Page 1 of 1
[Solved]Problems with DNS resolve
Posted: Mon May 18, 2015 7:02 pm
by ritchie
Hi,
I am trying to connect with a android phone 4.4. The connection is working fine, but I can not reach any local server by name. I guess, that the DNS request is not going over the vpn connection.
Code: Select all
#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local rotarn.hopto.org
dev tun
proto udp
port 1194
script-security 3 system
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
server 10.105.209.0 255.255.255.0
tun-mtu 1500
keepalive 10 60
status-version 1
status /var/run/ovpnserver.log 30
cipher AES-256-CBC
auth SHA1
comp-lzo
push "redirect-gateway def1"
push "dhcp-option DOMAIN <My Doman name>"
push "dhcp-option DNS <My local IP of the DNS server>"
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 4
This is just the client config
tls-client
client
nobind
dev tun
proto udp
tun-mtu 1400
remote <Meine DYN DNS IP> 1194
pkcs12 /etc/openvpn/Handy.p12
cipher AES-256-CBC
auth SHA1
comp-lzo
verb 3
ns-cert-type server
The mobil is not rooted.
I just get the impression, that any dns request is using the local dns server setting of the handy.
What do I have to configure ?
Best regards
R.
Re: Problems with DNS resolve
Posted: Tue May 19, 2015 5:34 pm
by Traffic
ritchie wrote:I can not reach any local server by name
What server name are you trying ?
Can you ping google.com over the vpn ?
Re: Problems with DNS resolve
Posted: Tue May 19, 2015 7:43 pm
by ritchie
Hi,
With a active vpn connection, i can not ping google.com .
Dns does not work with vpn tunnel. I am using ipfire, maybe this helps as well.
Best regards
R.
Re: Problems with DNS resolve
Posted: Wed May 20, 2015 10:05 am
by Traffic
FYI: Your
local servers are probably not in global DNS.
As for not pinging google.com over the vpn .. please read this:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
ritchie wrote:push "dhcp-option DNS <My local IP of the DNS server>"
what DNS address do you use ?
Re: Problems with DNS resolve
Posted: Wed May 20, 2015 10:51 am
by ritchie
Hi,
what DNS address do you use ?
I am using the IP adress of my "Green" Network, which is a 192.168.x.y address.
This is the IP adress of my Firewall/dhcp/dns router, which is working correctly, when
I am in the normal lan, for the green Network, which is the internal Network of my Network.
My VPN IP addresse is a 10.x.y.z address based
Do you thing, I have to add something like this command in my configuration.
Code: Select all
iptables -t nat -A POSTROUTING -s 10.x.y.0/24 -o red0 -j MASQUERADE
Red is my Internet Connection Network Card.
Thanks for helping.
Best regards
R.
Re: Problems with DNS resolve
Posted: Wed May 20, 2015 3:50 pm
by Traffic
ritchie wrote:I am using the IP adress of my "Green" Network, which is a 192.168.x.y address.
This is the IP adress of my Firewall/dhcp/dns router
does this router also run openvpn server .. or is the server on another machine ?
Re: Problems with DNS resolve
Posted: Thu May 21, 2015 7:21 am
by ritchie
Hi,
does this router also run openvpn server .. or is the server on another machine ?
The vpnserver is running on the same machine (router).
Best regards
R.
Re: Problems with DNS resolve
Posted: Thu May 21, 2015 10:20 am
by Traffic
Do you have a PC on your server LAN that uses the same router for DNS ?
Can you connect your Andriod to your server LAN Wifi and then ping google.com ?
Can you ping 8.8.8.8 from the phone over the VPN ?
ritchie wrote:Do you thing, I have to add something like this command in my configuration.
Code:
iptables -t nat -A POSTROUTING -s 10.x.y.0/24 -o red0 -j MASQUERADE
NAT is required on the server for your VPN .. however, your router may do this automatically ..
what is the make/model of the router .. do you have a link to its manual ?
Re: Problems with DNS resolve
Posted: Thu May 21, 2015 6:22 pm
by ritchie
Hi,
Do you have a PC on your server LAN that uses the same router for DNS ?
Yes.
~$ ping google.com
PING google.com (173.194.65.139) 56(84) bytes of data.
But no response is shown.
I am using a web proxy for this, who is blocking such things.
Can you connect your Andriod to your server LAN Wifi and then ping google.com ?
Yes, but ping does not work. also ping 8.8.8.8 does not work.
But I can ping all my servers with <hostname>.<surname>.lan from all computers which are in the green network.
NAT is required on the server for your VPN .. however, your router may do this automatically ..
I hope so too. I am using a software named "ipfire".
http://wiki.ipfire.org/en/configuration ... es/openvpn
Best regards
R.
Re: Problems with DNS resolve
Posted: Fri May 22, 2015 10:23 am
by Traffic
ritchie wrote:Hi,
Quote:
Do you have a PC on your server LAN that uses the same router for DNS ?
Yes.
Quote:
~$ ping google.com
PING google.com (173.194.65.139) 56(84) bytes of data.
But no response is shown.
You cannot ping google.com from a normal pc on your network ?
Re: Problems with DNS resolve
Posted: Fri May 22, 2015 10:53 am
by ritchie
Yes,
I can not ping Google.com from my normal Computer, but from the router (terminal session), it works.
I just check again a Connection an saw in the log file the following message:
OpenVPN Route: failed to parse/resolve route for host/Network: ::/0
maybe this is helpful.
Best regards
R.
Re: Problems with DNS resolve
Posted: Fri May 22, 2015 11:00 am
by Traffic
On your PC ..
disconnect from openvpn .. can you ping google.com ?
ritchie wrote:I just check again a Connection an saw in the log file the following message:
Quote:
OpenVPN Route: failed to parse/resolve route for host/Network: ::/0
this is for IPv6 .. which you have
not shown in your configs ?
Re: Problems with DNS resolve
Posted: Fri May 22, 2015 12:50 pm
by ritchie
On your PC .. disconnect from openvpn .. can you ping google.com ?
No.
I guess, it is a security Setting from the Firewall.
this is for IPv6 .. which you have not shown in your configs ?
Up to now I am using only IP4.
Re: Problems with DNS resolve
Posted: Fri May 22, 2015 2:02 pm
by Traffic
ritchie wrote:Quote:
On your PC .. disconnect from openvpn .. can you ping google.com ?
No.
I guess, it is a security Setting from the Firewall
let me know when you resolve this ..
Re: Problems with DNS resolve
Posted: Tue May 26, 2015 9:13 am
by ritchie
Hi,
I fixed the Problem.
I was a Problem by the Firewall.
The Firewall blocked port 53 for the VPN Connection.
After opened some ports for the VPN Connection, everything works fine.
Best regards
R.