Menu
What's new
By:
Filters Better Search

OpenVPN client not resolving server local DNS names

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

F

felixdd

Occasional Visitor
Scenario: have openvpn server running on merlin router at office. File server is behind the router.

I am able to log in to the server from a windows 10 client through OpenVPN GUI. The client can reach the file server by using the office LAN's local DNS Name (fileserver.office).

I then set up a VPN client on my merlin router at home. I set VPN director rules to direct local (192.168.0.0/24) subnet to remote (office) subnet (192.168.1.0/24). The router-based client works and my home computer can ping and connect to the file server through its IP address (192.168.1.100) but not through its local DNS name (fileserver.office).

nslookup basically says the .office domain does not exist.

Given that connecting to the server directly from a client computer works but not if the computer is connected to a client router, this is telling me that the problem is in the client router's setting. What am I missing?
 
Unfortunately was one of the first things I've tried but was unsuccessful

ColinTaylor said:
Sounds like a DNS issue. Set Accept DNS Configuration to Exclusive.
Click to expand...

On server side, I've also tried:

push "dhcp-option DOMAIN "office"
push "dhcp-option DNS 192.168.1.1" <- my office router's local IP

(though with or without those additions the behavior remains the same -- windows openvpn client can resolve office local dns names but router openvpn client doesn't)
 
Last edited:
What is the complete output of nslookup on the client PC? e.g.
Code: 
C:\Users\Colin>nslookup m252dw.home.lan
Server:  RT-AX86U.home.lan
Address:  192.168.1.1

Name:    m252dw.home.lan
Address:  192.168.1.20

Also, what do you get if you try to query the remote resolver directly, e.g.
Code: 
nslookup fileserver.office 192.168.1.xxx
Where 192.168.1.xxx is the remote office DNS server IP.

felixdd said:
On server side, I've also tried:

push "dhcp-option DOMAIN "office"
push "dhcp-option DNS 192.168.0.1" <- my office router's local IP
Click to expand...
This contradicts what you said earlier, that the office LAN was 192.168.1.0/24.
 
Last edited:
ColinTaylor said:
This contradicts what you said earlier, that the office LAN was 192.168.1.0/24.
Click to expand...
Sorry. That was me trying to not advertise LAN-side IPs online. Probably overcautious but I changed the original post. Thanks.

nslookup of home machine, from the home machine (what you meant by "full I think")
Code: 
C:\WINDOWS\system32>nslookup smithrig.smithhome
Server:  smithRouter.smithhome
Address:  192.168.0.1

Name:    smithrig.smithhome
Address:  192.168.0.101

nslookup of file server from home by DNS name as set by office router
Code: 
C:\WINDOWS\system32>nslookup officeserver.officedomain
Server:  smithRouter.smithhome
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to smithRouter.smithhome timed-out

nslookup of file server from home by IP address as set by office router
Code: 
C:\WINDOWS\system32>nslookup 192.168.1.100
Server:  smithRouter.smithhome
Address:  192.168.0.1

*** smithRouter.smithhome can't find 192.168.11.100: Non-existent domain

ping of file server from home by IP address as set by office router
Code: 
C:\WINDOWS\system32>ping 192.168.1.100

Pinging 192.168.1.100 with 32 bytes of data:
Reply from 192.168.1.100: bytes=32 time=20ms TTL=126
Reply from 192.168.1.100: bytes=32 time=25ms TTL=126
Reply from 192.168.1.100: bytes=32 time=21ms TTL=126
Reply from 192.168.1.100: bytes=32 time=25ms TTL=126

Ping statistics for 192.168.1.100:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 25ms, Average = 22ms


As well, I can connect from home to office file server via SAMBA so as long as I enter the IP \\192.168.0.100 rather than the DNS \\officeserver.officedomain, so I know the connection is live and not just simply responding to echo requests.

I suspect it's either windows ignoring an updated DNS lookup from the router, or the home router not pushing the OpenVPN DNS table to home clients. But I don't know how to prove or fix it....
 
I asked for this:
Code: 
nslookup officeserver.officedomain 192.168.1.xxx
Where 192.168.1.xxx is the IP address of the DNS server on the office LAN.

felixdd said:
I suspect it's either windows ignoring an updated DNS lookup from the router, or the home router not pushing the OpenVPN DNS table to home clients. But I don't know how to prove or fix it....
Click to expand...
I also suspect this is the case.

P.S. Hiding/changing private IP addresses is pointless and just makes diagnosing problems more difficult and error prone.
 
ColinTaylor said:
I asked for this:
Code: 
nslookup officeserver.officedomain 192.168.1.xxx

Where 192.168.1.xxx is the IP address of the DNS server on the office LAN.
Click to expand...


Code: 
C:\WINDOWS\system32>nslookup officeserver.officedomain 192.168.1.1
Server:  officerouter.officedomain
Address:  192.168.1.1

Name:    officeserver.officedomain
Address:  192.168.1.100
 
OK. So that confirms this is a DNS issue. That said, I don't know why setting the DNS option to Exclusive didn't fix it. I know there have been some changes regarding that option over various firmware releases but I can't remember the details. I'll see if I can find some more information about that.

Can you show me your VPN Director rules. If you're redirecting your entire LAN through the VPN I would expect that you wouldn't be able to resolve local host names anymore. But you can so something's not right.

If you were to change Redirect Internet traffic through tunnel from VPN Director to All I suspect this might then work.
 
Last edited:
ColinTaylor said:
OK. So that confirms this is a DNS issue. That said, I don't know why setting the DNS option to Exclusive didn't fix it. I know there have been some changes regarding that option over various firmware releases but I can't remember the details. I'll see if I can find some more information about that.

Can you show me your VPN Director rules. If you're redirecting your entire LAN through the VPN I would expect that you wouldn't be able to resolve local host names anymore. But you can so something's not right.

If you were to change Redirect Internet traffic through tunnel from VPN Director to All I suspect this might then work.
Click to expand...
For fun I changed the DNS servers on the home router to 192.168.1.1 (and the secondary to 1.1.1.1).

With that,

Code: 
C:\WINDOWS\system32>nslookup officeserver.officedomain
Server:  officerouter.officedomain
Address:  192.168.1.1

Name:    officeserver.officedomain
Address:  192.168.1.100

However, I try to ping officeserver.officedomain, I'm met with
"Ping request could not find host officeserver.officedomain. Please check the name and try again"
But if I ping "officeserver.officedomain." (note ending period) then the ping resolves. However I still can't get into SMB shares through windows explorer.

So I'm thinking maybe something that in addition to how the client router handles DNS of the client devices underneath it, there's also some complciations with the way domain names are being handled?

But I think for now I'm just going to give up unless you've got some additional inspirations. Thanks for your help!
 
Last edited:
ColinTaylor said:
If you were to change Redirect Internet traffic through tunnel from VPN Director to All I suspect this might then work.
Click to expand...
I came back to this as I had some to open this issue again (was working on something else in this realm.

When I changed from VPN Director to All, you're correct in that things did work. So something with how VPN DIrector is set up

You asked for the VPN Director rules

INTERFACE: OpenVPN1: OFFICE-TUN
Enable: checked
Description: "Site-to-Site VPN"
Local IP: 192.168.0.0/24
Remote IP: 192.168.1.0/24
 
You must log in or register to reply here.

Similar threads

J
Reverse internet access through Asus-Merlin OpenVPN client.
Replies
0
Views
450
Johnco2
J
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
589
Drihha
D
M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
333
elorimer
E
C
How can I do this.. Router VPN Client to Server 2
Replies
3
Views
329
ComputerSteve
C
J
Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config
Replies
2
Views
615
jkbach
J
Similar threads
Thread starter Title Forum Replies Date
B No internet after turn on OpenVPN client Asuswrt-Merlin 4
Z Port forwarding for client connected to OpenVPN server Asuswrt-Merlin 0
J Reverse internet access through Asus-Merlin OpenVPN client. Asuswrt-Merlin 0
P Connect OpenVPN server with Client networks Asuswrt-Merlin 3
J Asus RT-AC68R /w latest Merlin 386.12 firmware - Openvpn client issue Asuswrt-Merlin 2
A Devices connect to my openvpn server correctly but no traffic from server to client Asuswrt-Merlin 6
A Port forwarding from OpenVPN Client Asuswrt-Merlin 4
S How to auto-restart remote clients (an Asus RT-AC68U) OpenVPN client Asuswrt-Merlin 45
P OpenVPN Client will use VPN to access... Asuswrt-Merlin 2
B Notification on OpenVPN client connection? Asuswrt-Merlin 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 913 (members: 23, guests: 890)
Top