Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 23 November 2024, 08:51:01 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Local and remote DNS is not resolving after connecting to remote OpenVpn server
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Local and remote DNS is not resolving after connecting to remote OpenVpn server  (Read 33254 times)
wharfratjoe
Full Member
***
Offline Offline

Posts: 17


« on: Thursday 29 January 2009, 05:37:37 am »

Hello,

The following has been reported in Bugtrack and discussed on the nabble mailing list. It is in version 2.2RC3.

http://www.nabble.com/DNS-address-format-for-OpenVPN-server--td21340568.html

http://bugs.endian.it/view.php?id=1535

Global Push options are pushed to client but the dns servers for client are trying to resolve internal hostnames and the dns servers being pushed are not being used at all.

/var/efw/openvpn/settings:

AUTH_TYPE=psk
DOMAIN=trimquick.int
GLOBAL_DNS=192.168.1.3,192.168.1.4,
GLOBAL_NETWORKS=192.168.1.0/24
PURPLE_DEVICE=tap1
PUSH_GLOBAL_NETWORKS=on
PUSH_GLOBAL_DNS=on
PURPLE_IP_BEGIN=192.168.1.230
PUSH_DOMAIN=on
PURPLE_IP_END=192.168.1.245
PURPLECLIENT_BEGIN_DEVICE=tap2
DROP_DHCP=


Client Example:
Ethernet adapter {F46F30BE-D9FE-4026-8638-42B782745A18}:

        Connection-specific DNS Suffix . : trimquick.int
        Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - Packet Schedu
ler Miniport
        Physical Address. . . . . . . . . : 00-FF-F4-6F-30-BE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.230
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 192.168.1.0
        DNS Servers . . . . . . . . . . . : 192.168.1.4
                                            192.168.1.3
        Lease Obtained. . . . . . . . . . : Tuesday, January 20, 2009 9:23:45 PM

        Lease Expires . . . . . . . . . . : Wednesday, January 20, 2010 9:23:45 PM


Server tqserver01 is supposed to resolve to 192.168.1.3 but is not:


C:\Documents and Settings\joe>ping tqserver01

Pinging tqserver01.nttr.int [208.67.216.132] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.67.216.132:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

######################################################

Anyword as to a correct work around for this? I also noticed that when connected from a local network to a remote network, the local dns for that local network stops resolving correctly. After you disconnect from the remote network local dns starts resolving correctly again.

For example:

Remote network is 192.168.1.0/24
Local Network is 172.16.0.0/24

I vpn successfully to remote network. Now when i go to browse, ping or use a local resource on the 172.16.0.0/24, i cannot resolve at all.

This local resource of nas-nttr should resolve to 172.16.0.5. Hence I am resolving to OpenDNS ip, which is not correct at all:

Pinging nas-nttr.nttr.int [208.67.216.132] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.67.216.132:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

After disconnecting from Remote network. Local DNS resolution is correct again:

Pinging nas-nttr.nttr.int [172.16.0.5] with 32 bytes of data:

Reply from 172.16.0.5: bytes=32 time<1ms TTL=64
Reply from 172.16.0.5: bytes=32 time<1ms TTL=64
Reply from 172.16.0.5: bytes=32 time<1ms TTL=64
Reply from 172.16.0.5: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.0.5:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

############################################

Does anyone have a workaround for this yet?


Thank you,
wharfratjoe
Logged
Brande
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Friday 20 March 2009, 01:56:17 pm »

I have de same problem/1


Does anyone have a workaround for this yet?

Thanks,
Brande.
Logged
wharfratjoe
Full Member
***
Offline Offline

Posts: 17


« Reply #2 on: Friday 20 March 2009, 03:39:13 pm »

nope not yet:

http://bugs.endian.it/view.php?id=1535
Logged
Brande
Jr. Member
*
Offline Offline

Posts: 3


« Reply #3 on: Saturday 21 March 2009, 01:25:59 am »

... and my EFW is 2.1.1. The same problem exists.

OK, now all we can do is wait.
Logged
wharfratjoe
Full Member
***
Offline Offline

Posts: 17


« Reply #4 on: Saturday 21 March 2009, 01:42:44 am »

i have been for a  of months  Shocked
Logged
Brande
Jr. Member
*
Offline Offline

Posts: 3


« Reply #5 on: Saturday 21 March 2009, 01:59:40 am »

Have you tried turning on DHCP Server service on EFW? Mine is turned off!

My DHCP server is Windows.

When my client VPN connects I can only access the IP address of my firewall!  Cry

Do you have any tips to fix it manualy? Like edit file host of client or something ...

Thanks.
Logged
titosca
Jr. Member
*
Offline Offline

Posts: 2


« Reply #6 on: Thursday 26 March 2009, 12:46:08 am »

The remote Domain and the Local domain are equal?

If no, try to put Endian in the same domain of Remote Network. Here this work for me, you can set up a dns proxy too, but in this way you will have to ping with FQN (host.domain.com) and not with the nickname as you were in the local network where the DNS append the sufix of domain in the hostname.


Try this. Any doubts tell me. Sorry for my poor english, it is not that good...
Logged
wharfratjoe
Full Member
***
Offline Offline

Posts: 17


« Reply #7 on: Thursday 26 March 2009, 04:48:17 am »

If you see my original post it shows to seperate domains.

There are two issues going on:

1) VPN dns resolution

2) It looks like a routing issue on the endian firewall.

DHCP is turned off on my firewall. Using MS dhcp on the network.

Vpn with DNS resoultion works fine in version 2.2Beta1 after you make some changes to the ethernet and vpn settings (search the

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com