VPN Client DNS Mapping

anekos · March 14, 2023, 12:40pm

We want to use the client DNS mapping feature to be able to resolve our servers internally.

Can you advise what is missing from the steps below to troubleshoot and get the DNS mapping to work?

Enable VPN client DNS Mapping from webui and start the vpn server
The users’ dns names are available in the user/organization list
Doing a dns lookup for a user’s dns name from a vpn client fails

On a tcp dump on the pritunl server we can see that there are requests from the client to the vpn server’s IP, but there is nothing listening on port 53/udp on the server, so the port is unreachable.
12:12:39.877236 IP 192.168.216.1 > 192.168.216.3: ICMP 192.168.216.1 udp port 53 unreachable, length 89

Before enabling the dns mapping setting on the server, the dns requests do not hit the vpn server, but go straight to the public dns servers.

According to the documentation, the dns service is created automatically when the dns mapping option is enabled and should resolve the .vpn dns names and any other requests will be forwarded to public dns servers (this last part works).

Thanks in advance,
Anestis

zach · March 14, 2023, 12:49pm

For macOS Ventura this requires running sudo pritunl set vpn.dns_mapping_push_all false. The Debugging documentation has more information.

anekos · March 14, 2023, 2:14pm

Hi Zach,

Thanks for the quick response.
We are not using macOS, most of our clients run on Linux (Ubuntu).

The issue is not the use of external (public) DNS - this works, but the resolution of the internal example.organization.vpn.

Regards,
Anestis

zach · March 14, 2023, 2:48pm

The Pritunl Client doesn’t support configuring the DNS server with NetworkManager which is used by Ubuntu. Systemd Resolved used in Fedora is supported. The Gnome Client will allow configuring the DNS server on Ubuntu.

anekos · April 17, 2024, 11:59am

Hi Zach,

We are using systemd-resolved service for dns:

We try to enable the vpn client DNS mapping from the vpn server instance:

Our clients run on Ubuntu 22.04 (headless). We got pritunl-client (not electron) installed.

Can you provide a working example of client DNS mapping?
Or is this not supported for our setup?

Many thanks,
Anestis

zach · April 18, 2024, 2:24am

If the system has systemd-resolved it should work. Refer to pritunl/pritunl-client-electron/service/profile/profile.go:361 for the code that determines if the systemd-resolved start script is used. It will look for the string systemd-resolved in /etc/resolv.conf. If this is true check the code used for the script and look for errors in the profile log pritunl/pritunl-client-electron/service/profile/scripts.go:243