Project

General

Profile

Actions

Bug #13041

closed

DNS resolution of internal network names when logged in via OpenVPN requires workaround

Added by Fred Dushin 3 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Force Exclusion
Affected Plus Version:
22.01
Affected Architecture:

Description

A number of us on the forums have discovered that when logged in via OpenVPN, DNS resolution of internal names on the network does not work unless you modify the DNS server settings to explicitly specify explicit networks under the “Network Interfaces” setting under Services/DNS Resolver/General Settings page. Specifically, the default setting of “All” does not work from OpenVPN clients (10.0.8.0/24, in my case).

Here is a link to the discussion:

https://forum.netgate.com/topic/143173/openvpn-works-but-no-local-dns

General steps to reproduce:

  • Use the OpenVPN wizard to create an OpenVPN server (default settings, more or less, as explained via various tutorials)
  • Edit OpenVPN server settings, select DNS Default Domain and provide internal domain name, if applicable. (e.g., “my_internal_ntwork.home”)
  • In addition, select DNS Server Enable, and specify IPv4 address of Netgate gateway (in my case, LAN 192.168.1.1 and OpenVPN network 10.0.8.1), as well as an external DNS, e.g., Google’s 8.8.8.8
  • Export client (certs, config, etc) for openVPN client
  • In my case, I am using iOS (or iPadOS, as the case may be), import, etc.
  • Connecting to the VPN works fine, and I can ping, ssh, etc to IP internal addresses on the LAN network, but internal domain names cannot be resolved (external domain names are fine).
  • Under Services/DNS Resolver/General Settings -> “Network Interfaces”, unselect “All” and select all the networks listed
  • Reconnect OpenVPN client (required)
  • Local DNS resolution from 10.0.8.0/24 (or equivalent) now works.
Actions #1

Updated by Viktor Gurov 3 months ago

may be related to #12991

Actions #2

Updated by Fred Dushin 3 months ago

Viktor Gurov wrote in #note-1:

may be related to #12991

Interesting. So is the hypothesis that restarting the DNS resolver would effectively address the issue? I can test that.

Actions #3

Updated by Fred Dushin 3 months ago

So is the hypothesis that restarting the DNS resolver would effectively address the issue? I can test that.

I reverted Network Interfaces to "All", which required a restart of `unbound`. I was able to connect to OpenVPN and was able to resolve internal names, so I am guessing that all that was required was for a restart of the service.

If you would like further testing, please let me know, but I believe this issue may be closed.

Actions #4

Updated by Marcos Mendoza about 1 month ago

  • Status changed from New to Closed
  • Release Notes changed from Default to Force Exclusion
Actions

Also available in: Atom PDF