EFW Support

Support => VPN Support => Topic started by: wharfratjoe on Thursday 29 January 2009, 05:37:37 am



Title: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: wharfratjoe on Thursday 29 January 2009, 05:37:37 am
Hello,

The following has been reported in Bugtrack and discussed on the nabble mailing list. It is in version 2.2RC3.

http://www.nabble.com/DNS-address-format-for-OpenVPN-server--td21340568.html

http://bugs.endian.it/view.php?id=1535

Global Push options are pushed to client but the dns servers for client are trying to resolve internal hostnames and the dns servers being pushed are not being used at all.

/var/efw/openvpn/settings:

AUTH_TYPE=psk
DOMAIN=trimquick.int
GLOBAL_DNS=192.168.1.3,192.168.1.4,
GLOBAL_NETWORKS=192.168.1.0/24
PURPLE_DEVICE=tap1
PUSH_GLOBAL_NETWORKS=on
PUSH_GLOBAL_DNS=on
PURPLE_IP_BEGIN=192.168.1.230
PUSH_DOMAIN=on
PURPLE_IP_END=192.168.1.245
PURPLECLIENT_BEGIN_DEVICE=tap2
DROP_DHCP=


Client Example:
Ethernet adapter {F46F30BE-D9FE-4026-8638-42B782745A18}:

        Connection-specific DNS Suffix . : trimquick.int
        Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - Packet Schedu
ler Miniport
        Physical Address. . . . . . . . . : 00-FF-F4-6F-30-BE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.230
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 192.168.1.0
        DNS Servers . . . . . . . . . . . : 192.168.1.4
                                            192.168.1.3
        Lease Obtained. . . . . . . . . . : Tuesday, January 20, 2009 9:23:45 PM

        Lease Expires . . . . . . . . . . : Wednesday, January 20, 2010 9:23:45 PM


Server tqserver01 is supposed to resolve to 192.168.1.3 but is not:


C:\Documents and Settings\joe>ping tqserver01

Pinging tqserver01.nttr.int [208.67.216.132] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.67.216.132:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

######################################################

Anyword as to a correct work around for this? I also noticed that when connected from a local network to a remote network, the local dns for that local network stops resolving correctly. After you disconnect from the remote network local dns starts resolving correctly again.

For example:

Remote network is 192.168.1.0/24
Local Network is 172.16.0.0/24

I vpn successfully to remote network. Now when i go to browse, ping or use a local resource on the 172.16.0.0/24, i cannot resolve at all.

This local resource of nas-nttr should resolve to 172.16.0.5. Hence I am resolving to OpenDNS ip, which is not correct at all:

Pinging nas-nttr.nttr.int [208.67.216.132] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.67.216.132:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

After disconnecting from Remote network. Local DNS resolution is correct again:

Pinging nas-nttr.nttr.int [172.16.0.5] with 32 bytes of data:

Reply from 172.16.0.5: bytes=32 time<1ms TTL=64
Reply from 172.16.0.5: bytes=32 time<1ms TTL=64
Reply from 172.16.0.5: bytes=32 time<1ms TTL=64
Reply from 172.16.0.5: bytes=32 time<1ms TTL=64

Ping statistics for 172.16.0.5:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

############################################

Does anyone have a workaround for this yet?


Thank you,
wharfratjoe


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: Brande on Friday 20 March 2009, 01:56:17 pm
I have de same problem/1


Does anyone have a workaround for this yet?

Thanks,
Brande.


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: wharfratjoe on Friday 20 March 2009, 03:39:13 pm
nope not yet:

http://bugs.endian.it/view.php?id=1535


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: Brande on Saturday 21 March 2009, 01:25:59 am
... and my EFW is 2.1.1. The same problem exists.

OK, now all we can do is wait.


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: wharfratjoe on Saturday 21 March 2009, 01:42:44 am
i have been for a  of months  :o


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: Brande on Saturday 21 March 2009, 01:59:40 am
Have you tried turning on DHCP Server service on EFW? Mine is turned off!

My DHCP server is Windows.

When my client VPN connects I can only access the IP address of my firewall!  :'(

Do you have any tips to fix it manualy? Like edit file host of client or something ...

Thanks.


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: titosca on Thursday 26 March 2009, 12:46:08 am
The remote Domain and the Local domain are equal?

If no, try to put Endian in the same domain of Remote Network. Here this work for me, you can set up a dns proxy too, but in this way you will have to ping with FQN (host.domain.com) and not with the nickname as you were in the local network where the DNS append the sufix of domain in the hostname.


Try this. Any doubts tell me. Sorry for my poor english, it is not that good...


Title: Re: Local and remote DNS is not resolving after connecting to remote OpenVpn server
Post by: wharfratjoe on Thursday 26 March 2009, 04:48:17 am
If you see my original post it shows to seperate domains.

There are two issues going on:

1) VPN dns resolution

2) It looks like a routing issue on the endian firewall.

DHCP is turned off on my firewall. Using MS dhcp on the network.

Vpn with DNS resoultion works fine in version 2.2Beta1 after you make some changes to the ethernet and vpn settings (search the