Firewalla Gold - Set DNS Server for VPN Connection

Comments

16 comments

  • Avatar
    Chris Dillard

    Hey Keith, did you ever find a solution? I just got my gold up and running and I'm facing a similar challenge.

    0
    Comment actions Permalink
  • Avatar
    Support

    This is not supported in the current app, although the DNS server on the VPN server is customizable at the backend on Gold box. We will make this configurable in the app in our future app release.

    1
    Comment actions Permalink
  • Avatar
    Justin Morrell

    So happy to hear this will be configurable in the app.  Exactly what I was looking for!

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    Thumbs up from me on the customizable DNS for VPN in the app.

    0
    Comment actions Permalink
  • Avatar
    Mstormo

    Also important to note is that if you're not forcing all traffic through the VPN connection (split traffic/you only pass traffic with a destination within the VPN network through the VPN connection), then the Interface Metric/priority order becomes important.

    To ensure you use the VPN DNS server in this case, the VPN interface must have a lower Metric number/priority order than your default network connection.

    If you force all traffic through the VPN, it shouldn't matter.

     

    See https://www.windowscentral.com/how-change-priority-order-network-adapters-windows-10

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    I added dhcp-option DNS 172.X.X.X into the downloaded OpenVPN cert, but it didn’t work.  

     

    Now I figured out the server side and  changed that to point to 172.0.0.2 instead of the ISP DNS.

    Still doesn’t work....

     

    maybe getting closer

     

    0
    Comment actions Permalink
  • Avatar
    Mstormo

    If this is on a Windows machine, when the VPN interface is up, follow the guide above, and set the priority to 5 as shown, and see if that helps. 

    Next time, Windows will remember your priority, so you only have to do it once.

     

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    No I’m not on windows..

    0
    Comment actions Permalink
  • Avatar
    Shawn H

    @Andy Brown

    You can change the "push dhcp-option DNS 172.X.X.X" in the server.conf and it will work after you restart the service. 

    Only issue is it does not stick after a reboot...

    sudo nano openvpn/server.conf

    find line push dhcp-option and change it. 

    write changes and exit. 

    sudo service openvpn restart

     

    1
    Comment actions Permalink
  • Avatar
    Andy brown

    @Shawn I believe that that file pulls the DNS from ~/firewalls/vpn/server_config.txt

    I did change that file to point to my Pi-hole DNS and the openvpn/server.conf automatically updated itself to the new setting.  I restarted but still it didn’t work.

     

    Did you get it work over VPN?

    0
    Comment actions Permalink
  • Avatar
    Shawn H

    @ Andy, Yes mine is working fine. Have a copy of my server.conf in /home/pi/.firewalla/config That is where stuff sticks. So on reboot I have it copy the server.conf from there back to /home/pi/opnvpn restart openvpn service and away it goes. 

    I have other customizations in the server.conf like not to route all traffic and pushing routes as well as using firewalla as DNS server. All seems to be taking affect.... 

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    Thanks, I will give it another try. Probably when they release the next version.

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    I had another go and getting VPN traffic through my pi-hole DNS.  Changed the push DNS option, restarted the VPN server.  Reconnected to VPN and the client log file shows the new DNS.  But still no traffic is being directed through pihole.  What am I doing wrong, this is more annoying than essential, but its bugging the hell out of me.  I even regenerated the vpn client files and tried again, but no luck.  Pi-hole is working correctly in all other options.  Are there any rules I need to set or something I missed on the backend setup?

     

    Thanks

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    @Shawn H.  Update on vpn through Pi-hole.  So I had Pi-Hole on a separate machine, just because...no real reason, playing around with containers and docker.  Never got the VPN working though Pi-hole.  Now its moved onto the gold as per the instructions and now it all works once I changed the settings as you indicated and restarted the VPN.  

    1
    Comment actions Permalink
  • Avatar
    Shawn H

    Glad to help. 

    0
    Comment actions Permalink
  • Avatar
    Danny Natale

    Thanks @shawn h.  I followed your directions and now my VPN client is working great.

    0
    Comment actions Permalink

Please sign in to leave a comment.