Re: [Efw-user] DNS address format for OpenVPN server?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Anyword as to a work around for this? I also noticed that when connected from
a local network to a remote network, the local dns for that local network
stops resolving correctly. After you disconnect from the remote network loca
dns starts resolving correctly again.

For example:

Remote network is 192.168.1.0/24
Local Network is 172.16.0.0/24

I vpn successfully to remote network. Now when i go to browse, ping or use a
local resource on the 172.16.0.0/24, i cannot resolve at all.

This local resource of nas-nttr should resolve to 172.16.0.5. Hence I am
resolving to OpenDNS ip, which is not correct at all:

Pinging nas-nttr.nttr.int [208.67.216.132] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.67.216.132:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

(I will add this to the existing bugtrac ticket).

wharfratjoe wrote:
> 
> I have a similar setup with one exception (which should not matter):
> 
> DHCP turned off - Green Network
> windows AD server doing DHCP for Green Network 
> 
> DHCP turned on: Blue Network
> 
> I will look into adding this to the conf file, however is there a .tmpl
> file that may overwrite this on a OpenVPN service restart or if the box
> has to be rebooed for some "odd" reason?
> 
> This was the case when making changes to the main.cf fle for Postfix.
> 
> 
> Rafael Fonseca wrote:
>> 
>> Do you by any chance have DHCP on Green turned OFF on Endian?
>> 
>> I have been looking into the config files and it seems the 'push dhcp- 
>> options DNS xxx.xxx.xxx.xxx' line is not being written on openvpn.conf.
>> 
>> I also have DHCP turned off on Green (I have a Windows Server acting  
>> as DHCP server), and I have this weird feeling that it may be related.
>> 
>> I've added the above line manually to my .conf file and will see how  
>> it goes.
>> --
>> Rafael Fonseca
>> www.nunca.com.br
>> 
>> On 21/01/2009, at 5:53 PM, wharfratjoe wrote:
>> 
>>>
>>> I just verified that this is an an issue with endian. domian is  
>>> pushed but is
>>> not resolving at all.
>>>
>>>
>>>
>>> wharfratjoe wrote:
>>>>
>>>> It seems to be.
>>>>
>>>>
>>>> Rafael Fonseca wrote:
>>>>>
>>>>> So, just to clarify: it's NOT an issue in Endian, but rather on your
>>>>> outgoing firewall?
>>>>>
>>>>> I have this issue but on roadwarriors connecting to Endian from
>>>>> outside the office. The information is pushed, but no name  
>>>>> resolving.
>>>>> --
>>>>> Rafael Fonseca
>>>>> www.nunca.com.br
>>>>>
>>>>> On 9/01/2009, at 11:16 AM, wharfratjoe wrote:
>>>>>
>>>>>>
>>>>>> Incoming or outgoing? --> This is an issue with connecting to  
>>>>>> endian
>>>>>> openvpn
>>>>>> from behind a Untangle firewall (have not figured it out yet  
>>>>>> since i
>>>>>> locked
>>>>>> down the box pretty tight and dont have time to mess with it right
>>>>>> now).
>>>>>>
>>>>>> Openvpn connections endian to endian boxes resolves the "internal"
>>>>>> hostnames
>>>>>> with no problem with one exception: I have found that you need to
>>>>>> append the
>>>>>> internal domain name to the hostname (this has been this way for
>>>>>> awhile and
>>>>>> never posted about it until now) to resolve correctly.
>>>>>>
>>>>>> Here is a sample config that I started using for about a year or so
>>>>>> and
>>>>>> works fine:
>>>>>>
>>>>>> http://www.nabble.com/open-vpn-client-settings....-to13594062.html#a13596758
>>>>>>
>>>>>> Hope this helps.
>>>>>>
>>>>>> -joe
>>>>>>
>>>>>>
>>>>>> Rafael Fonseca wrote:
>>>>>>>
>>>>>>> Incoming or outgoing?
>>>>>>> --
>>>>>>> Rafael Fonseca
>>>>>>> www.nunca.com.br
>>>>>>>
>>>>>>> On 9/01/2009, at 10:05 AM, wharfratjoe wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Due to lack of sleep it was a firewall issue blicking udp port  
>>>>>>>> 53.
>>>>>>>> Pushing
>>>>>>>> Vpn settings work fine in 2.2 RC3, as seen below
>>>>>>>>
>>>>>>>> Here is another example that is working that is running 2.2 RC3.
>>>>>>>>
>>>>>>>> Ethernet adapter {29815F69-DD48-4711-9FBD-0B4FBB37DE43}:
>>>>>>>>
>>>>>>>> Connection-specific DNS Suffix  . : domain.local
>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8
>>>>>>>> Physical Address. . . . . . . . . : 00-FF-29-81-5F-69
>>>>>>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.76.230
>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>>>> Default Gateway . . . . . . . . . :
>>>>>>>> DHCP Server . . . . . . . . . . . : 192.168.76.0
>>>>>>>> DNS Servers . . . . . . . . . . . : 192.168.76.3
>>>>>>>>                                     192.168.76.2
>>>>>>>> Lease Obtained. . . . . . . . . . : Thursday, January 08, 2009
>>>>>>>> 11:31:31
>>>>>>>> AM
>>>>>>>> Lease Expires . . . . . . . . . . : Friday, January 08, 2010
>>>>>>>> 11:31:31 AM
>>>>>>>>
>>>>>>>> (I will post my .ovpn client config later today).
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> wharfratjoe wrote:
>>>>>>>>>
>>>>>>>>> I am being pushed the settings but it is not resolving internal
>>>>>>>>> names when
>>>>>>>>> pinging, etc.
>>>>>>>>>
>>>>>>>>>      Connection-specific DNS Suffix  . : domainname.int
>>>>>>>>>      Description . . . . . . . . . . . : TAP-Win32 Adapter V8 -
>>>>>>>>> Packet
>>>>>>>>> Schedu
>>>>>>>>> ler Miniport
>>>>>>>>>      Physical Address. . . . . . . . . : 00-FF-E9-98-09-B8
>>>>>>>>>      Dhcp Enabled. . . . . . . . . . . : Yes
>>>>>>>>>      Autoconfiguration Enabled . . . . : Yes
>>>>>>>>>      IP Address. . . . . . . . . . . . : 172.16.0.230
>>>>>>>>>      Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>>>>>      Default Gateway . . . . . . . . . :
>>>>>>>>>      DHCP Server . . . . . . . . . . . : 172.16.0.0
>>>>>>>>>      DNS Servers . . . . . . . . . . . : 172.16.0.3
>>>>>>>>>                                          172.16.0.2
>>>>>>>>>      Lease Obtained. . . . . . . . . . : Wednesday, January 07,
>>>>>>>>> 2009
>>>>>>>>> 9:19:49
>>>>>>>>> PM
>>>>>>>>>      Lease Expires . . . . . . . . . . : Thursday, January 07,
>>>>>>>>> 2010
>>>>>>>>> 9:19:49 P
>>>>>>>>> M
>>>>>>>>>
>>>>>>>>> I will search bugtraq and if it is not already listed I will  
>>>>>>>>> open a
>>>>>>>>> ticket
>>>>>>>>> on this.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Rafael Fonseca wrote:
>>>>>>>>>>
>>>>>>>>>> I have noticed that the upgrade to 2.2 did NOT bring me the  
>>>>>>>>>> push
>>>>>>>>>> DNS I
>>>>>>>>>> was waiting for. For some reason, the clients can't connect  
>>>>>>>>>> to the
>>>>>>>>>> servers inside my green network without putting something  
>>>>>>>>>> inside
>>>>>>>>>> the
>>>>>>>>>> hosts file.
>>>>>>>>>>
>>>>>>>>>> Do you guys experience the same thing?
>>>>>>>>>>
>>>>>>>>>> I have put the DNS server as follows on the VPN > Advanced >
>>>>>>>>>> Global
>>>>>>>>>> push options (as the help instructs), but no go.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I have also tried putting just the IP address, without /24.
>>>>>>>>>>
>>>>>>>>>> On a side note, what do you guys use in the client .ovpn  
>>>>>>>>>> files? I
>>>>>>>>>> have
>>>>>>>>>> been collecting settings through the years and I don't know  
>>>>>>>>>> if I'm
>>>>>>>>>> using the optimal settings for Endian.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> --
>>>>>>>>>> Rafael Fonseca
>>>>>>>>>> www.nunca.com.br
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>> Check out the new SourceForge.net Marketplace.
>>>>>>>>>> It is the best place to buy or sell services for
>>>>>>>>>> just about anything Open Source.
>>>>>>>>>> http://p.sf.net/sfu/Xq1LFB
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Efw-user mailing list
>>>>>>>>>> Efw...@li...
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> -- 
>>>>>>>> View this message in context:
>>>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21360926.html
>>>>>>>> Sent from the efw-user mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Check out the new SourceForge.net Marketplace.
>>>>>>>> It is the best place to buy or sell services for
>>>>>>>> just about anything Open Source.
>>>>>>>> http://p.sf.net/sfu/Xq1LFB
>>>>>>>> _______________________________________________
>>>>>>>> Efw-user mailing list
>>>>>>>> Efw...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Check out the new SourceForge.net Marketplace.
>>>>>>> It is the best place to buy or sell services for
>>>>>>> just about anything Open Source.
>>>>>>> http://p.sf.net/sfu/Xq1LFB
>>>>>>> _______________________________________________
>>>>>>> Efw-user mailing list
>>>>>>> Efw...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21362130.html
>>>>>> Sent from the efw-user mailing list archive at Nabble.com.
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Check out the new SourceForge.net Marketplace.
>>>>>> It is the best place to buy or sell services for
>>>>>> just about anything Open Source.
>>>>>> http://p.sf.net/sfu/Xq1LFB
>>>>>> _______________________________________________
>>>>>> Efw-user mailing list
>>>>>> Efw...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Check out the new SourceForge.net Marketplace.
>>>>> It is the best place to buy or sell services for
>>>>> just about anything Open Source.
>>>>> http://p.sf.net/sfu/Xq1LFB
>>>>> _______________________________________________
>> 
>>>>> Efw-user mailing list
>>>>> Efw...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> -- 
>>> View this message in context:
>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21577037.html
>>> Sent from the efw-user mailing list archive at Nabble.com.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> SourcForge Community
>>> SourceForge wants to tell your story.
>>> http://p.sf.net/sfu/sf-spreadtheword
>>> _______________________________________________
>>> Efw-user mailing list
>>> Efw...@li...
>>> https://lists.sourceforge.net/lists/listinfo/efw-user
>> 
>> 
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by:
>> SourcForge Community
>> SourceForge wants to tell your story.
>> http://p.sf.net/sfu/sf-spreadtheword
>> _______________________________________________
>> Efw-user mailing list
>> Efw...@li...
>> https://lists.sourceforge.net/lists/listinfo/efw-user
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21671376.html
Sent from the efw-user mailing list archive at Nabble.com.