Although this works. The clients still resolve names with the local DNS also.
If an address is returned by both the VPN DNS and local DNS, which one is used by the client?
I'm guessing the first one returned would be used.
But since the connection is actually going to be through the VPN it seems that would be the proper address to use.
Is there anyway to prevent queries for non-local names from being made to the local DNS?
With out local access being blocked of course.
Client config on Windows 8.1 Pro
Code: Select all
dev tun persist-tun persist-key cipher AES-256-CBC tls-client client resolv-retry infinite remote sub.domain.tld 1194 udp verify-x509-name "OpenVPN Server Certificate" name auth-user-pass pkcs12 pfsense-udp-1194-USER1.p12 tls-auth pfsense-udp-1194-USER1-tls.key 1 ns-cert-type server comp-lzo
Server Config on pfSense 2.1.3 (FreeBSD 8.3-RELEASE-p16)
Code: Select all
dev ovpns2 dev-type tun tun-ipv6 dev-node /dev/tun2 writepid /var/run/openvpn_server2.pid script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 22.214.171.124 tls-server server 192.168.22.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server2.php via-env tls-verify /var/etc/openvpn/server2.tls-verify.php lport 1194 management /var/etc/openvpn/server2.sock unix max-clients 9 push "route 192.168.2.0 255.255.255.0" push "dhcp-option DOMAIN noyb" push "dhcp-option DNS 192.168.2.1" push "redirect-gateway def1" client-to-client ca /var/etc/openvpn/server2.ca cert /var/etc/openvpn/server2.cert key /var/etc/openvpn/server2.key dh /etc/dh-parameters.4096 tls-auth /var/etc/openvpn/server2.tls-auth 0 comp-lzo persist-remote-ip float topology subnet