[Solved] DHCP/DNS Config not pushed to Tunnelblick client

[priceatronic]

I am running OpenVPN on my home router using Tomato firmware. Everything is working pretty much how I expect, except for the broadcast of my local DHCP/DNS configuration.

There are a couple of options on the Tomato OpenVPN configuration page that are seemingly relevant. These include the following:

• Push LAN to clients
• Direct clients to redirect Internet traffic
• Respond to DNS
• Advertise DNS to clients

Currently I have all of the options enabled.

Interestingly, enabling "Advertise DNS to clients" seemed to make things work when connecting with my android smart phone. E.g. I can open chrome and type in "cerberus/" and it will resolve to a local ip address on which I am running a web server.

However, when I connect using my MacBook Pro, the same attempt to connect to my local web server yields an "ERR_NAME_NOT_RESOLVED" error. I can however type in the local IP address and reach my web server without any issue.

For reference I am using the the same .ovpn file to establish a connection on both my smart phone and MacBook. I am using OpenVPN connect on my smart phone and Tunnelblick on my MacBook.

I have read through https://openvpn.net/index.php/open-sour ... .html#dhcp and it seems like "foreign_option_n" might be relevant. Though I couldn't find any example of how to use this option in the man pages.

[TinCanTech]

when I connect using my MacBook Pro, the same attempt to connect to my local web server yields an "ERR_NAME_NOT_RESOLVED" error

I believe you need a script:

• Client config:

  Code: Select all

  script-security 2
  up /etc/openvpn/update-resolv-conf
  down /etc/openvpn/update-resolv-conf

[priceatronic]

Adding that script to my client config led to the following error:

Code: Select all

Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory (errno=2)

Does the up script look for that file on my client? Or should it be looking for '/etc/openvpn/update-resolv-conf' on the server?

Ideally I wouldn't need to install openvpn on my client.

Edit: Additionally I ssh'd into my Tomato router to see if a file existed at '/etc/openvpn/update-resolv-conf', and unfortunately there is no such file. Is that something I need to create?

[TinCanTech]

You may find something helpful here:
https://tunnelblick.net/documents.html

[priceatronic]

Thanks, the more I look into this, the more it seems like its a problem specific to Tunnelblick. I can see that my resolv.conf is already updated when connecting to my OpenVPN server (it sets nameserver to 192.168.1.1).

[priceatronic]

Slight update, I believe the problem has to do with OpenVPN setting a different search domain. E.g. when connected directly to my local network my DNS is set to 192.168.1.1 with no search Domain, when connecting through OpenVPN my DNS is set to 192.168.1.1 with the search domain set to openvpn.

I dug into my Tomato router and found the server config file if that helps at all.

Code: Select all

# Automatically generated configuration
daemon
server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun21
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

Is there a way to prevent OpenVPN from setting the search domain?

[priceatronic]

I was able to resolve my issue by adding "lan" as the custom domain for my router. Then in my server config I added the following:

Code: Select all

push "dhcp-option DOMAIN lan"