hlavki
November 23, 2016, 10:02pm
1
Hi,
When I am connected to omnia via openVPN, DNS resolving doesn’t work.
LAN is on 192.168.10.1
OpenVPN is on 192.168.8.1
Omnia’s services (SSH, ping, etc) is accesible.
route contains:
192.168.8.1 192.168.8.5 255.255.255.255 UGH 50 0 0 tun0
192.168.8.5 0.0.0.0 255.255.255.255 UH 50 0 0 tun0
192.168.10.0 192.168.8.5 255.255.255.0 UG 50 0 0 tun0
nslookup timed out:
nslookup turris.lan 192.168.10.1
;; connection timed out; no servers could be reached
Any suggestion? thanks
pgotze
November 23, 2016, 11:06pm
2
well, on separated dhcp I would set in advanced settings parameter DHCP-OPTIONS=“6,192.168.10.1”
I have the same problem. I set up a OpenVPN server on my omnia. I can access the internet and lan hosts via the vpn tunnel and can also access the omnia’s web interface on 192.168.1.1, but the omnia’s DNS server does not respond to queries originating from the VPN. I worked arround this by pushing a different DNS server to the VPN client.
pgotze
November 24, 2016, 8:24am
5
well I use it on my guest network with separated dhcp, no issues.
OpenVPN I use in tun mode, therefore I have no issues at all.
hlavki
November 24, 2016, 8:42pm
6
OpenVPN I use in tun mode, therefore I have no issues at all.
@pgotze , can you post here your OpenVPN configuration? thanks
pgotze
November 24, 2016, 11:00pm
7
My config in /etc/config/openvpn, my mistake, I have tap, not tun, config is pretty simple.
config openvpn 'myvpn’
option enabled '1’
option verb '3’
option proto 'udp’
option port '1195’
option dev 'tap0’
option mode 'server’
option tls_server '1’
option push 'route-gateway dhcp’
option keepalive '10 120’
option ca '/etc/openvpn/ca.crt’
option cert '/etc/openvpn/server.crt’
option key '/etc/openvpn/server.key’
option dh ‘/etc/openvpn/dh2048.pem’
/etc/config/network contains interface for vpn
config interface 'vpn0’
option ifname 'tap0’
option proto 'none’
option auto ‘1’
/etc/config/firewall contains traffic rule
config rule
option name 'Allow-OpenVPN-Inbound’
option target 'ACCEPT’
option src '*'
option proto 'udp’
option dest_port ‘1195’
Some clients, for example Android devices, don’t support Tap. Tun requires extra firewall rules to accomplish the same as Tap.
hlavki
December 25, 2016, 9:25pm
9
Adding this lines to /etc/config/openvpn
solved the problem:
list push "dhcp-option DNS 192.168.8.1"
list push "dhcp-option DOMAIN lan"
1 Like