OpenVPN and DNS

[John Abreau]

Matthew Gillen wrote:
> John Abreau wrote:
> 
>>When I got home last night, I power-cycled the machine I was using as
>>the test client for OpenVPN. After rebooting, I tested the DNS again,
>>this time with tcpdump watching on the server end, and DNS was working.
>>
>>I still don't know why it was misbehaving. Hopefully it was just
>>something hosed on the client end. But it seems fine now.
> 
> 
> It was probably your firewall.  Some (ie Redhat's old Lokkit program)
> firewalls make special rules for your DNS servers.  Since you started
> your firewall, then changed your DNS server, your local firewall was
> probably blocking stuff.  If you were on Redhat:
>   /sbin/service iptables restart
> after you mucked with your DNS servers may have fixed your problem.
> 
> But Fedora's firewall doesn't do this anymore.  What distro + firewall
> script generator were you using?

The client at home is running Fedora Core 4. The outside firewall is a 
Cisco Pix, and the OpenVPN server is CentOS 4.2. I opened port 1194 on 
the CentOS box by editing /etc/sysconfig/iptables.

The DNS issue went away, but I've got more problems now. I can connect 
on ports 22, 25, and 80, but not on port 143; and I can't get smbclient 
to see across the tunnel.

I went with routed instead of bridged because at first glance it looked 
like it would be simpler to implement. It's turning out not to be, so I 
think I'm going to give bridging a try before I resume banging my head 
against the wall with the routing setup.


-- 
John Abreau / Executive Director, Boston Linux & Unix
ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jabr.vcf
Type: text/x-vcard
Size: 175 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20051103/391df3e4/attachment.vcf>