Actions
Bug #13041
closedDNS resolution of internal network names when logged in via OpenVPN requires workaround
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Release Notes:
Force Exclusion
Affected Plus Version:
22.01
Affected Architecture:
Description
A number of us on the forums have discovered that when logged in via OpenVPN, DNS resolution of internal names on the network does not work unless you modify the DNS server settings to explicitly specify explicit networks under the “Network Interfaces” setting under Services/DNS Resolver/General Settings page. Specifically, the default setting of “All” does not work from OpenVPN clients (10.0.8.0/24, in my case).
Here is a link to the discussion:
https://forum.netgate.com/topic/143173/openvpn-works-but-no-local-dns
General steps to reproduce:
- Use the OpenVPN wizard to create an OpenVPN server (default settings, more or less, as explained via various tutorials)
- Edit OpenVPN server settings, select DNS Default Domain and provide internal domain name, if applicable. (e.g., “my_internal_ntwork.home”)
- In addition, select DNS Server Enable, and specify IPv4 address of Netgate gateway (in my case, LAN 192.168.1.1 and OpenVPN network 10.0.8.1), as well as an external DNS, e.g., Google’s 8.8.8.8
- Export client (certs, config, etc) for openVPN client
- In my case, I am using iOS (or iPadOS, as the case may be), import, etc.
- Connecting to the VPN works fine, and I can ping, ssh, etc to IP internal addresses on the LAN network, but internal domain names cannot be resolved (external domain names are fine).
- Under Services/DNS Resolver/General Settings -> “Network Interfaces”, unselect “All” and select all the networks listed
- Reconnect OpenVPN client (required)
- Local DNS resolution from 10.0.8.0/24 (or equivalent) now works.
Actions