I do not want all traffic to go through the VPN. I use the VPN to connect a small number of machines and I only want traffic for those machines to go through the VPN, everything else should act the same as before the VPN is connected.
After I connect to the VPN, DNS lookups fail. I used a packet sniffer and found that it's using the wrong source IP address when doing the lookups.
wlan0's IP address is 192.168.0.105 and tun0's IP address is 10.8.1.20. My DNS server is on the wifi network and its IP address is 192.168.0.1.
After connecting to the VPN, when the tablet does DNS lookups, it uses the VPN IP address (10.8.1.20) as the source and the the DNS server (192.168.0.1) as the destination. So, it's trying to reach the DNS server on the local network from the VPN interface.
Any ideas on what I need to change to fix this?
Thanks.
Server config:
Code: Select all
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
Code: Select all
client
dev tun
proto tcp
remote xxxxxxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert tablet.crt
key tablet.key
ns-cert-type server
comp-lzo
verb 4
Code: Select all
Fri Jul 10 10:07:21 2015 us=705523 MULTI: multi_create_instance called
Fri Jul 10 10:07:21 2015 us=705604 Re-using SSL/TLS context
Fri Jul 10 10:07:21 2015 us=705654 LZO compression initialized
Fri Jul 10 10:07:21 2015 us=705749 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 10 10:07:21 2015 us=705773 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jul 10 10:07:21 2015 us=705805 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Jul 10 10:07:21 2015 us=705817 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Jul 10 10:07:21 2015 us=705836 Local Options hash (VER=V4): 'c0103fa8'
Fri Jul 10 10:07:21 2015 us=705851 Expected Remote Options hash (VER=V4): '69109d17'
Fri Jul 10 10:07:21 2015 us=705879 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:33503
Fri Jul 10 10:07:21 2015 us=705892 TCPv4_SERVER link local: [undef]
Fri Jul 10 10:07:21 2015 us=705907 TCPv4_SERVER link remote: [AF_INET]XXX.XXX.XXX.XXX:33503
Fri Jul 10 10:07:21 2015 us=706367 XXX.XXX.XXX.XXX:33503 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:33503, sid=7e5a0d3f 5d27f178
Fri Jul 10 10:07:22 2015 us=964493 XXX.XXX.XXX.XXX:33503 VERIFY OK: depth=1, C=US, ST=TX, L=Austin, O=Foo, CN=Foo CA, emailAddress=root@xxxxx.com
Fri Jul 10 10:07:22 2015 us=964681 XXX.XXX.XXX.XXX:33503 VERIFY OK: depth=0, C=US, ST=TX, L=Austin, O=Foo, CN=tablet, emailAddress=root@xxxxx.com
Fri Jul 10 10:07:23 2015 us=124256 XXX.XXX.XXX.XXX:33503 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jul 10 10:07:23 2015 us=124312 XXX.XXX.XXX.XXX:33503 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jul 10 10:07:23 2015 us=124368 XXX.XXX.XXX.XXX:33503 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jul 10 10:07:23 2015 us=124384 XXX.XXX.XXX.XXX:33503 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jul 10 10:07:23 2015 us=345774 XXX.XXX.XXX.XXX:33503 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jul 10 10:07:23 2015 us=345897 XXX.XXX.XXX.XXX:33503 [tablet] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:33503
Fri Jul 10 10:07:23 2015 us=345975 tablet/XXX.XXX.XXX.XXX:33503 MULTI_sva: pool returned IPv4=10.8.1.22, IPv6=(Not enabled)
Fri Jul 10 10:07:23 2015 us=346063 tablet/XXX.XXX.XXX.XXX:33503 MULTI: Learn: 10.8.1.22 -> tablet/XXX.XXX.XXX.XXX:33503
Fri Jul 10 10:07:23 2015 us=346093 tablet/XXX.XXX.XXX.XXX:33503 MULTI: primary virtual IP for tablet/XXX.XXX.XXX.XXX:33503: 10.8.1.22
Fri Jul 10 10:07:23 2015 us=346241 tablet/XXX.XXX.XXX.XXX:33503 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jul 10 10:07:23 2015 us=346278 tablet/XXX.XXX.XXX.XXX:33503 send_push_reply(): safe_cap=940
Fri Jul 10 10:07:23 2015 us=346342 tablet/XXX.XXX.XXX.XXX:33503 SENT CONTROL [tablet]: 'PUSH_REPLY,route 10.8.1.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.1.22 10.8.1.21' (status=1)
Code: Select all
u0_a227@chagallltetmo:/ $ busybox ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:825 errors:0 dropped:0 overruns:0 frame:0
TX packets:825 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:33492 (32.7 KiB) TX bytes:33492 (32.7 KiB)
p2p0 Link encap:Ethernet HWaddr 86:55:A5:F7:36:08
inet6 addr: fe80::8455:a5ff:fef7:3608/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 84:55:A5:F7:36:08
inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::8655:a5ff:fef7:3608/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41585 errors:0 dropped:28 overruns:0 frame:0
TX packets:32849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46677306 (44.5 MiB) TX bytes:4944881 (4.7 MiB)
u0_a227@chagallltetmo:/ $ busybox route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.0.1 0.0.0.0 UG 309 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 309 0 0 wlan0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0
Network configuration after connecting to vpn:
Code: Select all
u0_a227@chagallltetmo:/ $ busybox ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:837 errors:0 dropped:0 overruns:0 frame:0
TX packets:837 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:33972 (33.1 KiB) TX bytes:33972 (33.1 KiB)
p2p0 Link encap:Ethernet HWaddr 86:55:A5:F7:36:08
inet6 addr: fe80::8455:a5ff:fef7:3608/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.1.22 P-t-P:10.8.1.22 Mask:255.255.255.252
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 84:55:A5:F7:36:08
inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::8655:a5ff:fef7:3608/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41789 errors:0 dropped:28 overruns:0 frame:0
TX packets:33081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46791036 (44.6 MiB) TX bytes:4965786 (4.7 MiB)
u0_a227@chagallltetmo:/ $ busybox route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.0.1 0.0.0.0 UG 309 0 0 wlan0
10.8.1.20 0.0.0.0 255.255.255.252 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 309 0 0 wlan0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0