[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] DNS Resolution issue

  • Subject: Re: [Openvpn-users] DNS Resolution issue
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Wed, 07 Nov 2007 15:08:36 +0000


Britain Crooker wrote:
> I have OpenVPN 2.0.9 installed on my CentOS box, and am trying to get it
> set up so that it routes all internet traffic through the VPN when
> connected.  For the most part, this seems to work.  However, for some
> sites (like www.google.com <http://www.google.com>) it won't let me connect.
> The issue seems to be when the DNS lookup returns a different host name
> than what is specified (like a nslookup of www.google.com
> <http://www.google.com> returns a canonical name of www.l.google.com
> <http://www.l.google.com>).  Or www.openvpn.net <http://www.openvpn.net>
> returns openvpn.net.  If I enter the canonical name then it works fine. 
> If I enter the other name the lookup fails.

This is really surprising as DNS is not used here to deliver names, but
addresses and it cannot be expected that reverse resolution always
returns the same as the forward query asks for.

> I have configured the system using this command:
> echo 1 > /proc/sys/net/ipv4/ip_forward

So it is forwarding packets....

> And
> iptables -t nat -s -A POSTROUTING -j SNAT --to <my server IP>
> My server doesn't have ipt_masquerade support compiled into the kernel,
> so I had to use that command.  I have also added the option:
> push "redirect-gateway def1"

I would rather follow the packet trail and see what your browser really
requests and where those packets go. You will probably find other
reasons for the failure.

OpenVPN mailing lists