OS: Ubuntu server 11.04
Hi.
I have installed openvpn with dnsmasq. Clients connect properly on the openvpn server and all traffic goes through the vpn tunnel successfully however they do not use the VPNserver for queries but instead they still using my local adsl`s router ip for dns queries.
For examlpe :
Code: Select all
$ nslookup www.openvpn.org
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.openvpn.org canonical name = openvpn.org.
Name: openvpn.org
Address: 174.36.**
Could this be an iptables issue?
My server.conf
Code: Select all
# Server Port, IP & Ptorocol
server 10.8.0.0 255.255.255.0
port 1194
proto udp
# Set mode/device of VPN (tun or tap)
dev tun
#Certificates
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
# Diffie hellman parameters.
dh dh1024.pem
# Ping clients to avoid tunnel breakdown
keepalive 10 120
# Maintain a record of client <-> virtual IP address
ifconfig-pool-persist ipp.txt
#make clients use dnsmasq
push "dhcp-option DNS 10.8.0.1"
# Push Clients
;push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
#make clients use vpn-server as network gateway;
push "route 10.8.0.0 255.255.255.0"
#Enable clients to reach each other
client-to-client
# Compression on the VPN link.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
max-clients 5
persist-key
persist-tun
# Log Settings
status /var/log/openvpn.log
verb 4 #log level
#tun-mtu 1492
tun-mtu 1200
my rc.local
Code: Select all
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 81.17.**
/etc/init.d/dnsmasq restart
exit 0
Code: Select all
Sat May 5 15:20:54 2012 OpenVPN 2.2.0 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011
Sat May 5 15:20:54 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat May 5 15:20:54 2012 LZO compression initialized
Sat May 5 15:20:54 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat May 5 15:20:54 2012 Socket Buffers: R=[114688->131072] S=[114688->131072]
Sat May 5 15:20:54 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat May 5 15:20:54 2012 Local Options hash (VER=V4): '41690919'
Sat May 5 15:20:54 2012 Expected Remote Options hash (VER=V4): '530fdded'
Sat May 5 15:20:54 2012 UDPv4 link local: [undef]
Sat May 5 15:20:54 2012 UDPv4 link remote: [AF_INET]81.17.21.209:1194
Sat May 5 15:20:54 2012 TLS: Initial packet from [AF_INET]81.17.**.**:1194, sid=deee8f65 1fb9d5e6
Sat May 5 15:20:55 2012 VERIFY OK: depth=1, /C=GR/ST=Chania/L=Crete/O=company/CN=spartakos/emailAddress=dimi_kdj@hotmail.com
Sat May 5 15:20:55 2012 VERIFY OK: nsCertType=SERVER
Sat May 5 15:20:55 2012 VERIFY OK: depth=0, /C=GR/ST=CRETE/L=Chania/O=Fort-Funston/CN=spartakos/emailAddress=di***@y****.com
Sat May 5 15:20:55 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1242'
Sat May 5 15:20:55 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1200'
Sat May 5 15:20:55 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 5 15:20:55 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 5 15:20:55 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 5 15:20:55 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 5 15:20:55 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat May 5 15:20:55 2012 [spartakos] Peer Connection Initiated with [AF_INET]81.17.**.**:1194
Sat May 5 15:20:57 2012 SENT CONTROL [spartakos]: 'PUSH_REQUEST' (status=1)
Sat May 5 15:20:57 2012 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,redirect-gateway def1,route 10.8.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat May 5 15:20:57 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sat May 5 15:20:57 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sat May 5 15:20:57 2012 OPTIONS IMPORT: route options modified
Sat May 5 15:20:57 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat May 5 15:20:57 2012 ROUTE default_gateway=192.168.1.1
Sat May 5 15:20:57 2012 TUN/TAP device tun0 opened
Sat May 5 15:20:57 2012 TUN/TAP TX queue length set to 100
Sat May 5 15:20:57 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat May 5 15:20:57 2012 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sat May 5 15:20:57 2012 /sbin/route add -net 81.17.**.** netmask 255.255.255.255 gw 192.168.1.1
Sat May 5 15:20:57 2012 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Sat May 5 15:20:57 2012 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Sat May 5 15:20:57 2012 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Sat May 5 15:20:57 2012 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
SIOCADDRT: File exists
Sat May 5 15:20:57 2012 ERROR: Linux route add command failed: external program exited with error status: 7
Sat May 5 15:20:57 2012 Initialization Sequence Completed