Modify

Opened 2 years ago

Last modified 2 years ago

#20830 new defect

OpenVPN client not updating DNSmasq servers

Reported by: qberdugo@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Chaos Calmer 15.05
Keywords: OpenVPN DNSmasq Cc:

Description

HI,

I'm using openWRT and openVPN to create a network to network VPN. Everything works fine but it seems like the client side ignores the dhcp DNS option.

Client side logs:
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.1.1,dhcp-option DOMAIN lan,route 10.10.1.0 255.255.255.0,route 10.11.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.11.0.18 10.11.0.17'

#cat /tmp/resolv.conf
search lan
nameserver 127.0.0.1

cat /tmp/resolv.conf.auto
# Interface wan
nameserver 84.116.46.22
nameserver 84.116.46.23

My understanding is that resolv.conf.auto should be overridden by the addess pshed by the openVPN server (10.11.1.1).

Other than that, everything works fine : I'm able to resolve manually both on the client and server dnsmasq

#nslookup google.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost

Name: google.com
Address 1: 2a00:1450:401b:800::200e waw02s05-in-x0e.1e100.net
Address 2: 216.58.209.46 waw02s05-in-f14.1e100.net

#nslookup google.com 10.10.1.1
Server: 10.10.1.1
Address 1: 10.10.1.1 bb.lan

Name: google.com
Address 1: 2a00:1450:4007:805::1001 par03s12-in-x01.1e100.net
Address 2: 216.58.211.110 par03s15-in-f14.1e100.net

Note : I do *not* push the default route to be the VPN server intentionally.

Thanks.

Debug info
[root@FriedNoodle:/overlay/work]#uname -a
Linux FriedNoodle 3.18.20 #1 Fri Sep 4 18:55:05 CEST 2015 mips GNU/Linux

[root@FriedNoodle:/overlay/work]#openvpn --version
OpenVPN 2.3.6 mipsel-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015
library versions: PolarSSL 1.3.11, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>

[root@FriedNoodle:/overlay/work]#cat /etc/config/openvpn
config openvpn 'noumezon_client'

option client '1'
option dev 'tun'
option proto 'udp'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option comp_lzo 'yes'
option verb '4'
option remote 'noumezon.duckdns.org 1194'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/ovpn-friednoodle.crt'
option key '/etc/openvpn/ovpn-friednoodle.key'
option fast_io '1'
option enabled '1'
option remote_cert_tls server

CLIENT SIDE dnsmasq config :

config dnsmasq

option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'

SERVER SIDE CONFIG :
config openvpn 'tcp'

option enable '1'
option port '1194'
option proto 'tcp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/ovpn-bluebox.crt'
option key '/etc/openvpn/ovpn-bluebox.key'
option dh '/etc/openvpn/dh2048.pem'
option ifconfig_pool_persist '/tmp/ipp-tcp.txt'
option keepalive '10 120'
option comp_lzo 'adaptive'
option persist_key '1'
option persist_tun '1'
option status '/var/log/openvpn-status-tcp.log'
option verb '3'
option server '10.11.0.0 255.255.255.0'
option client_to_client '1'
option crl_verify '/etc/openvpn/crl.pem'
option client_config_dir '/etc/openvpn/ccd'
list push 'dhcp-option DNS 10.10.1.1'
list push 'dhcp-option DOMAIN lan'
list push 'route 10.10.1.0 255.255.255.0'
option enabled '1'

Anything else, let me know

Attachments (0)

Change History (2)

comment:1 Changed 2 years ago by anonymous

did you solved this?

comment:2 Changed 2 years ago by eric_dtw

If I followed the script chain correctly. /tmp/resolv.conf.auto is created during IFUP events from /lib/dhcp* scripts called by udhcpc and odhcpv6c. That is where a VPN tunnel also needs to update on a virtual IFUP.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.