#20832: OpenVPN client not updating DNSmasq servers
-----------------------------+--------------------------------
Reporter: qberdugo | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version: Chaos Calmer 15.05
Keywords: OpenVPN DNSmasq |
-----------------------------+--------------------------------
HI,
I'm using openWRT and openVPN to create a network to network VPN.
Everything works fine but it seems like the client side ignores the dhcp
DNS option.
Client side logs:
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.1.1
,dhcp-option DOMAIN lan,route 10.10.1.0 255.255.255.0,route 10.11.0.0
255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.11.0.18
10.11.0.17'
#cat /tmp/resolv.conf
search lan
nameserver 127.0.0.1
cat /tmp/resolv.conf.auto
# Interface wan
nameserver 84.116.46.22
nameserver 84.116.46.23
My understanding is that resolv.conf.auto should be overridden by the
addess pshed by the openVPN server (10.11.1.1).
Other than that, everything works fine : I'm able to resolve manually both
on the client and server dnsmasq
#nslookup google.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: google.com
Address 1: 2a00:1450:401b:800::200e waw02s05-in-x0e.1e100.net
Address 2: 216.58.209.46 waw02s05-in-f14.1e100.net
#nslookup google.com 10.10.1.1
Server: 10.10.1.1
Address 1: 10.10.1.1 bb.lan
Name: google.com
Address 1: 2a00:1450:4007:805::1001 par03s12-in-x01.1e100.net
Address 2: 216.58.211.110 par03s15-in-f14.1e100.net
Note : I do *not* push the default route to be the VPN server
intentionally.
Thanks.
Debug info
[root@FriedNoodle:/overlay/work]#uname -a
Linux FriedNoodle 3.18.20 #1 Fri Sep 4 18:55:05 CEST 2015 mips GNU/Linux
[root@FriedNoodle:/overlay/work]#openvpn --version
OpenVPN 2.3.6 mipsel-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH]
[IPv6] built on Jul 25 2015
library versions: PolarSSL 1.3.11, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <[email protected]>
[root@FriedNoodle:/overlay/work]#cat /etc/config/openvpn
config openvpn 'noumezon_client'
option client '1'
option dev 'tun'
option proto 'udp'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option comp_lzo 'yes'
option verb '4'
option remote 'noumezon.duckdns.org 1194'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/ovpn-friednoodle.crt'
option key '/etc/openvpn/ovpn-friednoodle.key'
option fast_io '1'
option enabled '1'
option remote_cert_tls server
CLIENT SIDE dnsmasq config :
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
SERVER SIDE CONFIG :
config openvpn 'tcp'
option enable '1'
option port '1194'
option proto 'tcp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/ovpn-bluebox.crt'
option key '/etc/openvpn/ovpn-bluebox.key'
option dh '/etc/openvpn/dh2048.pem'
option ifconfig_pool_persist '/tmp/ipp-tcp.txt'
option keepalive '10 120'
option comp_lzo 'adaptive'
option persist_key '1'
option persist_tun '1'
option status '/var/log/openvpn-status-tcp.log'
option verb '3'
option server '10.11.0.0 255.255.255.0'
option client_to_client '1'
option crl_verify '/etc/openvpn/crl.pem'
option client_config_dir '/etc/openvpn/ccd'
list push 'dhcp-option DNS 10.10.1.1'
list push 'dhcp-option DOMAIN lan'
list push 'route 10.10.1.0 255.255.255.0'
option enabled '1'
Anything else, let me know
--
Ticket URL: <https://dev.openwrt.org/ticket/20832>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
