OpenVPN and DNS

[nmeyers at javalinux.net (nmeyers at javalinux.net)]

On Tue, Nov 01, 2005 at 02:31:47PM -0500, John Abreau wrote:
> Has anyone gotten OpenVPN fully working? I've been trying to get it set 
> up, and I can't seem to get DNS to work through the VPN tunnel.
> 
> Everything else seems to be working fine. When I ssh or point firefox to 
> an IP address on the other side of the tunnel, it works okay, and when I 
> put hosts on the other end into my client's /etc/hosts file it works 
> fine. But when I try to point resolv.conf at the DNS server across the 
> tunnel, lookups just fail.
> 
> I tried probing with nslookup and dig:
> 
>     nslookup azrael.us.zuken.com 10.1.4.29
>     dig @10.1.4.29 azrael.us.zuken.com
> 
> and both just hang there and eventually timeout; they never reach the 
> DNS server at 10.1.4.29. I can ping 10.1.4.29 just fine, and I can ssh 
> to it; I just can't get DNS to respond from it. And if I ssh to a host 
> on the other side of the tunnel, I get DNS from 10.1.4.29 just fine.
> 
> Any ideas what I might be missing?

Have you checked that the DNS server is listening to that interface?
I've seen DNS servers that listen separately to each interface, rather
than listening to 0.0.0.0 - any interface DNS didn't know about when it
started up (such as a tunnelling interface that started under OpenVPN)
isn't being listened to.

Nathan

> 
> -- 
> John Abreau / Executive Director, Boston Linux & Unix
> ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
> Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
> PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

> begin:vcard
> fn:John Abreau
> n:Abreau;John
> org:Zuken USA;Information Technology
> email;internet:jabr at blu.org
> title:Executive Director
> x-mozilla-html:FALSE
> version:2.1
> end:vcard
> 

> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://olduvai.blu.org/mailman/listinfo/discuss