|
|
I found and fixed the problem. Turns out I had DNS recursion disabled except for localhost. I added the 10.8.0.0/24 subnet and restarted named and now everything works great. -----Original Message----- From: Erich Titl [mailto:erich.titl@xxxxxxxx] Sent: Wednesday, November 07, 2007 10:09 AM To: Britain Crooker Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: [Openvpn-users] DNS Resolution issue Hi Britain Crooker wrote: > I have OpenVPN 2.0.9 installed on my CentOS box, and am trying to get > it set up so that it routes all internet traffic through the VPN when > connected. For the most part, this seems to work. However, for some > sites (like www.google.com <http://www.google.com>) it won't let me connect. > > The issue seems to be when the DNS lookup returns a different host > name than what is specified (like a nslookup of www.google.com > <http://www.google.com> returns a canonical name of www.l.google.com > <http://www.l.google.com>). Or www.openvpn.net > <http://www.openvpn.net> returns openvpn.net. If I enter the canonical name then it works fine. > If I enter the other name the lookup fails. This is really surprising as DNS is not used here to deliver names, but addresses and it cannot be expected that reverse resolution always returns the same as the forward query asks for. > > I have configured the system using this command: > > echo 1 > /proc/sys/net/ipv4/ip_forward So it is forwarding packets.... > > And > > iptables -t nat -s 10.8.0.0/24 -A POSTROUTING -j SNAT --to <my server > IP> > > My server doesn't have ipt_masquerade support compiled into the > kernel, so I had to use that command. I have also added the option: > > push "redirect-gateway def1" I would rather follow the packet trail and see what your browser really requests and where those packets go. You will probably find other reasons for the failure. cheers Erich ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |