LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-31-2008, 11:10 AM   #1
Shwick
Member
 
Registered: Jun 2008
Posts: 111

Rep: Reputation: 15
openvpn, dns not pushed on linux client


I have openvpn 2.1_rc7 running on ubuntu 8.04. I set up a user that has all traffic and dns pushed through the vpn.

On windows the vpn client works just fine, all traffic and dns requests are pushed through the vpn.

When I boot the windows pc with a live cd of ubuntu 8.04 and connect with vpn, the dns requests aren't pushed through the vpn.

I already added those two scripts that were supposed to update resolv.conf to my client config, still didn't work.
Code:
up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf
In fact if you look at the client output you don't see /etc/openvpn/update-resolv-conf being called on the dns ip 10.8.0.1, but you do see it called on the ip that is pushed to the client,
Code:
/etc/openvpn/update-resolv-conf tun0 1500 1544 10.8.1.1 10.8.1.2 init
I'm wondering if this is a permissions issue. I start the client with "sudo openvpn anonUserPush.conf". Am I supposed to add in something for the update-resolv-conf script?

If I manually add the dns to resolv.conf my requests are pushed through the vpn.

Client output:
Code:
Wed Dec 31 16:44:36 2008 OpenVPN 2.1_rc7 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Jun 11 2008
Wed Dec 31 16:44:36 2008 WARNING: file 'keys/anonUserPush.key' is group or others accessible
Wed Dec 31 16:44:36 2008 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Wed Dec 31 16:44:36 2008 LZO compression initialized
Wed Dec 31 16:44:36 2008 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Dec 31 16:44:36 2008 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Dec 31 16:44:36 2008 Local Options hash (VER=V4): '69109d17'
Wed Dec 31 16:44:36 2008 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed Dec 31 16:44:36 2008 Attempting to establish TCP connection with 10.11.12.1:443 [nonblock]
Wed Dec 31 16:44:37 2008 TCP connection established with 10.11.12.1:443
Wed Dec 31 16:44:37 2008 Send to HTTP proxy: 'CONNECT 10.6.7.0:1194 HTTP/1.0'
Wed Dec 31 16:44:38 2008 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Wed Dec 31 16:44:40 2008 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Dec 31 16:44:40 2008 TCPv4_CLIENT link local: [undef]
Wed Dec 31 16:44:40 2008 TCPv4_CLIENT link remote: 10.11.12.1:443
Wed Dec 31 16:44:40 2008 TLS: Initial packet from 10.11.12.1:443, sid=27752b22 5d16d2b1
Wed Dec 31 16:44:40 2008 VERIFY OK: depth=1, /C=CA/ST=ON/L=Ottawa/O=homeGateway/CN=homeGateway_CA/emailAddress=anon@anon.com
Wed Dec 31 16:44:40 2008 Validating certificate key usage
Wed Dec 31 16:44:40 2008 ++ Certificate has key usage  00a0, expects 00a0
Wed Dec 31 16:44:40 2008 VERIFY KU OK
Wed Dec 31 16:44:40 2008 Validating certificate extended key usage
Wed Dec 31 16:44:40 2008 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Dec 31 16:44:40 2008 VERIFY EKU OK
Wed Dec 31 16:44:40 2008 VERIFY OK: depth=0, /C=CA/ST=ON/L=Ottawa/O=homeGateway/CN=server/emailAddress=anon@anon.com
Wed Dec 31 16:44:40 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec 31 16:44:40 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 31 16:44:40 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec 31 16:44:40 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 31 16:44:40 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Dec 31 16:44:40 2008 [server] Peer Connection Initiated with 10.11.12.1:443
Wed Dec 31 16:44:41 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Dec 31 16:44:41 2008 PUSH: Received control message: 'PUSH_REPLY,route 10.6.7.0 255.255.255.255,route 10.8.0.1,topology net30,ping 10,ping-restart 120,redirect-gateway,dhcp-option DNS 10.8.0.1,ifconfig 10.8.1.1 10.8.1.2'
Wed Dec 31 16:44:41 2008 OPTIONS IMPORT: timers and/or timeouts modified
Wed Dec 31 16:44:41 2008 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec 31 16:44:41 2008 OPTIONS IMPORT: route options modified
Wed Dec 31 16:44:41 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Dec 31 16:44:41 2008 TUN/TAP device tun0 opened
Wed Dec 31 16:44:41 2008 TUN/TAP TX queue length set to 100
Wed Dec 31 16:44:41 2008 ifconfig tun0 10.8.1.1 pointopoint 10.8.1.2 mtu 1500
Wed Dec 31 16:44:41 2008 /etc/openvpn/update-resolv-conf tun0 1500 1544 10.8.1.1 10.8.1.2 init
Wed Dec 31 16:44:41 2008 OpenVPN ROUTE: omitted no-op route: 10.11.12.1/255.255.255.255 -> 10.11.12.1
Wed Dec 31 16:44:41 2008 route del -net 0.0.0.0 netmask 0.0.0.0
Wed Dec 31 16:44:41 2008 route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.8.1.2
Wed Dec 31 16:44:41 2008 route add -net 10.6.7.0 netmask 255.255.255.255 gw 10.8.1.2
Wed Dec 31 16:44:41 2008 route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.1.2
Wed Dec 31 16:44:41 2008 Initialization Sequence Completed
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
OpenVPN Client esaym Linux - Networking 3 11-11-2008 05:05 PM
OpenVPN Client for Linux googlix Linux - Software 1 11-26-2007 08:16 AM
Openvpn client to client routing question soup Linux - Networking 0 02-16-2006 11:13 AM
inetd and OpenVPN client rmocius@auste.e Slackware 0 10-14-2004 01:50 AM


All times are GMT -5. The time now is 02:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration