Page 1 of 1

DNS Issues

Posted: Thu Jun 06, 2019 2:59 am
by taylorabc101
# Network configuration

Net1 (192.168.0.0/24)
|
|
|
192.168.0.199
eth0
|
tun0
10.8.0.2
|
|
10.8.0.1
tun0
|
eth1
10.0.0.1
|
|
Net2 (10.0.0.0/24)

# Server Firewall

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere

REJECT all -- loopback/8 anywhere reject-with icmp-port-unreachable

ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request

ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:ssh

ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED udp dpt:23111

ACCEPT udp -- anywhere anywhere state ESTABLISHED udp spt:domain

ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:http

ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED udp spt:ntp

ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:https

ACCEPT all -- anywhere anywhere

REJECT all -- anywhere anywhere reject-with icmp-port-unreachable



Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

REJECT all -- anywhere anywhere reject-with icmp-port-unreachable



Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere

ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:ssh

ACCEPT udp -- anywhere anywhere state ESTABLISHED udp spt:23111

ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED udp dpt:domain

ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:http

ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:https

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere

# Server configuration
dev tun
proto udp
port 23111
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_Yl0XwXX1dQ0rSxK7.crt
key /etc/openvpn/easy-rsa/pki/private/server_Yl0XwXX1dQ0rSxK7.key
client-config-dir /etc/openvpn/ccd
dh none
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.0.100"
push "dhcp-option DNS 8.8.8.8"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3

# Explanation
I can connect to the vpn get through to both networks just fine. But when I am connected to the VPN and I do a nslookup on my DNS server 192.168.0.100 the request fails. When I ssh to the VPN server I can resolve DNS names just fine. I was wondering if you guys had any tricks to track down exactly is going on or have had this issue before.

# Extra info
VPN server = raspbian
client = windows 10 host

Thank you for your time!

Re: DNS Issues

Posted: Thu Jun 06, 2019 12:32 pm
by TinCanTech
taylorabc101 wrote:
Thu Jun 06, 2019 2:59 am
I was wondering if you guys had any tricks to track down exactly is going on
disable your firewall.