1

Context

I have a pfSense as a router/firewall, and relevant to this question, I have two connected computers, one laptop and one desktop. I use the laptop to connect to a VPN in order to access some work related servers (172.26.0.0/16). This servers resolve their hostnames using a private DNS (i.e. 10.0.1.1).

Here is a simplified diagram of my network setup: enter image description here

Problem

Just to avoid falling for the XY Problem, I will try to explain in the most simple and generic way what the problem is and what I want to achieve:

All I want is to be able to access these work servers through my desktop PC, and currently I can't.

The VPN connection I have is made specifically to my laptop, so I can't just configure another computer with it. Previously we used OpenVPN, so I could do what I'm trying here fairly easily. In fact, I did that by setting up pfSense as a OpenVPN client.

If you see any other way to solve this situation, feel free to offer a different suggestion than what I've tried.

What I've tried so far

So, after a lot of searching, the approach that looked most promising was using sshuttle.

I've used this command as a first start

sshuttle -v --dns -r <user>@10.23.23.30 --to-ns=10.0.1.1 172.26.0.0/16:0 -l 0.0.0.0:0

With that, I'm able to do a nslookup on pfSense and it does resolve the domains I want correctly.

enter image description here

enter image description here

But when I tried the same thing on my machine, it didn't work.

enter image description here

By using sshuttle in verbose mode, I can see that whenever I try to do a nslookup with my desktop PC using the private DNS, sshuttle logs a connection from my WAN address, but the response on the client times out. enter image description here

I've tried other options with sshuttle, like passing my router as a ns-host, which allows me to do nslookups using its IP address instead of localhost or the private DNS, but that did not solve my problem.

I've also tried to set Domain Name override in pfSense using the private DNS, since it looks like it's accessible there. But I had no success with that either.

Final thoughts

I already had a rule on pfSense allowing traffic from anywhere to anywhere within LAN connected devices. Then I created one on WAN from my WAN address to any address on work network (172.26.0.0/16) just in case. But nothing helped.

Can I make this work? Is there another way worth looking at?

I feel like I'm close since I'm already able to resolve the domain names on my router, but now I don't know exactly how to proceed.

greatbard
  • 121

0 Answers0