Re: [Openvpn-users] macox dns help for a novice?
Actually, things weren't as bad as I thought - that --up script does seem to work after all! My mistake (I did say I was a Mac novice!) was that I *assumed* nslookup srv.corporate.domain would work - well it didn't. What I didn't check was that ping srv.corporate.domain does work :-) i.e it looks like the Mac's resolver library (which most apps would use) does point particular DNS queries at the internal-over-openvpn DNS servers after all. It's just that pure DNS tools like nslookup cannot make use of it So it looks like it works to me? Jonathan, you should take another look at that script and confirm/deny? PS: Ubuntu's insistence on using dnsmasq and always making the DNS server 127.0.0.1 totally solves this problem 100% of the time for all applications - why can't the OSes be as smart :-) On 04/09/14 01:05, Jonathan K. Bullard wrote: On Wed, Sep 3, 2014 at 8:37 AM, Gert Doering wrote: On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote: Anyway, has anyone out there found out how to do this and is willing to share? :-) I have no direct answer, but maybe using Tunnelblick instead of raw openvpn would just solve this for you? (It's a very nice MacOS gui that bundles openvpn - just like the windows gui bundle) As the current Tunnelblick developer/maintainer, I appreciate Gert's kind words, but Tunnelblick does not do split DNS either. I've never been able to get it working -- in fact, I am hoping someone will respond to Jason's post with information or code so I could add this ability to Tunnelblick! -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] macox dns help for a novice?
Hi there I'm trying to get openvpn working on a Mac client for the first time (tun mode), it's all working at the IP layer, but I want to get the scoped DNS bit working too: ie tell the Mac to send DNS lookups for *.company.domain through the tunnel to corporate DNS servers, and use the default interface DNS for everything else I found openvpn-tun-up-down.sh on the Internet which seems to be *almost* correct, but it doesn't quite work. It uses scutils to reconfigure DNS, but I ended up with company.domain set against the default DNS instead of the tunnel's DNS settings. It was written in 2006 so maybe it doesn't work on the newer OSes? Anyway, has anyone out there found out how to do this and is willing to share? :-) Thanks! PS: I'm using this http://openvpn.net/archive/openvpn-users/2006-10/msg00120.html -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] macox dns help for a novice?
Hi, On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote: Anyway, has anyone out there found out how to do this and is willing to share? :-) I have no direct answer, but maybe using Tunnelblick instead of raw openvpn would just solve this for you? (It's a very nice MacOS gui that bundles openvpn - just like the windows gui bundle) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpVDzo87vLIV.pgp Description: PGP signature -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] macox dns help for a novice?
On Wed, Sep 3, 2014 at 8:37 AM, Gert Doering wrote: On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote: Anyway, has anyone out there found out how to do this and is willing to share? :-) I have no direct answer, but maybe using Tunnelblick instead of raw openvpn would just solve this for you? (It's a very nice MacOS gui that bundles openvpn - just like the windows gui bundle) As the current Tunnelblick developer/maintainer, I appreciate Gert's kind words, but Tunnelblick does not do split DNS either. I've never been able to get it working -- in fact, I am hoping someone will respond to Jason's post with information or code so I could add this ability to Tunnelblick! -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] macox dns help for a novice?
I use tunnleblick also, it works well and is updated on a regular basis. JBB On 9/3/14, 8:37 AM, Gert Doering wrote: Hi, On Wed, Sep 03, 2014 at 06:41:17PM +1200, Jason Haar wrote: Anyway, has anyone out there found out how to do this and is willing to share? :-) I have no direct answer, but maybe using Tunnelblick instead of raw openvpn would just solve this for you? (It's a very nice MacOS gui that bundles openvpn - just like the windows gui bundle) gert -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] macox dns help for a novice?
On 04/09/14 01:05, Jonathan K. Bullard wrote: As the current Tunnelblick developer/maintainer, I appreciate Gert's kind words, but Tunnelblick does not do split DNS either. I've never been able to get it working -- in fact, I am hoping someone will respond to Jason's post with information or code so I could add this ability to Tunnelblick! Well that is depressing! :-) It must be *nearly* working. At home, after openvpn connects back to work and --up runs openvpn-tun-up-down.sh, my DNS is altered such that root# scutil --dns DNS configuration resolver #1 search domain[0] : corporate.domain search domain[1] : home.domain nameserver[0] : 192.168.248.3 DNS configuration (for scoped queries) resolver #1 search domain[0] : home.domain nameserver[0] : 192.168.248.3 ... resolver #2 nameserver[0] : 10.1.1.2 nameserver[1] : 10.1.2.1 if_index : 10 (tun0) So from what I can see, the only thing that needs to be done is to take corporate.domain out of resolver #1 from the general section, and put it down into resolver #2 in the scoped section. I'm not a Mac person, but I interpret this as meaning when I do nslookup blah.corporate.domain, the Mac sends it to resolver #1 instead of resolver #2. Once that is fixed, it should all work? -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users