Are you using DNS from your own pfsense or are you using assigning a public DNS server in your DHCP setting for your OpenVPN interface?
If you use internal DNS you have to set an ACL on the DNS resolver inside pfsense. Navigate to Services > DNS > Resolver > Access Lists the click on Access List tab and add your tunnel network subnet like below
Save and apply changes.
I assume your network mask is the ip range of your OpenVPN?
Here’s (what i think is) the relevant section of my OpenVPN configuration:
and here’s the settings for the DNS Resolver (DNS Forwarder is NOT enabled):
LMK if anything else would be helpful to aid in diagnosing. I’m thinking about pasting all my OpenVPN settings in a separate post, cause i’ll be honest there’s a bunch in there i don’t understand…
Your second screenshot looks to be incorrect for you DNS settings. You have 10.10.10.1 and your access list is 10.10.11.0/24 which are 2 different subnets.
You’ll need to set your DNS to the same subnet as your IPv4 Tunnel Network settings in your openvpn in the access list.
So i made the following change per your suggestion:
Will i need to reload the certificate in my android client? testing from home with my wifi turned off, i was, eventually, able to pull up a website or 2 (it was extremely slow) but not my pfsense UI @ 10.10.10.1. Is there further configuration needed to “link” the dns at 10.10.11.1 to the main one @ 10.10.10.1? I have localdomain under DNS Default Domain, but am not sure what you greyed out…
Feels like progress though!
Your gateway (10.10.11.1) is already tied to your DNS resolver. Whatever 10.10.10.1 can query for DNS, so will 10.10.11.1.
excellent thanks for clarifying. Any idea why i still can’t connect to 10.10.10.1 WebUI in my browser then? Should I just post all my OpenVPN settings for clues?
edit: also tbc, it seems like pretty much any webpage i try eventually pulls up so it’s definitely moving in the right direction, it’s just VERY slow and I can’t bring up local servers GUI on local ip addresses (e.g.10.10.10.1)
Its slow because you probably have all traffic forced through your VPN and either cellular internet or home internet is slow.
If you want it faster you have an option to split tunnel which means you can access the internet just as you normally would by the phone going to a site without going through the VPN tunnel and when you request to navigate to your pfsense web GUI for example you will be able to reach it.
If you want split tunnel follow below.
I’ve made the following change:
unfortunately with these new options I still don’t have the ability to access local IPs GUI’s. Will I need to reload the certificate?
I have gigabit AT&T Fiber at home, and experience no speed issues at home. The cellular network on the other hand could be the culprit. It used to work flawlessly, even before i had fiber (and while on it), I wonder what changed…
I feel like there is something to my internet connection after I connect
I think i fixed it!
Added this:
from this thread https://www.reddit.com/r/GoogleFi/comments/unnetd/openvpn_stopped_working_over_lte/
which is from a person that was experiencing a similar problem: OpenVPN over Google Fi stopping working about 10 months ago. So fingers crossed this was the issue…
