pfSense » pfSense Plus

A number of us on the forums have discovered that when logged in via OpenVPN, DNS resolution of internal names on the network does not work unless you modify the DNS server settings to explicitly specify explicit networks under the “Network Interfaces” setting under Services/DNS Resolver/General Settings page. Specifically, the default setting of “All” does not work from OpenVPN clients (10.0.8.0/24, in my case).

Here is a link to the discussion:

https://forum.netgate.com/topic/143173/openvpn-works-but-no-local-dns

General steps to reproduce:

• Use the OpenVPN wizard to create an OpenVPN server (default settings, more or less, as explained via various tutorials)
• Edit OpenVPN server settings, select DNS Default Domain and provide internal domain name, if applicable. (e.g., “my_internal_ntwork.home”)
• In addition, select DNS Server Enable, and specify IPv4 address of Netgate gateway (in my case, LAN 192.168.1.1 and OpenVPN network 10.0.8.1), as well as an external DNS, e.g., Google’s 8.8.8.8
• Export client (certs, config, etc) for openVPN client
• In my case, I am using iOS (or iPadOS, as the case may be), import, etc.
• Connecting to the VPN works fine, and I can ping, ssh, etc to IP internal addresses on the LAN network, but internal domain names cannot be resolved (external domain names are fine).
• Under Services/DNS Resolver/General Settings -> “Network Interfaces”, unselect “All” and select all the networks listed
• Reconnect OpenVPN client (required)
• Local DNS resolution from 10.0.8.0/24 (or equivalent) now works.