VPN Client DNS Mapping

anekos · March 14, 2023, 12:40pm

We want to use the client DNS mapping feature to be able to resolve our servers internally.

Can you advise what is missing from the steps below to troubleshoot and get the DNS mapping to work?

Enable VPN client DNS Mapping from webui and start the vpn server
The users’ dns names are available in the user/organization list
Doing a dns lookup for a user’s dns name from a vpn client fails

On a tcp dump on the pritunl server we can see that there are requests from the client to the vpn server’s IP, but there is nothing listening on port 53/udp on the server, so the port is unreachable.
12:12:39.877236 IP 192.168.216.1 > 192.168.216.3: ICMP 192.168.216.1 udp port 53 unreachable, length 89

Before enabling the dns mapping setting on the server, the dns requests do not hit the vpn server, but go straight to the public dns servers.

According to the documentation, the dns service is created automatically when the dns mapping option is enabled and should resolve the .vpn dns names and any other requests will be forwarded to public dns servers (this last part works).

Thanks in advance,
Anestis

zach · March 14, 2023, 12:49pm

For macOS Ventura this requires running sudo pritunl set vpn.dns_mapping_push_all false. The Debugging documentation has more information.

anekos · March 14, 2023, 2:14pm

Hi Zach,

Thanks for the quick response.
We are not using macOS, most of our clients run on Linux (Ubuntu).

The issue is not the use of external (public) DNS - this works, but the resolution of the internal example.organization.vpn.

Regards,
Anestis

zach · March 14, 2023, 2:48pm

The Pritunl Client doesn’t support configuring the DNS server with NetworkManager which is used by Ubuntu. Systemd Resolved used in Fedora is supported. The Gnome Client will allow configuring the DNS server on Ubuntu.