You are not logged in.

Pages: 1

#1 2013-09-14 16:50:37

Laertes
Member
From: Munich
Registered: 2007-04-08
Posts: 66

VPN gate no DNS [Solved]

Hi,

I am trying to connect to one of the VPN gate project servers with OpenVPN but the DNS does not work after connecting:

Connection seems fine:

Sat Sep 14 18:37:09 2013 OpenVPN 2.3.2 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jun  7 2013
Sat Sep 14 18:37:09 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 14 18:37:09 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Sep 14 18:37:09 2013 UDPv4 link local: [undef]
Sat Sep 14 18:37:09 2013 UDPv4 link remote: [AF_INET]131.104.240.137:1624
Sat Sep 14 18:37:10 2013 TLS: Initial packet from [AF_INET]131.104.240.137:1624, sid=fb96240b 0c1792cd
Sat Sep 14 18:37:10 2013 VERIFY OK: depth=0, CN=wvfp0p.jp, O=02lzeqo muaw6wdyntb, C=US
Sat Sep 14 18:37:10 2013 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Sep 14 18:37:10 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 14 18:37:10 2013 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Sep 14 18:37:10 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 14 18:37:10 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Sep 14 18:37:10 2013 [wvfp0p.jp] Peer Connection Initiated with [AF_INET]131.104.240.137:1624
Sat Sep 14 18:37:12 2013 SENT CONTROL [wvfp0p.jp]: 'PUSH_REQUEST' (status=1)
Sat Sep 14 18:37:12 2013 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.1 10.211.1.2,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.2,redirect-gateway def1'
Sat Sep 14 18:37:12 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 14 18:37:12 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 14 18:37:12 2013 OPTIONS IMPORT: route options modified
Sat Sep 14 18:37:12 2013 OPTIONS IMPORT: route-related options modified
Sat Sep 14 18:37:12 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Sep 14 18:37:12 2013 ROUTE_GATEWAY 192.168.200.203/255.255.255.0 IFACE=eth0 HWADDR=xx:xx:xx:xx:xx:xx
Sat Sep 14 18:37:12 2013 TUN/TAP device tun0 opened
Sat Sep 14 18:37:12 2013 TUN/TAP TX queue length set to 100
Sat Sep 14 18:37:12 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Sep 14 18:37:12 2013 /usr/bin/ip link set dev tun0 up mtu 1500
Sat Sep 14 18:37:12 2013 /usr/bin/ip addr add dev tun0 local 10.211.1.1 peer 10.211.1.2
Sat Sep 14 18:37:12 2013 /usr/bin/ip route add 131.104.240.137/32 via 192.168.1.1
Sat Sep 14 18:37:12 2013 /usr/bin/ip route add 0.0.0.0/1 via 10.211.1.2
Sat Sep 14 18:37:12 2013 /usr/bin/ip route add 128.0.0.0/1 via 10.211.1.2
Sat Sep 14 18:37:12 2013 Initialization Sequence Completed

If I ping any url I get nothing, but if I ping the IP address it works. I am not an IT or even less a networking expert, any suggestion?

Last edited by Laertes (2013-09-16 18:00:50)

Offline

#2 2013-09-15 13:53:46

stqn
Member
Registered: 2010-03-19
Posts: 1,191
Website

Re: VPN gate no DNS [Solved]

I don’t know what’s wrong and I’m not a networking expert either, but since no-one else is answering let’s try a few things…

I see that the VPN is pushing two DNS IP addresses to you: 10.211.254.254 and 8.8.8.8 (that one is google’s DNS). From where I am 10.211.254.254 is not answering, so I’m guessing it is your VPN’s own DNS.

Can you ping those servers?
What does "dig twitter.com" say?
Can you "dig @10.211.254.254 twitter.com"?
Can you "dig @8.8.8.8 twitter.com"?
What does /etc/resolv.conf contain?
Are you using a DNS cache like pdnsd or dnsmasq?

Offline

#3 2013-09-15 17:05:06

Laertes
Member
From: Munich
Registered: 2007-04-08
Posts: 66

Re: VPN gate no DNS [Solved]

Thanks for your answer stqn. I think I know what is the problem now:

drill @10.211.254.254 twitter.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 51210
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; twitter.com.	IN	A

;; ANSWER SECTION:
twitter.com.	14	IN	A	199.59.150.39
twitter.com.	14	IN	A	199.59.150.7
twitter.com.	14	IN	A	199.59.149.198

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 334 msec
;; SERVER: 10.211.254.254
;; WHEN: Sun Sep 15 18:56:21 2013
;; MSG SIZE  rcvd: 77
drill @8.8.8.8 twitter.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 32381
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; twitter.com.	IN	A

;; ANSWER SECTION:
twitter.com.	6	IN	A	199.59.150.7
twitter.com.	6	IN	A	199.59.149.198
twitter.com.	6	IN	A	199.59.148.10

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 342 msec
;; SERVER: 8.8.8.8
;; WHEN: Sun Sep 15 18:56:32 2013
;; MSG SIZE  rcvd: 77
cat /etc/resolv.conf
# Generated by resolvconf
nameserver 212.142.144.66
nameserver 212.142.144.98
drill twitter.com
;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 12634
;; flags: qr rd ra ; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; 
;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 617 msec
;; SERVER: 212.142.144.98
;; WHEN: Sun Sep 15 18:55:15 2013
;; MSG SIZE  rcvd: 12

It seems that it is using my ISP DNS and not the ones that the VPN defines. How can I change this? Do I change resolv.conf manually?

As far as I know I am not using pdnsd or dnsmasq, at least ps -A doesn't show them.

Offline

#4 2013-09-15 17:17:27

Laertes
Member
From: Munich
Registered: 2007-04-08
Posts: 66

Re: VPN gate no DNS [Solved]

Ok, It works changing resolv.conf manually, but I guess this is not the right way.

Offline

#5 2013-09-15 18:11:31

stqn
Member
Registered: 2010-03-19
Posts: 1,191
Website

Re: VPN gate no DNS [Solved]

I had a very similar problem under Manjaro Linux a few weeks ago and I ended up copying the update-resolv-conf script from Xubuntu 12.04 to make it work.
I see that it is actually explained in the wiki: https://wiki.archlinux.org/index.php/OpenVPN#DNS
(I would suggest to save update-resolv-conf into /etc/openvpn/ rather than /usr/share/openvpn/ because we’re supposed to change /etc, but not /usr/share… but that won’t change anything.)

Offline

#6 2013-09-16 16:40:32

Laertes
Member
From: Munich
Registered: 2007-04-08
Posts: 66

Re: VPN gate no DNS [Solved]

Thanks again stqn. I read the wiki until "Connect to a VPN provided by a third party" because it says "To connect to a VPN provided by a third party, most of the following can most likely be ignored".

It works fine.

Offline

#7 2013-09-16 17:06:33

stqn
Member
Registered: 2010-03-19
Posts: 1,191
Website

Re: VPN gate no DNS [Solved]

Great, don’t forget to mark the thread as [SOLVED] then smile.

Offline

Pages: 1

Board footer

Powered by FluxBB