After working on this for awhile this evening, I found a quick workaround for this. If you just disable the Global Push options in the webgui and then do a save/restart openvpn, remote and local dns resolves correctly. I tested this on three 2.2RC3 machines and its working fine for local and remote dns resolution.
(added to bugtraq for quick-fix) wharfratjoe wrote: > > This has been posted here as well: > > http://efwsupport.com/index.php?topic=477.0 > > > > wharfratjoe wrote: >> >> Anyword as to a work around for this? I also noticed that when connected >> from a local network to a remote network, the local dns for that local >> network stops resolving correctly. After you disconnect from the remote >> network loca dns starts resolving correctly again. >> >> For example: >> >> Remote network is 192.168.1.0/24 >> Local Network is 172.16.0.0/24 >> >> I vpn successfully to remote network. Now when i go to browse, ping or >> use a local resource on the 172.16.0.0/24, i cannot resolve at all. >> >> This local resource of nas-nttr should resolve to 172.16.0.5. Hence I am >> resolving to OpenDNS ip, which is not correct at all: >> >> Pinging nas-nttr.nttr.int [208.67.216.132] with 32 bytes of data: >> >> Request timed out. >> Request timed out. >> Request timed out. >> Request timed out. >> >> Ping statistics for 208.67.216.132: >> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), >> >> After disconnecting from Remote network. Local DNS resolution is correct >> again: >> >> Pinging nas-nttr.nttr.int [172.16.0.5] with 32 bytes of data: >> >> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >> >> Ping statistics for 172.16.0.5: >> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), >> Approximate round trip times in milli-seconds: >> Minimum = 0ms, Maximum = 0ms, Average = 0ms >> >> >> >> (I will add this to the existing bugtrac ticket). >> >> >> >> wharfratjoe wrote: >>> >>> I have a similar setup with one exception (which should not matter): >>> >>> DHCP turned off - Green Network >>> windows AD server doing DHCP for Green Network >>> >>> DHCP turned on: Blue Network >>> >>> I will look into adding this to the conf file, however is there a .tmpl >>> file that may overwrite this on a OpenVPN service restart or if the box >>> has to be rebooed for some "odd" reason? >>> >>> This was the case when making changes to the main.cf fle for Postfix. >>> >>> >>> Rafael Fonseca wrote: >>>> >>>> Do you by any chance have DHCP on Green turned OFF on Endian? >>>> >>>> I have been looking into the config files and it seems the 'push dhcp- >>>> options DNS xxx.xxx.xxx.xxx' line is not being written on openvpn.conf. >>>> >>>> I also have DHCP turned off on Green (I have a Windows Server acting >>>> as DHCP server), and I have this weird feeling that it may be related. >>>> >>>> I've added the above line manually to my .conf file and will see how >>>> it goes. >>>> -- >>>> Rafael Fonseca >>>> www.nunca.com.br >>>> >>>> On 21/01/2009, at 5:53 PM, wharfratjoe wrote: >>>> >>>>> >>>>> I just verified that this is an an issue with endian. domian is >>>>> pushed but is >>>>> not resolving at all. >>>>> >>>>> >>>>> >>>>> wharfratjoe wrote: >>>>>> >>>>>> It seems to be. >>>>>> >>>>>> >>>>>> Rafael Fonseca wrote: >>>>>>> >>>>>>> So, just to clarify: it's NOT an issue in Endian, but rather on your >>>>>>> outgoing firewall? >>>>>>> >>>>>>> I have this issue but on roadwarriors connecting to Endian from >>>>>>> outside the office. The information is pushed, but no name >>>>>>> resolving. >>>>>>> -- >>>>>>> Rafael Fonseca >>>>>>> www.nunca.com.br >>>>>>> >>>>>>> On 9/01/2009, at 11:16 AM, wharfratjoe wrote: >>>>>>> >>>>>>>> >>>>>>>> Incoming or outgoing? --> This is an issue with connecting to >>>>>>>> endian >>>>>>>> openvpn >>>>>>>> from behind a Untangle firewall (have not figured it out yet >>>>>>>> since i >>>>>>>> locked >>>>>>>> down the box pretty tight and dont have time to mess with it right >>>>>>>> now). >>>>>>>> >>>>>>>> Openvpn connections endian to endian boxes resolves the "internal" >>>>>>>> hostnames >>>>>>>> with no problem with one exception: I have found that you need to >>>>>>>> append the >>>>>>>> internal domain name to the hostname (this has been this way for >>>>>>>> awhile and >>>>>>>> never posted about it until now) to resolve correctly. >>>>>>>> >>>>>>>> Here is a sample config that I started using for about a year or so >>>>>>>> and >>>>>>>> works fine: >>>>>>>> >>>>>>>> http://www.nabble.com/open-vpn-client-settings....-to13594062.html#a13596758 >>>>>>>> >>>>>>>> Hope this helps. >>>>>>>> >>>>>>>> -joe >>>>>>>> >>>>>>>> >>>>>>>> Rafael Fonseca wrote: >>>>>>>>> >>>>>>>>> Incoming or outgoing? >>>>>>>>> -- >>>>>>>>> Rafael Fonseca >>>>>>>>> www.nunca.com.br >>>>>>>>> >>>>>>>>> On 9/01/2009, at 10:05 AM, wharfratjoe wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Due to lack of sleep it was a firewall issue blicking udp port >>>>>>>>>> 53. >>>>>>>>>> Pushing >>>>>>>>>> Vpn settings work fine in 2.2 RC3, as seen below >>>>>>>>>> >>>>>>>>>> Here is another example that is working that is running 2.2 RC3. >>>>>>>>>> >>>>>>>>>> Ethernet adapter {29815F69-DD48-4711-9FBD-0B4FBB37DE43}: >>>>>>>>>> >>>>>>>>>> Connection-specific DNS Suffix . : domain.local >>>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8 >>>>>>>>>> Physical Address. . . . . . . . . : 00-FF-29-81-5F-69 >>>>>>>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>>>>>>> Autoconfiguration Enabled . . . . : Yes >>>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.76.230 >>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>>>>>>> Default Gateway . . . . . . . . . : >>>>>>>>>> DHCP Server . . . . . . . . . . . : 192.168.76.0 >>>>>>>>>> DNS Servers . . . . . . . . . . . : 192.168.76.3 >>>>>>>>>> 192.168.76.2 >>>>>>>>>> Lease Obtained. . . . . . . . . . : Thursday, January 08, 2009 >>>>>>>>>> 11:31:31 >>>>>>>>>> AM >>>>>>>>>> Lease Expires . . . . . . . . . . : Friday, January 08, 2010 >>>>>>>>>> 11:31:31 AM >>>>>>>>>> >>>>>>>>>> (I will post my .ovpn client config later today). >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> wharfratjoe wrote: >>>>>>>>>>> >>>>>>>>>>> I am being pushed the settings but it is not resolving internal >>>>>>>>>>> names when >>>>>>>>>>> pinging, etc. >>>>>>>>>>> >>>>>>>>>>> Connection-specific DNS Suffix . : domainname.int >>>>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - >>>>>>>>>>> Packet >>>>>>>>>>> Schedu >>>>>>>>>>> ler Miniport >>>>>>>>>>> Physical Address. . . . . . . . . : 00-FF-E9-98-09-B8 >>>>>>>>>>> Dhcp Enabled. . . . . . . . . . . : Yes >>>>>>>>>>> Autoconfiguration Enabled . . . . : Yes >>>>>>>>>>> IP Address. . . . . . . . . . . . : 172.16.0.230 >>>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>>>>>>>> Default Gateway . . . . . . . . . : >>>>>>>>>>> DHCP Server . . . . . . . . . . . : 172.16.0.0 >>>>>>>>>>> DNS Servers . . . . . . . . . . . : 172.16.0.3 >>>>>>>>>>> 172.16.0.2 >>>>>>>>>>> Lease Obtained. . . . . . . . . . : Wednesday, January 07, >>>>>>>>>>> 2009 >>>>>>>>>>> 9:19:49 >>>>>>>>>>> PM >>>>>>>>>>> Lease Expires . . . . . . . . . . : Thursday, January 07, >>>>>>>>>>> 2010 >>>>>>>>>>> 9:19:49 P >>>>>>>>>>> M >>>>>>>>>>> >>>>>>>>>>> I will search bugtraq and if it is not already listed I will >>>>>>>>>>> open a >>>>>>>>>>> ticket >>>>>>>>>>> on this. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Rafael Fonseca wrote: >>>>>>>>>>>> >>>>>>>>>>>> I have noticed that the upgrade to 2.2 did NOT bring me the >>>>>>>>>>>> push >>>>>>>>>>>> DNS I >>>>>>>>>>>> was waiting for. For some reason, the clients can't connect >>>>>>>>>>>> to the >>>>>>>>>>>> servers inside my green network without putting something >>>>>>>>>>>> inside >>>>>>>>>>>> the >>>>>>>>>>>> hosts file. >>>>>>>>>>>> >>>>>>>>>>>> Do you guys experience the same thing? >>>>>>>>>>>> >>>>>>>>>>>> I have put the DNS server as follows on the VPN > Advanced > >>>>>>>>>>>> Global >>>>>>>>>>>> push options (as the help instructs), but no go. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> I have also tried putting just the IP address, without /24. >>>>>>>>>>>> >>>>>>>>>>>> On a side note, what do you guys use in the client .ovpn >>>>>>>>>>>> files? I >>>>>>>>>>>> have >>>>>>>>>>>> been collecting settings through the years and I don't know >>>>>>>>>>>> if I'm >>>>>>>>>>>> using the optimal settings for Endian. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> -- >>>>>>>>>>>> Rafael Fonseca >>>>>>>>>>>> www.nunca.com.br >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>>>>> It is the best place to buy or sell services for >>>>>>>>>>>> just about anything Open Source. >>>>>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Efw-user mailing list >>>>>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> View this message in context: >>>>>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21360926.html >>>>>>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>>> It is the best place to buy or sell services for >>>>>>>>>> just about anything Open Source. >>>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>>> _______________________________________________ >>>>>>>>>> Efw-user mailing list >>>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>> It is the best place to buy or sell services for >>>>>>>>> just about anything Open Source. >>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>> _______________________________________________ >>>>>>>>> Efw-user mailing list >>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> View this message in context: >>>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21362130.html >>>>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>> It is the best place to buy or sell services for >>>>>>>> just about anything Open Source. >>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>> _______________________________________________ >>>>>>>> Efw-user mailing list >>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>> It is the best place to buy or sell services for >>>>>>> just about anything Open Source. >>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>> _______________________________________________ >>>> >>>>>>> Efw-user mailing list >>>>>>> Efw-user@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21577037.html >>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> This SF.net email is sponsored by: >>>>> SourcForge Community >>>>> SourceForge wants to tell your story. >>>>> http://p.sf.net/sfu/sf-spreadtheword >>>>> _______________________________________________ >>>>> Efw-user mailing list >>>>> Efw-user@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.net email is sponsored by: >>>> SourcForge Community >>>> SourceForge wants to tell your story. >>>> http://p.sf.net/sfu/sf-spreadtheword >>>> _______________________________________________ >>>> Efw-user mailing list >>>> Efw-user@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>> >>>> >>> >>> >> >> > > -- View this message in context: http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21721716.html Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
