Anyword as to a fix for this yet. The work around I posted below seems to stop working over time.
wharfratjoe wrote: > > After working on this for awhile this evening, I found a quick workaround > for this. If you just disable the Global Push options in the webgui and > then do a save/restart openvpn, remote and local dns resolves correctly. > I tested this on three 2.2RC3 machines and its working fine for local and > remote dns resolution. > > (added to bugtraq for quick-fix) > > ### Edit ### > > remote network cnames do not work with this work around only a record > entries. > > > wharfratjoe wrote: >> >> This has been posted here as well: >> >> http://efwsupport.com/index.php?topic=477.0 >> >> >> >> wharfratjoe wrote: >>> >>> Anyword as to a work around for this? I also noticed that when connected >>> from a local network to a remote network, the local dns for that local >>> network stops resolving correctly. After you disconnect from the remote >>> network loca dns starts resolving correctly again. >>> >>> For example: >>> >>> Remote network is 192.168.1.0/24 >>> Local Network is 172.16.0.0/24 >>> >>> I vpn successfully to remote network. Now when i go to browse, ping or >>> use a local resource on the 172.16.0.0/24, i cannot resolve at all. >>> >>> This local resource of nas-nttr should resolve to 172.16.0.5. Hence I am >>> resolving to OpenDNS ip, which is not correct at all: >>> >>> Pinging nas-nttr.nttr.int [208.67.216.132] with 32 bytes of data: >>> >>> Request timed out. >>> Request timed out. >>> Request timed out. >>> Request timed out. >>> >>> Ping statistics for 208.67.216.132: >>> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), >>> >>> After disconnecting from Remote network. Local DNS resolution is correct >>> again: >>> >>> Pinging nas-nttr.nttr.int [172.16.0.5] with 32 bytes of data: >>> >>> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >>> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >>> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >>> Reply from 172.16.0.5: bytes=32 time<1ms TTL=64 >>> >>> Ping statistics for 172.16.0.5: >>> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), >>> Approximate round trip times in milli-seconds: >>> Minimum = 0ms, Maximum = 0ms, Average = 0ms >>> >>> >>> >>> (I will add this to the existing bugtrac ticket). >>> >>> >>> >>> wharfratjoe wrote: >>>> >>>> I have a similar setup with one exception (which should not matter): >>>> >>>> DHCP turned off - Green Network >>>> windows AD server doing DHCP for Green Network >>>> >>>> DHCP turned on: Blue Network >>>> >>>> I will look into adding this to the conf file, however is there a .tmpl >>>> file that may overwrite this on a OpenVPN service restart or if the box >>>> has to be rebooed for some "odd" reason? >>>> >>>> This was the case when making changes to the main.cf fle for Postfix. >>>> >>>> >>>> Rafael Fonseca wrote: >>>>> >>>>> Do you by any chance have DHCP on Green turned OFF on Endian? >>>>> >>>>> I have been looking into the config files and it seems the 'push dhcp- >>>>> options DNS xxx.xxx.xxx.xxx' line is not being written on >>>>> openvpn.conf. >>>>> >>>>> I also have DHCP turned off on Green (I have a Windows Server acting >>>>> as DHCP server), and I have this weird feeling that it may be related. >>>>> >>>>> I've added the above line manually to my .conf file and will see how >>>>> it goes. >>>>> -- >>>>> Rafael Fonseca >>>>> www.nunca.com.br >>>>> >>>>> On 21/01/2009, at 5:53 PM, wharfratjoe wrote: >>>>> >>>>>> >>>>>> I just verified that this is an an issue with endian. domian is >>>>>> pushed but is >>>>>> not resolving at all. >>>>>> >>>>>> >>>>>> >>>>>> wharfratjoe wrote: >>>>>>> >>>>>>> It seems to be. >>>>>>> >>>>>>> >>>>>>> Rafael Fonseca wrote: >>>>>>>> >>>>>>>> So, just to clarify: it's NOT an issue in Endian, but rather on >>>>>>>> your >>>>>>>> outgoing firewall? >>>>>>>> >>>>>>>> I have this issue but on roadwarriors connecting to Endian from >>>>>>>> outside the office. The information is pushed, but no name >>>>>>>> resolving. >>>>>>>> -- >>>>>>>> Rafael Fonseca >>>>>>>> www.nunca.com.br >>>>>>>> >>>>>>>> On 9/01/2009, at 11:16 AM, wharfratjoe wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Incoming or outgoing? --> This is an issue with connecting to >>>>>>>>> endian >>>>>>>>> openvpn >>>>>>>>> from behind a Untangle firewall (have not figured it out yet >>>>>>>>> since i >>>>>>>>> locked >>>>>>>>> down the box pretty tight and dont have time to mess with it right >>>>>>>>> now). >>>>>>>>> >>>>>>>>> Openvpn connections endian to endian boxes resolves the "internal" >>>>>>>>> hostnames >>>>>>>>> with no problem with one exception: I have found that you need to >>>>>>>>> append the >>>>>>>>> internal domain name to the hostname (this has been this way for >>>>>>>>> awhile and >>>>>>>>> never posted about it until now) to resolve correctly. >>>>>>>>> >>>>>>>>> Here is a sample config that I started using for about a year or >>>>>>>>> so >>>>>>>>> and >>>>>>>>> works fine: >>>>>>>>> >>>>>>>>> http://www.nabble.com/open-vpn-client-settings....-to13594062.html#a13596758 >>>>>>>>> >>>>>>>>> Hope this helps. >>>>>>>>> >>>>>>>>> -joe >>>>>>>>> >>>>>>>>> >>>>>>>>> Rafael Fonseca wrote: >>>>>>>>>> >>>>>>>>>> Incoming or outgoing? >>>>>>>>>> -- >>>>>>>>>> Rafael Fonseca >>>>>>>>>> www.nunca.com.br >>>>>>>>>> >>>>>>>>>> On 9/01/2009, at 10:05 AM, wharfratjoe wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Due to lack of sleep it was a firewall issue blicking udp port >>>>>>>>>>> 53. >>>>>>>>>>> Pushing >>>>>>>>>>> Vpn settings work fine in 2.2 RC3, as seen below >>>>>>>>>>> >>>>>>>>>>> Here is another example that is working that is running 2.2 RC3. >>>>>>>>>>> >>>>>>>>>>> Ethernet adapter {29815F69-DD48-4711-9FBD-0B4FBB37DE43}: >>>>>>>>>>> >>>>>>>>>>> Connection-specific DNS Suffix . : domain.local >>>>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8 >>>>>>>>>>> Physical Address. . . . . . . . . : 00-FF-29-81-5F-69 >>>>>>>>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>>>>>>>> Autoconfiguration Enabled . . . . : Yes >>>>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.76.230 >>>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>>>>>>>> Default Gateway . . . . . . . . . : >>>>>>>>>>> DHCP Server . . . . . . . . . . . : 192.168.76.0 >>>>>>>>>>> DNS Servers . . . . . . . . . . . : 192.168.76.3 >>>>>>>>>>> 192.168.76.2 >>>>>>>>>>> Lease Obtained. . . . . . . . . . : Thursday, January 08, 2009 >>>>>>>>>>> 11:31:31 >>>>>>>>>>> AM >>>>>>>>>>> Lease Expires . . . . . . . . . . : Friday, January 08, 2010 >>>>>>>>>>> 11:31:31 AM >>>>>>>>>>> >>>>>>>>>>> (I will post my .ovpn client config later today). >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> wharfratjoe wrote: >>>>>>>>>>>> >>>>>>>>>>>> I am being pushed the settings but it is not resolving internal >>>>>>>>>>>> names when >>>>>>>>>>>> pinging, etc. >>>>>>>>>>>> >>>>>>>>>>>> Connection-specific DNS Suffix . : domainname.int >>>>>>>>>>>> Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - >>>>>>>>>>>> Packet >>>>>>>>>>>> Schedu >>>>>>>>>>>> ler Miniport >>>>>>>>>>>> Physical Address. . . . . . . . . : 00-FF-E9-98-09-B8 >>>>>>>>>>>> Dhcp Enabled. . . . . . . . . . . : Yes >>>>>>>>>>>> Autoconfiguration Enabled . . . . : Yes >>>>>>>>>>>> IP Address. . . . . . . . . . . . : 172.16.0.230 >>>>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>>>>>>>>> Default Gateway . . . . . . . . . : >>>>>>>>>>>> DHCP Server . . . . . . . . . . . : 172.16.0.0 >>>>>>>>>>>> DNS Servers . . . . . . . . . . . : 172.16.0.3 >>>>>>>>>>>> 172.16.0.2 >>>>>>>>>>>> Lease Obtained. . . . . . . . . . : Wednesday, January 07, >>>>>>>>>>>> 2009 >>>>>>>>>>>> 9:19:49 >>>>>>>>>>>> PM >>>>>>>>>>>> Lease Expires . . . . . . . . . . : Thursday, January 07, >>>>>>>>>>>> 2010 >>>>>>>>>>>> 9:19:49 P >>>>>>>>>>>> M >>>>>>>>>>>> >>>>>>>>>>>> I will search bugtraq and if it is not already listed I will >>>>>>>>>>>> open a >>>>>>>>>>>> ticket >>>>>>>>>>>> on this. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Rafael Fonseca wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> I have noticed that the upgrade to 2.2 did NOT bring me the >>>>>>>>>>>>> push >>>>>>>>>>>>> DNS I >>>>>>>>>>>>> was waiting for. For some reason, the clients can't connect >>>>>>>>>>>>> to the >>>>>>>>>>>>> servers inside my green network without putting something >>>>>>>>>>>>> inside >>>>>>>>>>>>> the >>>>>>>>>>>>> hosts file. >>>>>>>>>>>>> >>>>>>>>>>>>> Do you guys experience the same thing? >>>>>>>>>>>>> >>>>>>>>>>>>> I have put the DNS server as follows on the VPN > Advanced > >>>>>>>>>>>>> Global >>>>>>>>>>>>> push options (as the help instructs), but no go. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I have also tried putting just the IP address, without /24. >>>>>>>>>>>>> >>>>>>>>>>>>> On a side note, what do you guys use in the client .ovpn >>>>>>>>>>>>> files? I >>>>>>>>>>>>> have >>>>>>>>>>>>> been collecting settings through the years and I don't know >>>>>>>>>>>>> if I'm >>>>>>>>>>>>> using the optimal settings for Endian. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> -- >>>>>>>>>>>>> Rafael Fonseca >>>>>>>>>>>>> www.nunca.com.br >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>>>>>> It is the best place to buy or sell services for >>>>>>>>>>>>> just about anything Open Source. >>>>>>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Efw-user mailing list >>>>>>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> View this message in context: >>>>>>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21360926.html >>>>>>>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>>>> It is the best place to buy or sell services for >>>>>>>>>>> just about anything Open Source. >>>>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Efw-user mailing list >>>>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>>> It is the best place to buy or sell services for >>>>>>>>>> just about anything Open Source. >>>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>>> _______________________________________________ >>>>>>>>>> Efw-user mailing list >>>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> View this message in context: >>>>>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21362130.html >>>>>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>>> It is the best place to buy or sell services for >>>>>>>>> just about anything Open Source. >>>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>>> _______________________________________________ >>>>>>>>> Efw-user mailing list >>>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Check out the new SourceForge.net Marketplace. >>>>>>>> It is the best place to buy or sell services for >>>>>>>> just about anything Open Source. >>>>>>>> http://p.sf.net/sfu/Xq1LFB >>>>>>>> _______________________________________________ >>>>> >>>>>>>> Efw-user mailing list >>>>>>>> Efw-user@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> View this message in context: >>>>>> http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p21577037.html >>>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> This SF.net email is sponsored by: >>>>>> SourcForge Community >>>>>> SourceForge wants to tell your story. >>>>>> http://p.sf.net/sfu/sf-spreadtheword >>>>>> _______________________________________________ >>>>>> Efw-user mailing list >>>>>> Efw-user@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> This SF.net email is sponsored by: >>>>> SourcForge Community >>>>> SourceForge wants to tell your story. >>>>> http://p.sf.net/sfu/sf-spreadtheword >>>>> _______________________________________________ >>>>> Efw-user mailing list >>>>> Efw-user@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > -- View this message in context: http://www.nabble.com/DNS-address-format-for-OpenVPN-server--tp21340568p22044168.html Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
