> > I tested from home. Here's what happened when I input nslookup: > > > > C:\Documents and Settings\Doug>nslookup > > *** Can't find server name for address 10.8.0.1: No > response from server > > *** Can't find server name for address 192.168.1.254: No > response from > > server > > *** Can't find server name for address 192.168.0.1: > Non-existent domain > > *** Default servers are not available > > Ok this shows that the servers cannot be reached. > > > Default Server: UnKnown > > Address: 10.8.0.1 > > > > The ipconfig /all command for the TAP-32 adapter shows > correct values for > > all DHCP options. > > > > However, when I modified the DHCP option for dns server to > point at a > > different name server (192.168.1.1) on the loc area, > nslookup immediately > > worked! > > > > It looks like the DNS server (dnsmasq) on the Bering firewall isn't > > accessible from VPN clients. As mentioned in an earlier > mail, I've followed > > instructions on the Bering web site for setting up the > openvpn config file > > as well as changes to Shorewall. Do I need to add rules to > allow connections > > on port 53 between VPN and FW in Shorewall rules? > > I am not that familiar with dnsmasq. I am still using > dnscache. Have you > verified the traffic on tunx to see it there is a request on port 53 > passed.
Yes. > Does dnsmasq need to be told on which IP address it accepts requests. # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. #interface=eth1 #interface=eth2 # Or you can specify which interface _not_ to listen on #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) #listen-address= listen-address=192.168.1.254 listen-address=192.168.2.254 listen-address=10.8.0.1 listen-address=127.0.0.1 > Do you allow DNS requests on your tunnel? Yes. I've modified the Shorewall rules to allow connections on port 53 between vpn and fw. Will test tonight and report back. Thanks, Erich, for walking me through this. ~Doug ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
