What's new

VPN not resolving DNS of remote lan

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

miodzicho

Occasional Visitor
Hello all.
I'm trying to create multiple remote LANs connected to one OpenVPN server. Server is on fritz box, remote are on asuswrt.
Tunnels are connected, traffic goes through, i can ping, reaches Web interface of remote router. However I cannot resolve local names. On server I have dnsmasq with line server=/remote 1.lan/10.36.92.1 (pointing to one asuswrt. Server also pushes DHCP option. What I'm missing here?
 
I'm step further with this. Nslookup works with command : nslookup host1.domain.lan 10.36.98.1 or nslookup host2.domain2.lan 10.36.92.1
But when I try only host1.domain.lan or host2.domain2.lan I see request is coming in, but now source is IP of the tunnel (here 192.168.200.1) and dnsmasq is responding but this is somehow ignored:

Code:
192.168.200.1.52528 > somehost.domain.lan.domain: 58398+ A? router.domain.lan. (35)
15:41:03.419299 IP router.domain.lan.domain > 192.168.200.1.52528: 58398* 1/0/0 A 10.36.92.1 (51)

Code:
nslookup somehost.domain.lan
Server:         10.36.98.1
Address:        10.36.98.1#53

*** Can't find somehost.domain.lan: No answer

Configuration as follow :

LAN -- router 10.36.98.1 - tunnel 192.168.200.1 ------- 192.168.200.8 tunnel - 10.36.92.1 router -- LAN

Code:
OpenVPN Server 10.36.98.1

mode server
tls-server
auth-nocache
allow-pull-fqdn
port 1194
keepalive 10 60
cipher AES-128-CBC
client-to-client
#push "redirect-gateway def1"
ca /tmp/flash/openvpn/ca.crt
cert /tmp/flash/openvpn/box.crt
key /tmp/flash/openvpn/box.key
dh /tmp/flash/openvpn/dh.pem
dev tun
#user nobody
chroot /tmp/flash/openvpn
#group nobody
ifconfig-pool-persist /tmp/flash/openvpn/ipp.txt
client-config-dir ccd
topology subnet
push "dhcp-option DOMAIN domain.lan"
push "dhcp-option DNS 10.36.98.1"
server 192.168.200.0 255.255.255.0
#push "route 10.36.98.0 255.255.255.0"
route 10.36.92.0 255.255.255.0 192.168.200.2
route 10.36.96.0 255.255.255.0 192.168.200.5
verb 3
persist-key
persist-tun
#status /var/log/openvpn.log
 
Given you're working w/ unknown firmware (at least to me), it's difficult to provide specific advice. Despite that, what I can say is that I know of three things that need to be considered when dealing w/ local name resolution across a site-to-site VPN.

1) You need server directives in DNSMasq that point to the other device's IP for those same domains (which you seem to have done already).

Code:
server=/remote1.lan/10.36.92.1

2) DNSMasq on each side of the tunnel must be listening to its respective tunnel network interface. IOW, if the tunnel is named tun11 on the client, DNSMasq would need a directive like the following.

Code:
interface=tun11

Same thing on the server side (which probably uses a different network interface name).

3) If you have DNS rebind protection enabled, you either need to disable it, or better yet, make an exception for those local domains in DNSMasq.

Code:
rebind-domain-ok=remote1.lan

With these things in place, it should be working.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top