Hi Lars, hi all, I spooled up a Linux-VM, installed DJBs dnscache on it and have the pfSense NAT incoming DNS-Queries on the VPN-Interface to this machine. Queries for internal names (DHCP!) are handed back to the pfSense...
I do not find this solution very elegant but what can you do? :-) Regards, Philipp > -----Original Message----- > From: List [mailto:[email protected]] On Behalf Of Lars > Wuerfel > Sent: 9 August, 2016 7:26 > To: [email protected] > Subject: Re: [pfSense] DNS-forwarder through OpenVPN "stopped working" > with 2.3.2 > > Philipp, > > I am facing the same problem here since the Upgrade to 2.3.2 > DNS resolution through the OpenVPN tunnel works with site2site VPN. > But it does not work with with remote login from my laptop. > This worked up to version 2.3.1_p5 > > Do you have a solution meanwhile? > > Thanks and Regards > Lars > > On 07/28/2016 10:04 AM, Philipp Tölke wrote: > > Hi again, > > > >> From: Philipp Tölke [mailto:[email protected]] > >> Sent: 27 July, 2016 16:01 > >> > >>> Check the system routing table. From the sound of the errors, it > would > >>> appear that the firewall routing table does not include a route back > to > >>> the VPN client subnet. > >> > >> Interesting: The routing table has an entry for the VPN network: > >> > >> Destination Gateway Flags Netif Expire > >> [...] > >> 10.1.2.0/24 10.1.2.2 UGS ovpns2 > >> 10.1.2.2 link#16 UH ovpns2 > >> > >> But since the OpenVPN is configured as "net30" the gateway 10.1.2.2 is > >> not on the same network as most of the querying systems... > >> > >> Why has this worked until yesterday? > > > > So I dug into this issue some more; the other VPN-Servers all use > "subnet" > > and not "net30" and DNS works. > > > > The other VPN-Servers all have routes looking like this: > > > > 10.1.0.0/24 10.1.0.1 UGS ovpns1 > > 10.1.0.1 link#15 UHS lo0 > > 10.1.0.2 link#15 UH ovpns1 > > > > Changing the route of the net30-VPN to be like the routes of my other > > VPN-Servers: > > > > 10.1.2.0/24 10.1.2.1 UGS ovpns2 > > 10.1.2.1 link#16 UHS lo0 > > 10.1.2.2 link#16 UH ovpns2 > > > > Does not help with my issue. > > > > Even adding the peer-to-peer configuration of a host to the interface: > > > > ifconfig ovpns2 10.1.2.181 10.1.2.182 netmask 255.255.255.255 alias > > > > Has not enabled DNS resolving. Resolving using another DNS-Server in my > > internal net works so this is not a firewall-issue. > > > > Is there anything I can do short of rolling out another DNS-Server? > > > > Thanks for the help! > > > > Philipp > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
