This has been posted here as well: http://efwsupport.com/index.php?topic=477.0
wharfratjoe wrote: > > Anyword as to a work around for this? I also noticed that when connected > from a local network to a remote network, the local dns for that local > network stops resolving correctly. After you disconnect from the remote > network loca dns starts resolving correctly again. > > For example: > > Remote network is 192.168.1.0/24 > Local Network is 172.16.0.0/24 > > I vpn successfully to remote network. Now when i go to browse, ping or use > a local resource on the 172.16.0.0/24, i cannot resolve at all. > > This local resource of nas-nttr should resolve to 172.16.0.5. Hence I am > resolving to OpenDNS ip, which is not correct at all: > > Pinging nas-nttr.nttr.int [208.67.216.132] with 32 bytes of data: > > Request timed out. > Request timed out. > Request timed out. > Request timed out. > > Ping statistics for 208.67.216.132: > Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), > > After disconnecting from Remote network. Local DNS resolution is correct > again: > > Pinging nas-nttr.nttr.int [172.16.0.5] with 32 bytes of data: > > Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 > Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 > Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 > Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 > > Ping statistics for 172.16.0.5: > Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), > Approximate round trip times in milli-seconds: > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > > > (I will add this to the existing bugtrac ticket). > > > > wharfratjoe wrote: >> >> I have a similar setup with one exception (which should not matter): >> >> DHCP turned off - Green Network >> windows AD server doing DHCP for Green Network >> >> DHCP turned on: Blue Network >> >> I will look into adding this to the conf file, however is there a .tmpl >> file that may overwrite this on a OpenVPN service restart or if the box >> has to be rebooed for some "odd" reason? >> >> This was the case when making changes to the main.cf fle for Postfix. >> >> >> Rafael Fonseca wrote: >>> >>> Do you by any chance have DHCP on Green turned OFF on Endian? >>> >>> I have been looking into the config files and it seems the 'push dhcp- >>> options DNS xxx.xxx.xxx.xxx' line is not being written on openvpn.conf. >>> >>> I also have DHCP turned off on Green (I have a Windows Server acting >>> as DHCP server), and I have this weird feeling that it may be related. >>> >>> I've added the above line manually to my .conf file and will see how >>> it goes. >>> -- >>> Rafael Fonseca >>> www.nunca.com.br >>> >>> On 21/01/2009, at 5:53 PM, wharfratjoe wrote: >>> >>>> >>>> I just verified that this is an an issue with endian. domian is >>>> pushed but is >>>> not resolving at all. >>>> >>>> >>>> >>>> wharfratjoe wrote: >>>>> >>>>> It seems to be. >>>>> >>>>> >>>>> Rafael Fonseca wrote: >>>>>> >>>>>> So, just to clarify: it's NOT an issue in Endian, but rather on your >>>>>> outgoing firewall? >>>>>> >>>>>> I have this issue but on roadwarriors connecting to Endian from >>>>>> outside the office. The information is pushed, but no name >>>>>> resolving. >>>>>> -- >>>>>> Rafael Fonseca >>>>>> www.nunca.com.br >>>>>> >>>>>> On 9/01/2009, at 11:16 AM, wharfratjoe wrote: >>>>>> >>>>>>> >>>>>>> Incoming or outgoing? --> This is an issue with connecting to >>>>>>> endian >>>>>>> openvpn >>>>>>> from behind a Untangle firewall (have not figured it out yet >>>>>>> since i >>>>>>> locked >>>>>>> down the box pretty tight and dont have time to mess with it right >>>>>>> now). >>>>>>> >>>>>>> Openvpn connections endian to endian boxes resolves the "internal" >>>>>>> hostnames >>>>>>> with no problem with one exception: I have found that you need to >>>>>>> append the >>>>>>> internal domain name to the hostname (this has been this way for >>>>>>> awhile and >>>>>>> never posted about it until now) to resolve correctly. >>>>>>> >>>>>>> Here is a sample config that I started using for about a year or so >>>>>>> and >>>>>>> works fine: >>>>>>> >>>>>>> http://www.nabble.com/open-vpn-client-settings....-to13594062.html#a13596758 >>>>>>> >>>>>>> Hope this helps. >>>>>>> >>>>>>> -joe >>>>>>> >>>>>>> >>>>>>> Rafael Fonseca wrote: >>>>>>>> >>>>>>>> Incoming or outgoing? >>>>>>>> -- >>>>>>>> Rafael Fonseca >>>>>>>> www.nunca.com.br >>>>>>>> >>>>>>>> On 9/01/2009, at 10:05 AM, wharfratjoe wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Due to lack of sleep it was a firewall issue blicking udp port >>>>>>>>> 53. >>>>>>>>> Pushing >>>>>>>>> Vpn settings work fine in 2.2 RC3, as seen below >>>>>>>>> >>>>>>>>> Here is another example that is working that is running 2.2 RC3. >>>>>>>>> >>>>>>>>> Ethernet adapter {29815F69-DD48-4711-9FBD-0B4FBB37DE43}: >>>>>>>>> >>>>>>>>> Connection-specific DNS Suffix . : domain.local >>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8 >>>>>>>>> Physical Address. . . . . . . . . : 00-FF-29-81-5F-69 >>>>>>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>>>>>> Autoconfiguration Enabled . . . . : Yes >>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.76.230 >>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>>>>>> Default Gateway . . . . . . . . . : >>>>>>>>> DHCP Server . . . . . . . . . . . : 192.168.76.0 >>>>>>>>> DNS Servers . . . . . . . . . . . : 192.168.76.3 >>>>>>>>> 192.168.76.2 >>>>>>>>> Lease Obtained. . . . . . . . . . : Thursday, January 08, 2009 >>>>>>>>> 11:31:31 >>>>>>>>> AM >>>>>>>>> Lease Expires . . . . . . . . . . : Friday, January 08, 2010 >>>>>>>>> 11:31:31 AM >>>>>>>>> >>>>>>>>> (I will post my .ovpn client config later today). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> wharfratjoe wrote: >>>>>>>>>> >>>>>>>>>> I am being pushed the settings but it is not resolving internal >>>>>>>>>> names when >>>>>>>>>> pinging, etc. >>>>>>>>>> >>>>>>>>>> Connection-specific DNS Suffix . : domainname.int >>>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - >>>>>>>>>> Packet >>>>>>>>>> Schedu >>>>>>>>>> ler Miniport >>>>>>>>>> Physical Address. . . . . . . . . : 00-FF-E9-98-09-B8 >>>>>>>>>> Dhcp Enabled. . . . . . . . . . . : Yes >>>>>>>>>> Autoconfiguration Enabled . . . . : Yes >>>>>>>>>> IP Address. . . . . . . . . . . . : 172.16.0.230 >>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>>>>>>> Default Gateway . . . . . . . . . : >>>>>>>>>> DHCP Server . . . . . . . . . . . : 172.16.0.0 >>>>>>>>>> DNS Servers . . . . . . . . . . . : 172.16.0.3 >>>>>>>>>> 172.16.0.2 >>>>>>>>>> Lease Obtained. . . . . . . . . . : Wednesday, January 07, >>>>>>>>>> 2009 >>>>>>>>>> 9:19:49 >>>>>>>>>> PM >>>>>>>>>> Lease Expires . . . . . . . . . . : Thursday, January 07, >>>>>>>>>> 2010 >>>>>>>>>> 9:19:49 P >>>>>>>>>> M >>>>>>>>>> >>>>>>>>>> I will search bugtraq and if it is not already listed I will >>>>>>>>>> open a >>>>>>>>>> ticket >>>>>>>>>> on this. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Rafael Fonseca wrote: >>>>>>>>>>> >>>>>>>>>>> I have noticed that the upgrade to 2.2 did NOT bring me the >>>>>>>>>>> push >>>>>>>>>>> DNS I >>>>>>>>>>> was waiting for. For some reason, the clients can't connect >>>>>>>>>>> to the >>>>>>>>>>> servers inside my green network without putting something >>>>>>>>>>> inside >>>>>>>>>>> the >>>>>>>>>>> hosts file. >>>>>>>>>>> >>>>>>>>>>> Do you guys experience the same thing? >>>>>>>>>>> >>>>>>>>>>> I have put the DNS server as follows on the VPN > Advanced > >>>>>>>>>>> Global >>>>>>>>>>> push options (as the help instructs), but no go. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I have also tried putting just the IP address, without /24. >>>>>>>>>>> >>>>>>>>>>> On a side note, what do you guys use in the client .ovpn >>>>>>>>>>> files? I >>>>>>>>>>> have >>>>>>>>>>> been collecting settings through the years and I don't know >>>>>>>>>>> if I'm >>>>>>>>>>> using the optimal settings for Endian. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> -- >>>>>>>>>>> Rafael Fonseca >>>>>>>>>>> www.nunca.com.br >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>>>> It is the best place to buy or sell services for >>>>>>>>>>> just about anything Open Source. >>>>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Efw-user mailing list >>>>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> View this message in context: >>>>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21360926.html >>>>>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>> It is the best place to buy or sell services for >>>>>>>>> just about anything Open Source. >>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>> _______________________________________________ >>>>>>>>> Efw-user mailing list >>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>> It is the best place to buy or sell services for >>>>>>>> just about anything Open Source. >>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>> _______________________________________________ >>>>>>>> Efw-user mailing list >>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> View this message in context: >>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21362130.html >>>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>> It is the best place to buy or sell services for >>>>>>> just about anything Open Source. >>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>> _______________________________________________ >>>>>>> Efw-user mailing list >>>>>>> Efw-user@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Check out the new SourceForge.net Marketplace. >>>>>> It is the best place to buy or sell services for >>>>>> just about anything Open Source. >>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>> _______________________________________________ >>> >>>>>> Efw-user mailing list >>>>>> Efw-user@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21577037.html >>>> Sent from the efw-user mailing list archive at Nabble.com. >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.net email is sponsored by: >>>> SourcForge Community >>>> SourceForge wants to tell your story. >>>> http://p.sf.net/sfu/sf-spreadtheword >>>> _______________________________________________ >>>> Efw-user mailing list >>>> Efw-user@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by: >>> SourcForge Community >>> SourceForge wants to tell your story. >>> http://p.sf.net/sfu/sf-spreadtheword >>> _______________________________________________ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> >> >> > > -- View this message in context: http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21716660.html Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
