Netgate SG-1000 microFirewall

Author Topic: Update DNS Server w/ VPN Virtual IP  (Read 255 times)

0 Members and 1 Guest are viewing this topic.

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Update DNS Server w/ VPN Virtual IP
« on: January 15, 2018, 07:52:10 am »
I have set up my network with multiple VPNs. One of the VPN connection needs to be the DNS server for the pfsense box. Every time the VPN connection is established, I get a new "Virtual IP" from the VPN provider. How can I update my DNS server with the newly acquired Virtual IP from the VPN server?

I currently need to update the DNS server every time the VPN reconnects. This can be a bit frustrating. it became more of an issue when I am away from home and the wife needs the internet, but there is no DNS resolution

See attached pics.

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #1 on: January 16, 2018, 12:40:07 pm »
So, I have made a bit of progress. the following connads works to retrieve the "Virtual IP" from my VPN connection
Code: [Select]
ifconfig ovpnc2 | grep "inet " | awk '{print $2}'Note: "ovpnc2" is to be replaced with the appropriate interface.

I also found that the DNS server information is kept in:
Code: [Select]
/etc/resolv.conf
in my case it is the 3rd/last line on that file. 
Now I just need to figure out how to pipe the output of the first command to replace the line containing "nameserver VPN VIRTUAL IP" without affecting the other lines in that file.

There is another line with "nameserver 127.0.0.1" which I do not want to replace.

I also have not figured out how I want the final product to run. should I run it on a preset interval. Or is there a way to make it run only if the VPN connection is restarted?

Any suggestions?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9805
  • Karma: +1107/-311
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #2 on: January 16, 2018, 01:59:04 pm »
Whatever is on the other side should have a static DNS server address you can use.

In other words, there has to be a better way.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15153
  • Karma: +1413/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #3 on: January 16, 2018, 02:08:08 pm »
Who is your vpn provider?  It makes zero sense from them to change the dns every time you connect... They at worse case have a pool of addresses they hand out... What is your VPN provider so can do a simple google to what dns should be for them..

Why would you be pointing dns to the IP pfsense gets??
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #4 on: January 17, 2018, 02:57:15 pm »
This particular setup is with vyprvpn. For what I have been able to get from them, their DNS is managed internally once clients connect. Basically i need to use the address  provided in order to route DNS.

I am able to use any other DNS server I want. However, for media consumption i.e Netflix and Hulu, I need to use their DNS server. If I don't, I get a location mismatch / proxy server error.

I have tried multiple workarounds. This seems to be the only way I can get it to work properly.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15153
  • Karma: +1413/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #5 on: January 17, 2018, 03:15:29 pm »
And what setup are you using - they do not list setting up openvpn with pfsense.  And their setups with dd-wrt, etc state they do not support vyperdns with them.

Pointing dns to your IP you got from your vpn makes no sense - there will be nothing listening on this IP for dns..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #6 on: January 17, 2018, 03:28:37 pm »
I used this setup https://pixelsandwidgets.com/2014/10/setup-pfsense-openvpn-client-specific-devices/. I had to play with it as it is an older guide. I realize that pointing o the IP does not make sense. However, doing so gets me DNS resolution. The odd part of it is that even thou the IP is within their network, I do not get DNS resolution if the IP changes.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9805
  • Karma: +1107/-311
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #7 on: January 17, 2018, 03:39:33 pm »
Some three-year-old walkthrough is peobably going to lead you to take a wrong turn.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #8 on: January 17, 2018, 03:50:13 pm »
Some three-year-old walkthrough is peobably going to lead you to take a wrong turn.

The setup seem pretty standard for what I have been able to research. I believe the biggest issue is that vypr does not provide their DNS server address

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9805
  • Karma: +1107/-311
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #9 on: January 17, 2018, 03:59:17 pm »
Then use a different DNS server (or a different VPN provider). That configuration is completely non-standard. Your current path is dark and full or terrors.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #10 on: January 18, 2018, 11:32:21 am »
Then use a different DNS server (or a different VPN provider). That configuration is completely non-standard. Your current path is dark and full or terrors.

I'm going to look into different VPN. I really like vypr for media consumption. They are the fastest/lowest latency provider i have tested. definitely not for privacy/security. For the time being I'm probably going to figure out how to keep the address updated.

p.s I like your GoT reference!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15153
  • Karma: +1413/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #11 on: January 18, 2018, 11:56:46 am »
Why don't you contact them... The providing you with a rfc1918 address for their dns would solve the problem, since this would only be available for sure via their vpn users, and not give anyway any sort of info of where their dns is located, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline jrgx19

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Update DNS Server w/ VPN Virtual IP
« Reply #12 on: February 08, 2018, 01:07:14 am »
I know it has been a while. I did contact them (vyprVPN). They would not provide their DNS information. So, I guess for the time being, I am kinda have to just deal with it. I have not had any time lately to continue playing with it. One of these weekends I can resume my adventure on my current path, "dark and full of terrors"