I have my pfsense set as exit node in a tailscale network, using headscale! If I don’t use the exit node on my phone I’m able to access my local services and the internet! But if I turn on exit node I can’t access the internet! The problem is dns, because I’m able to ping public ips, but I can’t resolve dns! This is driving me crazy.
All my interfaces are able to query dns without problem, even localhost can query from the cli! I don’t understand the reason!
Thank you in advance
Not sure where to set this in Headscale but in Tailscale there is an option to set the DNS server and you can set it to be pfsense.
The configuration is basically the same, I have the pfsense as dns server, that way I can query my local network, and that works if I have the exit node off! But if I turn on the pfsense exit node it does not work. I don’t know if this is something wrong with my pfsense configuration.
I did some testing and I think I’m getting somewhere! My laptop has the pfsense as a dns server! If I use my laptop as an exit node I have to advertise the pfsense network for dns query to work, makes sense because tailscale needs to be allowed to route traffic to that network.
Can this be the same issue with pfsense? I allow all the networks, but I use “dns resolver”
I think this is related:
If I add my laptop as exit node it works, I think the problem is related with pfsense and probably DNS Resolver!
I am also experiencing this issue. For others searching around, see also this GitHub issue and this netgate forum thread.