Hello,
I have a pfSense with haProxy, and DNS Resolver.
haProxy is working fine with DNS Resolver redirecting to the correct services and apps, but in the LAN is not working.
In the General Setup I have the CloudFlare DNS and Google configured, with the option to use local DNS first before failing back to the remote DNS.
Is there something that I’m missing?
I tried looking for this information, but none can explain why isn’t working.
in Interfaces > LAN do you have the last two checks selected?
unselect them.
Hello,
Both are unselected and ping between the hosts inside the LAN with hostname is good.
But openVPN ping to the hostname is still not available. Do I need to change advance settings in the openVPN?
DNS Default -> DomainProvide a default domain name to clients
DNS Server enable -> Provide a DNS server list to clients. Addresses may be IPv4 or IPv6.
OpenVPN > VPN > Servers > Edit
I had a similar problem and eventually traced it to KEA DHCP. When I reverted back to ISC DHCP, everything worked again.
@pavlos That option is on and still DNS is not working.
@Louie1961 I’m not using DHCP in the LAN every thing is with static IP.
Let me describe a sample network … your LAN is 10.0.0.1/24, there are clients that have 10.0.0.20, .30, .40 static. OpenVPN is configured, you did not mention the tunnel ip, lets say it is 10.0.30.2 (has to be outside the LAN net)
You’re in the office, vpn to your home, you should see the tunnel ip in ifconfig but pinging 10.0.0.20 does not work. Can you paste the ipv4 Diagnostics > Routes (mask your public ip)
Here is the network layout.
This is Proxmox server with pfsense as a VM.
3 networks
GW and DNS are the last last available IP of the network .254.
openVPN → 192.168.255.0/24
Through the wizard I configured the networks allowed is 172.16.0.0/16.
I didn’t create any static routing, I though that was implicit when creating the
network allowed.
this is my ovpns1, note the flags
10.0.30.0/24 10.0.30.2 UGS 0 1500 ovpns1
Yep, you’ve UGS that means that is usable static route.
Where did you add the static routes?
Are does are routes that are created by pfsense?
One of two things or both.
Either I did a bad configuration during the deployment or configurations are missing.
U is host up, G is gateway, S is static.
Your openVPN config is not ok, if there was a gateway, ovpn would use it.
In VPN > OpenVPN > Servers > Edit at the bottom I have provided DNS
I did a tracepath on an Ubuntu and here is the thing. If I request for an IP it goes through the VPN, but if I request for the name it goes through my local network.
$ tracepath 172.16.0.2
1?: [LOCALHOST] pmtu 1500
1: 192.168.255.1 79.752ms
1: 192.168.255.1 85.362ms
2: 172.16.0.2 80.058ms reached
Resume: pmtu 1500 hops 2 back 2
$ tracepath promotheus.example.com
1?: [LOCALHOST] pmtu 1500
1: routertecnico.home 0.888ms
1: routertecnico.home 1.338ms
2: no reply
3: 10.137.207.33 15.172ms
4: 10.255.48.86 31.166ms
...
It seems that is not accepting the route through the VPN.
I’m using the command line sudo openvpn pfSense-UDP4-1194-zumo-config.ovpn and connects to the VPN.
looking at the DNS list it seems that local network takes priority over the VPN. All the options suggested and checked.
Hello,
I got it to work. It was a challenge.
So when installing the openVPN in Linux there are couple of extra that are downloaded one of them is openvpn-systemd-resolved. This is what is used to updates the routes to the GW that are inserted in openVPN in pfSense.
In the openVPN profile file that is used for the connection you need to edit an insert these lines before the certificates.
...
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
<ca>
...
In hopes this helps anyone else with the same issue.