Yikes – I’ve always hated OpenVPN and it seems this time is no different – argh.
Ok so I stepped through Tom’s video on how to enable OpenVPN on pfsense. I tried to keep things pretty simple. I created a user, and then stepped through the OpenVPN wizard select Auth only (no client certificates – to hopefully simplify the process).
I exported the client certificate credentials (iOS) and imported them into iOS with OpenVPN installed. I put the phone on the cellular network and tried to connect. – Nothing showed up in the pfsense logs or openVPN logs and I don’t see any logs within iOS (iOS extremely limited).
So double checking a few things. My DNS provider is cloudflare which proxies to my network. I looked at my exported profile and found the line stating:
remote <IP_address> 1194 udp4
I substituted the domain_name for the IP_address since I’m aware I’m proxying through CF.
I reimported the configuration back into iOS. – and still nothing and worse of all no logs on pfsense.
So I did some further research and found CF can only proxy for http/https services. So I created a CNAME openvpn.domain.com and pointed it to my A record and set CF for DNS only (no proxy).
So once doing this extra setup I was able to connect to through OpenVPN. Yeah (or so I thought)
So I was testing this on my phones cellular network. Within terminus (which is a terminal app), I could ping hosts on the LAN via domain name – I have DNS host overrides defined on the LAN for local servers. I thought all was good but I found I can not connect to any local host name. I can by local IP address, but not host name – which seemed to be a problem with name resolution.
I have installed a app on ios called DNS Override. I modified the program to use by local DNS server (10.0.1.1 followed by 1.1.1.1). Additionally I made a change to the client config file adding: dhcp-option DNS 10.0.1.1. Additionally pfsense Openvpn was configured to push this DNS server to clients as well.
Despite all these changes – no local host name resolution seems possible when using Chrome, Safari, FF mobile apps. Is this the expected outcome?