Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I've done a default OpenVPN install on one of the boxes at home running FreeBSD. I can connect fine from a remote location, the only problem I'm having now is surfing the net if I'm connected to the OpenVPN connection. I can surf fine if I use an IP address but FQDN does not work. I can ping hosts on the remote network when connected.
Do I need to run something like dnsmasq on my client for local DNS caching or is there a simpler solution.
Not sure what you mean by a default OpenVPN install. Are your remote clients using DHCP to get IP addresses, DNS servers etc before the tunnel is set up and are you also using DHCP on the OpenVPN server to allocate IP addresses? If you are then it sounds like a default gateway issue. You can either configure the OpenVPN server to leave your default gateway alone - in which case surfing the Web at the same time on the client will not go though the tunnel and should work the same as always - or use the
directive to redirect the gateway to the server end of the tunnel. In this case you need also
push "dhcp-option DNS x.x.x.x"
where x.x.x.x is the address of your DNS server at the server end of the tunnel. Web surfing will then go through the tunnel so you also need a route from the far end of the tunnel out to the Web and for the DNS server at the far end of the tunnel to work.
The way to track this down is to use ifconfig (ipconfig /all for Windows) and route (route print for windows) before and after you connect to the VPN to see what's going on.
My client is getting the IP address from whatever network its at. I do want to surf the internet through the vpn tunnel, don't want to use the network where i'm at. Below is my server openvpn config file:
push "dhcp-option DNS 192.168.1.1" #192.168.1.1 is the gateway
push "dhcp-option DNS 192.168.1.1"
# Don't put this in the keys directory unless user nobody can read it
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
server 192.168.10.0 255.255.255.128
push "redirect-gateway def1"
keepalive 10 120
cool, thanks for the response. i'll give it a shot and see what the outcome is. The other thing I noticed, while experimenting in the office last night, I have a Mac G5 with two ethernet ports. So I enabled Internet Sharing and connected the eth cable from the 2nd eth port on the Mac to my notebook. I got an IP address (192.168.2.1) but could not do anything (ping a host on the network) or even surf the web. While I was connected to this setup, I ran openvpn and connected to the vpn at home, and it connected fine, and right after that i tried to surf. I even checked my IP address at shield's up site, and it showed my home external router IP. Weird stuff, but thought I'd let you know and i'll continue troubleshooting
.. I even checked my IP address at shield's up site, and it showed my home external router IP. Weird stuff, but thought I'd let you know and i'll continue troubleshooting
That's what you would expect - the VPN gets you inside your home network and then you are effectively trying to surf out from there.
One question I didn't think to ask was can you surf the internet ok from the machine that is the VPN server? You can always set it up as a DNS server and then use it's VPN address as your DNS server address for your VPN clients.
yeah, that's a good suggestion. i'll try to set one up when i get off work today. I changed my server config a little, except now it lets me surf, but i'm surfing through the remote network that i'm connected to. I think it definately might be a network/subnet problem or routing problem. maybe i'm not specificying the correct route to be pushed by the vpn server.
ok, looks like I figured the problem out. Its was definately DNS related. Once I connected to the openvpn server at home, i copied contents of the resolv.conf file with the one that was already on my laptop. and it worked like a charm. My question though, in the server config file, when I specify
push "dhcp-option DNS a.b.c.d"
shouldn't that normally suffice. Is there a way to automate the replacement of the resolv.conf file on the client machine ?
From some of the articles/posts I checked on Google, for some reason it seems for Linux hosts, even if the server is pushing DNS for some reason Linux host doesn't accept or change the DNS in resolv.conf. I might be wrong though.
So I basically setup two scripts, on my client, one which copies the original resolv.conf file and saves it as a backup and then copies nameservers from another file and echo's it to the resolv.conf file. for now that seems to be a quick fix.
The other thing I was concerned about, in my client.conf file for openvpn, i have set the script to pass on control to user nobody and group nobody. Initially that control was not letting me to modify resolv.conf through the two scripts I had setup, so I disabled user nobody and group nobody. is that a security risk on the client end ?
Strange - what should happen is that it deletes the existing gateway and then replaces it with the one in the dhcp-option. The only thing I noticed is that in your server config you have
push "redirect-gateway def1"
- in my conf it's just
. The other thing to check is the client log - you should see it trying to remove the existing default gateway and replacing it - there has to be a default gateway to start with for this to work. The only other thing is permissions - the OpenVPN client has to be able to change routes - this is more a problem with Windows clients I think you're using a linux client?
My previous post answered the one previous to your last!
Not sure about the linux client issue on changing resolv.conf - from previous experience with wireless cards it should only depend on the DHCP client settings. On my system there're some settings in /etc/sysconfig/network/dhcp that affect whether DHCP can modify resolv.conf and default gateways. Could be a permissions issue with the OpenVPN client.
The user/group nobody should only be relevant AFAIK to the server. Unless you log on as root on your client you should be fine!
Your client VPN log should tell you what's happening on the default gateway.