Mageia forum

share the magic
http://forums.mageia.org/en/

OpenVPN client does not receives DNS push from server

http://forums.mageia.org/en/viewtopic.php?f=25&t=10593

Page 1 of 1

OpenVPN client does not receives DNS push from server

PostPosted: Dec 17th, '15, 07:55
by mackowiakp
I have several OpenVPN PC (M5, MAC, WIN) connecting to 3 different OpenVPN servers that is M5 server, Synology and Tomato based router. In all cases PC`s connects correctly to server, routes are added correctly and it is possible to connect to any node inside local network, using IP address instead domain names.
Looking at /etc/resolv conf file, it is clear that nameservers definitions are not changed. So - as I understand - client does not respond to "push DNS..." statement.

Below example of client /etc/sysconfig/network-scripts/vpn.d/openvpn config file on M5

Code: Select all
dev tun
tls-client
remote server.example.com 1194

dhcp-option DNS 10.55.55.100
route 10.53.28.32 255.255.255.240
route 10.53.28.16 255.255.255.240
route-metric 50
pull
proto tcp-client
script-security 2
ca /home/maciek/dir_v/openvpn/ca.crt
comp-lzo
reneg-sec 0
auth-user-pass /home/maciek/dir_v/openvpn/login.conf
auth-nocache


And server config file on Synology:

Code: Select all
Lilith> cat openvpn.conf
push "route 10.55.55.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option DNS 10.55.55.100"
dev tun

management 127.0.0.1 1195

server 10.8.0.0 255.255.255.0


dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh1024.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3

#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn

status /tmp/ovpn_status_2_result 30
status-version 2
proto tcp6-server
port 1194


And server config file on M5:

Code: Select all
[root@mackowiak openvpn]# cat server.conf
daemon
port 1194
proto udp
dev tun

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key  # This file should be kept secret

dh /etc/openvpn/dh1024.pem

server 10.12.12.0 255.255.255.0

push "dhcp-option DNS 192.168.0.201"

keepalive 10 120

cipher AES-128-CBC   # AES

comp-lzo

max-clients 10

user openvpn
group openvpn

persist-key
persist-tun

status openvpn-status.log
verb 3
client-cert-not-required
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login


I try to use "up" and "down" entries in client config file to manually change content of /etc/resolv.conf. It is strange that "up" script works correctly but "down" - no. So after disconnecting, the content of resolv.conf file remains at the state changed by "up" script.

Does anybody can help mie with such "push DNS" problem?
All times are UTC + 1 hour [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/