OPNSense DNS issues as Tailscale exit node

Started by SimHat, January 05, 2025, 08:20:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 05, 2025, 08:20:50 PM Last Edit: January 17, 2025, 01:36:49 PM by SimHat Reason: add attachments
I have opnsense set as an exit node and I'm advertising my local network on the tailnet.  I'm using opnsense as my DNS server with unbound.  I'm advertising my opnsense IP as a DNS server to the tailnet.

If I'm not using tailscale as an exit node, my tailscale clients are able to use the opnsense DNS without issue.  However if I set opnsense as an exit node, DNS fails.  I can still route to things on the local network and the internet via IP, but not DNS running on opnsense.  I've created another DNS server on my local network and I can use that one without issue, but I'd really like to use unbound on opnsense.

I'm guessing maybe I'm missing a rule in opnsense?

You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.

January 14, 2025, 05:25:27 PM #1 Last Edit: January 14, 2025, 05:49:05 PM by SimHat
Since the request is coming from the internet, I would have to enable DNS to the global internet?  That doesn't sound right ... or safe.
Even though I have the local subnet advertised it's almost like it can't reach that subnet when using the exit node, even thought I can ping things in that subnet.
When I ping the source shows as 127.0.0.1, but when I try to access DNS the source shows as my external IP. 
Print
Go Up Pages1
User actions