Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenVPN and DNS



My guess is the nameserver just isn't configured to respond to that
subnet, but it is also possible you are blocking connections to the
service will a local firewall.  The OpenVPN connection itself is not
the issue, because this would also prevent PING responses.

It is unlikely it is the difference between TCP and UDP, because both
would be handled by OpenVPN (unless there are firewall rules to
prevent this).

You do not need to open both TCP and UDP for 1194 on the VPN server
(just the one the server is actually using).  Using both TCP and UDP
would require two different OpenVPN processes.

On 11/1/05, John Abreau <jabr at blu.org> wrote:
> Sarah McGlinchey wrote:
> > Are you using a routed or bridged VPN?  How are you determining that
> > these packets are never reaching the DNS server?
> >
> > Since pings work, it is unlikely this is an OpenVPN issue or a
> > networking issue.  If OpenVPN is using a different subnet, you want to
> > verify the nameserver will respond to queries from the new subnet.
> > Check the service for IP restrictions, as well as any firewall rules
> > on the nameserver and OpenVPN server.
>
> I'm using the routing mode, with the tun interface. I did add a route to
> the default router that passes all packets for the vpn subnet to the vpn
> server's real ip address. I opened port 1194 for both tcp and udp on the
> vpn server and on the pix firewall. I echoed a "1" into
> /proc/sys/net/ipv4/ip_forward on the vpn server.
>
> When I set up a tunnel from my machine at home, nslookup and dig both
> time out without returning information from the nameserver, which tells
> me the nameserver either isn't receiving the queries, or isn't
> responding to them.
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
> Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
> PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
>




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org