What's new

DNS Exclusive - DNAT rules only for 1 of 2 VPN clients?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jack Yaz

Part of the Furniture
I've recently started dabbling with OpenVPN clients again, and set both client 1 and 2 to use exclusive dns. i see the nat table get some rules for VPN Client 1, but nothing for VPN Client 2.

Separate list of redirected IPs in each client. I'm almost sure its something I've caused, but I wondered if anyone else sees this?
 
I tried to reproduce the problem, and thought I had, until I realized I had specified the following in the custom config for OpenVPN client #2.

Code:
pull-filter ignore "dhcp-option DNS"

That got to thinking maybe you had done the same. Once I removed it, then the DNSVPN1 and DNSVPN2 chains in the nat table appeared as expected.

I suppose it's always possible as well the VPN provider *might* NOT push a DNS server. Exclusive assumes this is never going to happen.
 
I tried to reproduce the problem, and thought I had, until I realized I had specified the following in the custom config for OpenVPN client #2.

Code:
pull-filter ignore "dhcp-option DNS"

That got to thinking maybe you had done the same. Once I removed it, then the DNSVPN1 and DNSVPN2 chains in the nat table appeared as expected.

I suppose it's always possible as well the VPN provider *might* NOT push a DNS server.
Something to check, but alas its not there. I think it was caused by me rapidly restarting vpnclient1 followed by 2, and the firewall tripped over itself. adding a sleep of 15s between service calls seems to be OK
 
Something to check, but alas its not there. I think it was caused by me rapidly restarting vpnclient1 followed by 2, and the firewall tripped over itself. adding a sleep of 15s between service calls seems to be OK

Maybe. But I thought iptables used a lock to prevent this. It should always serialize entry to prevent these kinds of lost updates.

P.S. Or maybe it's the firewall service that's locking. IIRC, the VPNs don't use the firewall service itself, but their own route-up/route-down scripts to manage this stuff.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top