|
|
Hi, I couldn't find a search feature for the list archives, so apologies if this has been asked before. I've been using OpenVPN to connect several Red Hat Linux 9 clients to an internal office network for some months now, and it's been performing very well. However I've always had complications with the client's DNS settings, and wondered if anybody might have some advice. To route packets to the office LAN and other VPN clients I include the following commands in the VPN startup script: route add -net 10.51.0.0 netmask 255.255.0.0 gw $5 route add -net 10.1.1.0 netmask 255.255.255.0 gw $5 These routes are automatically deleted when the tun interface is closed. Then to override some defaults from any DHCP servers the clients use to setup networking, I add the following to /etc/dhclient-eth0.conf: append domain-name "netproject.com"; prepend domain-name-servers 10.51.10.4; I need the private DNS server to be prepended before any others since it holds names for internal hosts in netproject.com, which fail if external DNS is tried first. DHCP negotiation then results in an /etc/resolv.conf something like this: search netproject.com nameserver 10.51.10.4 nameserver 10.0.0.1 nameserver 10.0.0.2 So far so good, but there are two problems that I can't figure out nice solutions for. Firstly if openvpn is not running (e.g. it's not started by default) then injecting the unreachable DNS server messes up resolving. Secondly if a laptop roams then automatically starting the VPN confuses networking if it's already on the office LAN, but until it's manually started DNS is a problem on other networks if the unreachable private server is included. Somehow I'd like an intelligent test so the VPN isn't started if the office LAN is already locally available. In addition I'd like the DNS server to be added and removed on the fly with the VPN connection to it, rather than just being forced on or off. However local DHCP details must also be honoured, which makes things more complicated. Any ideas? Thanks in advance, Sean. -- Sean Atkinson <sean@xxxxxxxxxxxxxx> Netproject ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |