1

I've been able to set up a routed OpenVPN on my VPS running Ubuntu 10.04. I'm able to ping both ways as well as open any website using IP-addresses on the client. Via domain names however, it does not work.

Since I'm fairly new to OpenVPN and Linux for that matter I'm not really sure where to start troubleshooting. As the server is a VPS I don't have access to its local network, but I have pressumed that I should be able to set my server as DNS Server for my VPN Clients? Using it's DNS server as my VPN Clients server. Based on this I tried adding push "dhcp-option DNS 10.x.x.x", but with no luck.

My server side config looks just like the sample config besides that I've included push "redirect-gateway def1"

My client config looks like this,

client
dev tun
proto udp
remote my.server.com 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert sovos.crt
key sovos.key
comp-lzo
verb 6

Update: I've been able to find out that the server does push out the DNS settings correctly, i.e. the values in resolv.conf change when I connect to the VPN on the client. However I'm still not able to do look-ups even using public DNS servers such as Google's.

Index
  • 121
  • 2
  • 8
  • Do a traceroute/tracepath to 8.8.8.8 from the VPN client and see where it breaks. – mgorven Aug 13 '12 at 06:48
  • It seems to brake straight away, first hop is made to the VPN server and the rest times out. traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets 1 10.8.0.1 (10.8.0.1) 1610.703 ms 80.886 ms 69.292 ms 2 * * * 3 * * * 4 * * * 5 * * – Index Aug 13 '12 at 06:54

2 Answers2

0

Your server has to actually be running a DNS server in order for that to work, which it won't be by default. Your options basically are:

  1. Don't push DNS servers and let the clients use the DNS server on their local network. This may not work if the local DNS server is not on the same subnet as the client.
  2. Push a public DNS server like Google's (8.8.8.8 and 8.8.4.4), which the clients will access over the VPN.
  3. Run a DNS server on the VPN server (dnsmasq is probably the easiest to setup), and push this to the clients.
mgorven
  • 30,615
  • 7
  • 79
  • 122
  • Thanks for your reply. Your answer confirmed what I was suspecting. Putting up my own DNS is probably what I'll end up doing, but for now I cant even get it to work with public DNS servers (like Googles). The server pushes the DNS settings correctly as the values changes in resolv.conf, but I'm still unable to do any look-ups. Suspecting the error might lie in NAT-ing, but not sure what to look after. – Index Aug 13 '12 at 06:45
0

Turns out iptables was badly configured.

These settings worked, where XX is my eth0 ip.

#Make vpn clients who connect on the tun interface able to reach the internet through the main interface (eth0)
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source XX.XX.XX.XX
Index
  • 121
  • 2
  • 8