Hi,
We had to add all our subnets to the access lists in unbound to get
resolving working between our sites.
Knut Petter
On 08/09/2016 08:53 AM, Philipp Tölke wrote:
Hi Lars, hi all,
I spooled up a Linux-VM, installed DJBs dnscache on it and have the pfSense
NAT incoming DNS-Queries on the VPN-Interface to this machine. Queries for
internal names (DHCP!) are handed back to the pfSense...
I do not find this solution very elegant but what can you do? :-)
Regards,
Philipp
-----Original Message-----
From: List [mailto:[email protected]] On Behalf Of Lars
Wuerfel
Sent: 9 August, 2016 7:26
To: [email protected]
Subject: Re: [pfSense] DNS-forwarder through OpenVPN "stopped working"
with 2.3.2
Philipp,
I am facing the same problem here since the Upgrade to 2.3.2
DNS resolution through the OpenVPN tunnel works with site2site VPN.
But it does not work with with remote login from my laptop.
This worked up to version 2.3.1_p5
Do you have a solution meanwhile?
Thanks and Regards
Lars
On 07/28/2016 10:04 AM, Philipp Tölke wrote:
Hi again,
From: Philipp Tölke [mailto:[email protected]]
Sent: 27 July, 2016 16:01
Check the system routing table. From the sound of the errors, it
would
appear that the firewall routing table does not include a route back
to
the VPN client subnet.
Interesting: The routing table has an entry for the VPN network:
Destination Gateway Flags Netif Expire
[...]
10.1.2.0/24 10.1.2.2 UGS ovpns2
10.1.2.2 link#16 UH ovpns2
But since the OpenVPN is configured as "net30" the gateway 10.1.2.2 is
not on the same network as most of the querying systems...
Why has this worked until yesterday?
So I dug into this issue some more; the other VPN-Servers all use
"subnet"
and not "net30" and DNS works.
The other VPN-Servers all have routes looking like this:
10.1.0.0/24 10.1.0.1 UGS ovpns1
10.1.0.1 link#15 UHS lo0
10.1.0.2 link#15 UH ovpns1
Changing the route of the net30-VPN to be like the routes of my other
VPN-Servers:
10.1.2.0/24 10.1.2.1 UGS ovpns2
10.1.2.1 link#16 UHS lo0
10.1.2.2 link#16 UH ovpns2
Does not help with my issue.
Even adding the peer-to-peer configuration of a host to the interface:
ifconfig ovpns2 10.1.2.181 10.1.2.182 netmask 255.255.255.255 alias
Has not enabled DNS resolving. Resolving using another DNS-Server in my
internal net works so this is not a firewall-issue.
Is there anything I can do short of rolling out another DNS-Server?
Thanks for the help!
Philipp
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
