Good Evening,
An issue we have been encountering for quite some time is attempting to connect to host names, to utilize services on that machine, through an OpenVPN client. The IP address can be used to ping to and connect to, but replacing the host name does not work.
I followed the following topic, OpenVPN DNS resolver issue, which is an exact replica of the issue we are having, but seemingly can’t connect to host names through the OpenVPN.
Tunnel is: 192.168.70.0/24
Host Name: dimsum
Domain: localdomain
IP address in question:192.168.1.127
The list of items and my notes of failure are as follows
o First, pFsense will be updated from 2.4.5 to 2.5.2
pFsense updated to 2.5.2 at 6:00. Began steps at 6:05
o Walk through each option of the Advanced Client Settings and check off one ate a time
DNS Default Domain Provide a default domain name to clients
By itself, adding “localdomain” does not work, allow ping to 192.168.1.127 or dimsum.localdomain
DNS Server enable Provide a DNS server list to clients. Addresses may be IPv4 or IPv6.
Adding DNS Ip address of “192.168.1.254” or “192.168.1.1” by itself and with “local domain” under DNS default Domain does not allow ping to dimsum.localdomain. Allows ping to “192.168.1.127”
Block Outside DNS Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.
Checking this item by itself and with each other previous options, does not allow ping to dimsum.localdomain
Force DNS cache update Run “net stop dnscache”, “net start dnscache”, “ipconfig /flushdns” and “ipconfig /registerdns” on connection initiation.
Using this option by itself and with previous items, does not allow ping or connection to dimsum.localdomain
NTP Server enable Provide an NTP server list to clients
NTP Server’s not in use at the moment
NetBIOS enable Enable NetBIOS over TCP/IP
When setting is checked by itself and with other previous options, does not allow connection to dimsum.localdomain
o Investigate and try to activate option 15 on the DHCP server, with the inputted host domain.
DHCP not being used on pFsense networks
o Select various combinations under Outgoing Network Interfaces in DNS resolver
Combination of relevant interfaces (LAN, Localhost, WAN2) does not allow connection to dimsum.localdomain, or IP address
o Add server IP address instead of host name under OpenVPN client registration. In concurrence with this step, restart DNS resolver.
Edited OpenVPN client configuration file used to create connection profile with only IP address in place of relevant DNS host name, did not achieve an different result than before
o Verify VPN and its connection profile is utilizing split-tunnel protocol, which would allow resources to be accessed on the network once tunnel is up.
VPN is using split tunneling by using a Tunnel scope “192.168.1.70”. Utilized the
push routes of relevant IP addresses
Commands in the Advance Custom settings field, in concurrence with this. No connection to dimsum.localdomain, IP address is still viable
o Verify the VPN tunnel does not take precedence over the local area interface that is directing DNS traffic to the VPN DNS servers.
Tip refers to changing metric on local windows machine to 2. Did not achieve a connection to dimsum.localdomain, ping to IP address is still valid
o Verify the DNS suffice is in the “DNS suffix for this connection” box
When pinging, localdomain is indeed inside the DNS suffix for this connection box, on a remote computer
o Verify the VPN client was assigned with a DNS/WINS server for name resolution.
Step is in conjunction with previous step. WINS server not utilized. Providing DNS servers of 192.168.1.1 & 192.168.1.254” do not solve the issue of allowing connections to dimsum.localdomain
o Verify DNS servers are visible on the VPN. If the LAN’s DNS server is accessible via the VPN, verify the OpenVPN software is configured to the DNS servers listed.
The LAN’s DNS server IPs are available for ping. OpenVPN connect was configured to DNS servers in previous step, when being pushed.
o Verify the OpenVPN tunnel network where hosts rely on are of the same subnet as the LAN network.
OpenVPN Tunnel & LAN network are both on /24 subnets
o Verify the VPN tunnel is set to the internal DNS server and verify the internal DNS isn’t blocked. Which could cause the DNS to fall back to the client’s network DNS.
Changing the tunnel from anything other than 192.168.70.0/24 does not allow ping to IP address or dimsum.localdomain
Any help/guidance would be much appreciated.