Access Server' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'SSL+VPN+Server+Certificate' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DOMAIN mydomain.us"
push "dhcp-option DNS 192.168.1.1"
push "register-dns"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive

Client Config

Code: [Select]
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote [external IP] 1194 udp
lport 0
auth-user-pass
ca router-udp-1194-ca.crt
tls-auth router-udp-1194-tls.key 1
ns-cert-type server
comp-lzo adaptive

Edit:After some more investigation, it seems that DNS queries are going to 10.10.10.1:53 instead of 192.168.1.1:53, even though I'm forcing 192.168.1.1!
« Last Edit: December 10, 2016, 08:04:12 pm by franco »
Logged

brando56894

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: OpenVPN: No DNS resolution Using Internal Resolver
« Reply #1 on: September 09, 2016, 07:25:14 am »
No one can help?
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13955
  • Karma: 1210
    • View Profile
Re: OpenVPN: No DNS resolution Using Internal Resolver
« Reply #2 on: September 19, 2016, 12:40:33 am »
There queries usually go where OpenVPN listens to (selected interface). Isn't that the case here? Are you using DNS resolver setups where "ALL" is not used for interface selections?
Logged

the-mk

  • Full Member
  • ***
  • Posts: 151
  • Karma: 15
    • View Profile
Re: OpenVPN: No DNS resolution Using Internal Resolver
« Reply #3 on: December 10, 2016, 01:29:38 pm »
@brando56894 - have you been able to resolve your issue with DNS and OpenVPN?
I am in a similar situation that road-warriors can't resolve internal hostnames...
Logged

the-mk

  • Full Member
  • ***
  • Posts: 151
  • Karma: 15
    • View Profile
Re: OpenVPN: No DNS resolution Using Internal Resolver
« Reply #4 on: December 10, 2016, 04:34:50 pm »
after some try and error I can give the answer to myself :)
when using DNS forwarder, the interface-option was set to "all" - after changing it to LAN and OpenVPN I am able to resolve hostnames from a road warrior!
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [SOLVED] OpenVPN: No DNS resolution Using Internal Resolver
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2