DNS resolution of internal network names when logged in via OpenVPN requires workaround
A number of us on the forums have discovered that when logged in via OpenVPN, DNS resolution of internal names on the network does not work unless you modify the DNS server settings to explicitly specify explicit networks under the “Network Interfaces” setting under Services/DNS Resolver/General Settings page. Specifically, the default setting of “All” does not work from OpenVPN clients (10.0.8.0/24, in my case).
Here is a link to the discussion:
General steps to reproduce:
- Use the OpenVPN wizard to create an OpenVPN server (default settings, more or less, as explained via various tutorials)
- Edit OpenVPN server settings, select DNS Default Domain and provide internal domain name, if applicable. (e.g., “my_internal_ntwork.home”)
- In addition, select DNS Server Enable, and specify IPv4 address of Netgate gateway (in my case, LAN 192.168.1.1 and OpenVPN network 10.0.8.1), as well as an external DNS, e.g., Google’s 126.96.36.199
- Export client (certs, config, etc) for openVPN client
- In my case, I am using iOS (or iPadOS, as the case may be), import, etc.
- Connecting to the VPN works fine, and I can ping, ssh, etc to IP internal addresses on the LAN network, but internal domain names cannot be resolved (external domain names are fine).
- Under Services/DNS Resolver/General Settings -> “Network Interfaces”, unselect “All” and select all the networks listed
- Reconnect OpenVPN client (required)
- Local DNS resolution from 10.0.8.0/24 (or equivalent) now works.
Updated by Fred Dushin 3 months ago
So is the hypothesis that restarting the DNS resolver would effectively address the issue? I can test that.
I reverted Network Interfaces to "All", which required a restart of `unbound`. I was able to connect to OpenVPN and was able to resolve internal names, so I am guessing that all that was required was for a restart of the service.
If you would like further testing, please let me know, but I believe this issue may be closed.