I believe I found a solution for this: VyOS uses dnsmasq as the DNS Cache/Forwarder. The dnsmasq implementation in VyOS stores its configuration in the file:
VyOS configuration states that it is required to specify a network interface that will listen to the DNS requests, and send those requests to the dnsmasq service. When you connect to a VyOS through a L2TP VPN connection, each connection gets its own network interface, called l2tp0, l2tp1…l2tpN, also known as l2tp+, totally bypassing the interface specified for listening for DNS requests used by the dnsmasq service.
If you look at the dnsmasq man page:
It states that you can configure the dnsmasq service to listen for DNS requests on all network interfaces simply by omitting the:
configuration option line on the /etc/dnsmasq.conf file.
So if you delete the “interface=” line in the dnsmasq.conf file and restart the dnsmasq service using the command:
[align=center]sudo service dnsmasq restart[/align]
at the vyos@vyos:/$ command prompt, reconnect the VPN client to the VyOS, the client should be able to lookup all DNS queries using the VyOS DNS Cache/Forwarder, provided you specified the VyOS IP address as the VPN DNS Server:
[align=center]set vpn l2tp remote-access dns-servers server-1 [/align]
All of this isn’t a permanent solution, as the VyOS configuration will always add the
[align=center]set service dns forwarding listen-on [/align]
to the /etc/dnsmasq.conf file when you make a configuration change, or reboot/restart the VyOS box.
To deter the VyOS configuration from requiring the “DNS Forwarding Service Listening Interface” to be specified, and make these changes permanent, you could modify the VyOS DNS Forwarding Service template located at:
Look for the line:
commit:expression: $VAR(./listen-on) != “”; “At least one interface must be configured for DNS forwarding parameter ‘listen-on’”
And replace the Not Equal signs “!=” with the Equals Equals signs “==”, so it looks exactly like this:
commit:expression: $VAR(./listen-on) == “”; “At least one interface must be configured for DNS forwarding parameter ‘listen-on’”
That way, the template will allow the VyOS listen-on configuration option to be empty when committing the configuration changes.
Please be careful when editing the VyOS configuration templates, as it might render the VyOS configuration system nonfunctional. It’s always a good idea to make a backup copy for the file before changing anything, so you have an easy way to restore everything in case something goes wrong. A simple copy command like:
[align=center]sudo cp node.def node.def.bak[/align]
Would be enough to have a recovery option. After modifying the VyOS configuration template, don’t forget to delete the "listen-on " configuration option on the VyOS configuration mode.
Let me know if this is of any help to you, as I really hope this information is useful for solving this issue.