Remote side DNS problem

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tw222j23
OpenVpn Newbie
Posts: 1
Joined: Fri Feb 03, 2023 11:03 am

Remote side DNS problem

Post by tw222j23 » Fri Feb 03, 2023 11:38 am

Hello guys,

I am facing two issues in a complex situation so I will need some expert help on this. Let me describe the case. There is a pfsense server VM hosting OpenVPN running in HyperV at windows 2019 server communicating with a windows VPN VM to get AD credentials. Its server is connected to with a Cisco switch and a Cisco ASA. The ASA has 2 S2S connections to cloud hosted physical servers. Connection is established and everything works fine except two cases.

Case A)
After connecting to windows VPN, I can access the remote site that is accessible through the ASA S2S VPN connection.
After connecting to OpenVPN, I cannot access the same remote site though I can see the required routing is set to send traffic to the remote site IP through the OpenVPN virtual IP.

Case B)
Everything works fine, I can access all resources on win 10 PCs that belong at the windows domain as well as well as on win 10 PCs that do not belong to the domain. A customer has to use it from a different country, he connects using win 10 to the OpenVPN succesfully as I can see at pfsense logs but has problem accessing remote resources. DNS requests fail so trying to access the desired webpage through its FQDN fails since the URL cannot be resolved. I have not been able to reproduce this on any win 10 or win 11 PC though. On my tests I can access the webpage, no matter what I do to establish a connection, DNS requests work smoothly. Antivirus has been disabled prior testing.

The config is given below:
dev tun
persist-tun
persist-key
data-ciphers AES-128-GCM:AES-256-GCM
data-ciphers-fallback AES-256-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote openvpn.obsidian.com 1999 udp4
auth-user-pass
remote-cert-tls server
explicit-exit-notify

<ca>
-----BEGIN CERTIFICATE-----
A
...
Z
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
a
...
z
-----END OpenVPN Static key V1-----
</tls-auth>

Any hint(s) how to troubleshoot those issues?
Top
Post Reply

Return to “Configuration”