BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenVPN and DNS

Subject: OpenVPN and DNS
From: jabr at blu.org (John Abreau)
Date: Thu, 03 Nov 2005 10:16:41 -0500
In-reply-to: <43696F26.3050502@mattgillen.net>
References: <4367C2A3.9080008@blu.org> <20051101195850.GB30460@tao> <4367DCA3.3040906@blu.org> <2lmzko6n0i.fsf@pannaway.com> <4367F87B.9000407@blu.org> <436918FD.9030504@blu.org> <43696F26.3050502@mattgillen.net>

Matthew Gillen wrote:
> John Abreau wrote:
> 
>>When I got home last night, I power-cycled the machine I was using as
>>the test client for OpenVPN. After rebooting, I tested the DNS again,
>>this time with tcpdump watching on the server end, and DNS was working.
>>
>>I still don't know why it was misbehaving. Hopefully it was just
>>something hosed on the client end. But it seems fine now.
> 
> 
> It was probably your firewall.  Some (ie Redhat's old Lokkit program)
> firewalls make special rules for your DNS servers.  Since you started
> your firewall, then changed your DNS server, your local firewall was
> probably blocking stuff.  If you were on Redhat:
>   /sbin/service iptables restart
> after you mucked with your DNS servers may have fixed your problem.
> 
> But Fedora's firewall doesn't do this anymore.  What distro + firewall
> script generator were you using?

The client at home is running Fedora Core 4. The outside firewall is a 
Cisco Pix, and the OpenVPN server is CentOS 4.2. I opened port 1194 on 
the CentOS box by editing /etc/sysconfig/iptables.

The DNS issue went away, but I've got more problems now. I can connect 
on ports 22, 25, and 80, but not on port 143; and I can't get smbclient 
to see across the tunnel.

I went with routed instead of bridged because at first glance it looked 
like it would be simpler to implement. It's turning out not to be, so I 
think I'm going to give bridging a try before I resume banging my head 
against the wall with the routing setup.

-- 
John Abreau / Executive Director, Boston Linux & Unix
ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jabr.vcf
Type: text/x-vcard
Size: 175 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20051103/391df3e4/attachment.vcf>

References:
- OpenVPN and DNS
  - From: jabr at blu.org (John Abreau)
- OpenVPN and DNS
  - From: dsr at tao.merseine.nu (dsr at tao.merseine.nu)
- OpenVPN and DNS
  - From: jabr at blu.org (John Abreau)
- OpenVPN and DNS
  - From: clark_k at pannaway.com (Kevin D. Clark)
- OpenVPN and DNS
  - From: jabr at blu.org (John Abreau)
- OpenVPN and DNS
  - From: jabr at blu.org (John Abreau)
- OpenVPN and DNS
  - From: me at mattgillen.net (Matthew Gillen)

Prev by Date: hearing
Next by Date: ODF: Anybody know somebody...?
Previous by thread: OpenVPN and DNS
Next by thread: OpenVPN and DNS
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org