[Solved]Problems with DNS resolve

[ritchie]

Hi,

I am trying to connect with a android phone 4.4. The connection is working fine, but I can not reach any local server by name. I guess, that the DNS request is not going over the vpn connection.

Code: Select all

#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local rotarn.hopto.org
dev tun
proto udp
port 1194
script-security 3 system
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
server 10.105.209.0 255.255.255.0
tun-mtu 1500
keepalive 10 60
status-version 1
status /var/run/ovpnserver.log 30
cipher AES-256-CBC
auth SHA1
comp-lzo
push "redirect-gateway def1"
push "dhcp-option DOMAIN <My Doman name>"
push "dhcp-option DNS <My local IP of the DNS server>"
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 4

This is just the client config

tls-client
client
nobind
dev tun
proto udp
tun-mtu 1400
remote <Meine DYN DNS IP> 1194
pkcs12 /etc/openvpn/Handy.p12
cipher AES-256-CBC
auth SHA1
comp-lzo
verb 3
ns-cert-type server

The mobil is not rooted.
I just get the impression, that any dns request is using the local dns server setting of the handy.

What do I have to configure ?

Best regards
R.

[Traffic]

I can not reach any local server by name

What server name are you trying ?

Can you ping google.com over the vpn ?

[ritchie]

Hi,
With a active vpn connection, i can not ping google.com .
Dns does not work with vpn tunnel. I am using ipfire, maybe this helps as well.

Best regards
R.

[Traffic]

FYI: Your local servers are probably not in global DNS.

As for not pinging google.com over the vpn .. please read this:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

push "dhcp-option DNS <My local IP of the DNS server>"

what DNS address do you use ?

[ritchie]

Hi,

what DNS address do you use ?

I am using the IP adress of my "Green" Network, which is a 192.168.x.y address.

This is the IP adress of my Firewall/dhcp/dns router, which is working correctly, when
I am in the normal lan, for the green Network, which is the internal Network of my Network.

My VPN IP addresse is a 10.x.y.z address based

Do you thing, I have to add something like this command in my configuration.

Code: Select all

iptables -t nat -A POSTROUTING -s 10.x.y.0/24 -o red0 -j MASQUERADE

Red is my Internet Connection Network Card.

Thanks for helping.

Best regards
R.

[Traffic]

I am using the IP adress of my "Green" Network, which is a 192.168.x.y address.

This is the IP adress of my Firewall/dhcp/dns router

does this router also run openvpn server .. or is the server on another machine ?

[ritchie]

Hi,

does this router also run openvpn server .. or is the server on another machine ?

The vpnserver is running on the same machine (router).

Best regards
R.

[Traffic]

Do you have a PC on your server LAN that uses the same router for DNS ?

Can you connect your Andriod to your server LAN Wifi and then ping google.com ?

Can you ping 8.8.8.8 from the phone over the VPN ?

Do you thing, I have to add something like this command in my configuration.
Code:
iptables -t nat -A POSTROUTING -s 10.x.y.0/24 -o red0 -j MASQUERADE

NAT is required on the server for your VPN .. however, your router may do this automatically ..
what is the make/model of the router .. do you have a link to its manual ?

[ritchie]

Hi,

Do you have a PC on your server LAN that uses the same router for DNS ?

Yes.

~$ ping google.com
PING google.com (173.194.65.139) 56(84) bytes of data.

But no response is shown.
I am using a web proxy for this, who is blocking such things.

Can you connect your Andriod to your server LAN Wifi and then ping google.com ?

Yes, but ping does not work. also ping 8.8.8.8 does not work.

But I can ping all my servers with <hostname>.<surname>.lan from all computers which are in the green network.

NAT is required on the server for your VPN .. however, your router may do this automatically ..

I hope so too. I am using a software named "ipfire". http://wiki.ipfire.org/en/configuration ... es/openvpn

Best regards

R.

[Traffic]

Hi,

Quote:
Do you have a PC on your server LAN that uses the same router for DNS ?

Yes.
Quote:
~$ ping google.com
PING google.com (173.194.65.139) 56(84) bytes of data.

But no response is shown.

You cannot ping google.com from a normal pc on your network ?

[ritchie]

Yes,
I can not ping Google.com from my normal Computer, but from the router (terminal session), it works.

I just check again a Connection an saw in the log file the following message:

OpenVPN Route: failed to parse/resolve route for host/Network: ::/0

maybe this is helpful.

Best regards

R.

[Traffic]

On your PC .. disconnect from openvpn .. can you ping google.com ?

I just check again a Connection an saw in the log file the following message:

Quote:
OpenVPN Route: failed to parse/resolve route for host/Network: ::/0

this is for IPv6 .. which you have not shown in your configs ?

[ritchie]

On your PC .. disconnect from openvpn .. can you ping google.com ?

No.
I guess, it is a security Setting from the Firewall.

this is for IPv6 .. which you have not shown in your configs ?

Up to now I am using only IP4.

[Traffic]

Quote:
On your PC .. disconnect from openvpn .. can you ping google.com ?

No.
I guess, it is a security Setting from the Firewall

let me know when you resolve this ..

[ritchie]

Hi,

I fixed the Problem.
I was a Problem by the Firewall.
The Firewall blocked port 53 for the VPN Connection.
After opened some ports for the VPN Connection, everything works fine.

Best regards
R.