[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] DNS Resolution issue

  • Subject: Re: [Openvpn-users] DNS Resolution issue
  • From: "Britain Crooker" <britainc@xxxxxxxxxxxxxx>
  • Date: Wed, 7 Nov 2007 10:40:09 -0500

I found and fixed the problem.  Turns out I had DNS recursion disabled
except for localhost.  I added the subnet and restarted named
and now everything works great. 

-----Original Message-----
From: Erich Titl [mailto:erich.titl@xxxxxxxx] 
Sent: Wednesday, November 07, 2007 10:09 AM
To: Britain Crooker
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] DNS Resolution issue


Britain Crooker wrote:
> I have OpenVPN 2.0.9 installed on my CentOS box, and am trying to get 
> it set up so that it routes all internet traffic through the VPN when 
> connected.  For the most part, this seems to work.  However, for some 
> sites (like www.google.com <http://www.google.com>) it won't let me
> The issue seems to be when the DNS lookup returns a different host 
> name than what is specified (like a nslookup of www.google.com 
> <http://www.google.com> returns a canonical name of www.l.google.com 
> <http://www.l.google.com>).  Or www.openvpn.net 
> <http://www.openvpn.net> returns openvpn.net.  If I enter the canonical
name then it works fine.
> If I enter the other name the lookup fails.

This is really surprising as DNS is not used here to deliver names, but
addresses and it cannot be expected that reverse resolution always returns
the same as the forward query asks for.

> I have configured the system using this command:
> echo 1 > /proc/sys/net/ipv4/ip_forward

So it is forwarding packets....

> And
> iptables -t nat -s -A POSTROUTING -j SNAT --to <my server 
> IP>
> My server doesn't have ipt_masquerade support compiled into the 
> kernel, so I had to use that command.  I have also added the option:
> push "redirect-gateway def1"

I would rather follow the packet trail and see what your browser really
requests and where those packets go. You will probably find other reasons
for the failure.



Openvpn-users mailing list