Re: [Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-19 Thread lejeczek via Openvpn-users 




On 15/11/2021 13:31, Gert Doering wrote:

Hi,

On Sat, Nov 13, 2021 at 09:05:19PM +, lejeczek via Openvpn-users wrote:

On Linux, OpenVPN does not modify the DNS servers itself (unlike Windows).

There's two ways to make it happen

   - use Network Manager to run OpenVPN - it will parse the server reply,
 and set up DNS accordingly

   - add an "up $script" to your client config to do the DNS setup -
 we ship a sample script ("pull-resolv-conf") to do that, but I'm
 not sure if Fedora integrates that, or uses something else - ask
 rpm what is in the openvpn package.

gert

Thanks for that.
I've never thought of NM as better alternative than opvn
itself, it seems to work

Well, it's not "a better alternative to openvpn", it's "a wrapper
around openvpn that understands Linux DNS config" - which is highly
distribution specific, so OpenVPN does not attempt to do it itself.


however I wonder if NM (at least in
Fedora) has a problem with re-uping connection after system
resumed from sleep.

Well, that is most easily tested, no? :-)

(As far as I understand, NM is "sleep aware", and will stop the OpenVPN
session before sleep and resume afterwards - which brings certain kinds
of problems, but fixes other kinds)
It does not on fedora, not automatically, manual 
intervention is needed to re-established vpn connection 
after system resumed from sleep.

gert




___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-15 Thread David Sommerseth 

On 15/11/2021 14:31, Gert Doering wrote:

however I wonder if NM (at least in
Fedora) has a problem with re-uping connection after system
resumed from sleep.

Well, that is most easily tested, no?:-)

(As far as I understand, NM is "sleep aware", and will stop the OpenVPN
session before sleep and resume afterwards - which brings certain kinds
of problems, but fixes other kinds)


Unfortunately, NM is even "more clever" than that.  If the main link 
goes down, it stops all VPN connections as part of that.


NM does not trust OpenVPN is able to recover the VPN connection on its 
own, even if gateways changes.



--
kind regards,

David Sommerseth
OpenVPN Inc



OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-15 Thread David Sommerseth 

On 10/11/2021 23:18, lejeczek via Openvpn-users wrote:

Hi guys.

I have, I'd like to think a "regular" server setup where clients from 
Windowze and Macs do get name resolution work apparently very well, 
whereas Linux client - all clients do use almost identical config - 
seems pretty broken.
Linux client seems to take notice of what server pushes, namely DNS 
server & domains but, really nothing comes out of it.
It cannot be some limitation of Linuxes - I'm on latest Fedora - I must 
be missing something and what that might be, if you care to suggest, 
I'll appreciate.

many thanks, L.


Have you tried OpenVPN 3 Linux?  That does DNS seutp out-of-the-box. 
With the Fedora builds it also integrates natively with

systemd-resolved.




--
kind regards,

David Sommerseth
OpenVPN Inc



OpenPGP_signature
Description: OpenPGP digital signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-15 Thread Gert Doering 
Hi,

On Sat, Nov 13, 2021 at 09:05:19PM +, lejeczek via Openvpn-users wrote:
> > On Linux, OpenVPN does not modify the DNS servers itself (unlike Windows).
> >
> > There's two ways to make it happen
> >
> >   - use Network Manager to run OpenVPN - it will parse the server reply,
> > and set up DNS accordingly
> >
> >   - add an "up $script" to your client config to do the DNS setup -
> > we ship a sample script ("pull-resolv-conf") to do that, but I'm
> > not sure if Fedora integrates that, or uses something else - ask
> > rpm what is in the openvpn package.
> >
> > gert
> Thanks for that.
> I've never thought of NM as better alternative than opvn 
> itself, it seems to work 

Well, it's not "a better alternative to openvpn", it's "a wrapper 
around openvpn that understands Linux DNS config" - which is highly
distribution specific, so OpenVPN does not attempt to do it itself.

> however I wonder if NM (at least in 
> Fedora) has a problem with re-uping connection after system 
> resumed from sleep.

Well, that is most easily tested, no? :-)

(As far as I understand, NM is "sleep aware", and will stop the OpenVPN
session before sleep and resume afterwards - which brings certain kinds
of problems, but fixes other kinds)

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-13 Thread lejeczek via Openvpn-users 




On 11/11/2021 05:25, Gert Doering wrote:

Hi,

On Wed, Nov 10, 2021 at 10:18:02PM +, lejeczek via Openvpn-users wrote:

I have, I'd like to think a "regular" server setup where
clients from Windowze and Macs do get name resolution work
apparently very well, whereas Linux client - all clients do
use almost identical config - seems pretty broken.
Linux client seems to take notice of what server pushes,
namely DNS server & domains but, really nothing comes out of it.
It cannot be some limitation of Linuxes - I'm on latest
Fedora - I must be missing something and what that might be,
if you care to suggest, I'll appreciate.
many thanks, L.

On Linux, OpenVPN does not modify the DNS servers itself (unlike Windows).

There's two ways to make it happen

  - use Network Manager to run OpenVPN - it will parse the server reply,
and set up DNS accordingly

  - add an "up $script" to your client config to do the DNS setup -
we ship a sample script ("pull-resolv-conf") to do that, but I'm
not sure if Fedora integrates that, or uses something else - ask
rpm what is in the openvpn package.

gert

Thanks for that.
I've never thought of NM as better alternative than opvn 
itself, it seems to work however I wonder if NM (at least in 
Fedora) has a problem with re-uping connection after system 
resumed from sleep.

L.


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-10 Thread Gert Doering 
Hi,

On Wed, Nov 10, 2021 at 10:18:02PM +, lejeczek via Openvpn-users wrote:
> I have, I'd like to think a "regular" server setup where 
> clients from Windowze and Macs do get name resolution work 
> apparently very well, whereas Linux client - all clients do 
> use almost identical config - seems pretty broken.
> Linux client seems to take notice of what server pushes, 
> namely DNS server & domains but, really nothing comes out of it.
> It cannot be some limitation of Linuxes - I'm on latest 
> Fedora - I must be missing something and what that might be, 
> if you care to suggest, I'll appreciate.
> many thanks, L.

On Linux, OpenVPN does not modify the DNS servers itself (unlike Windows).

There's two ways to make it happen

 - use Network Manager to run OpenVPN - it will parse the server reply,
   and set up DNS accordingly

 - add an "up $script" to your client config to do the DNS setup - 
   we ship a sample script ("pull-resolv-conf") to do that, but I'm 
   not sure if Fedora integrates that, or uses something else - ask
   rpm what is in the openvpn package.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] Linux client DNS resolver - does it even work?

2021-11-10 Thread lejeczek via Openvpn-users 

Hi guys.

I have, I'd like to think a "regular" server setup where 
clients from Windowze and Macs do get name resolution work 
apparently very well, whereas Linux client - all clients do 
use almost identical config - seems pretty broken.
Linux client seems to take notice of what server pushes, 
namely DNS server & domains but, really nothing comes out of it.
It cannot be some limitation of Linuxes - I'm on latest 
Fedora - I must be missing something and what that might be, 
if you care to suggest, I'll appreciate.

many thanks, L.


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users