Help please with configuring DNS so VPN clients can access the internal DNS

[yatesco]

Hi all,

I am using the standard ISO installer (i.e. hardy) and I have successfully configured a number of internal LANs, all served by DHCP with static routes.  I have also added the appropriate entries for the static DHCP hosts.

Each host can successfully ping and nslookup other hosts, so it is all good.

I have now configured the VPN and connected my (Snow Leopard) guest.  I can ping the internal machines, and ssh fine however I cannot resolve the IP from the DNS name. 

If I specify the internal DNS server then everything works fine, but I really don't want to have keep manually doing this.  OpenVPN contains this feature (through the 'push dhcp-options') but I couldn't find any way of specifying this.

Am I missing something, or is this just not implemented in ebox yet?

Thanks,

Col

[sixstone]

Hi Col,

Am I missing something, or is this just not implemented in ebox yet?

It is not included yet, this was done by design but maybe a disabled default configuration for pushing DHCP options could be a trade-off. The main position for this is the DNS queries from a LInux box cannot be separated among DNS servers but always starting from the first one in the /etc/resolv.conf. Then the configuration will route the whole DNS traffic through the VPN server so the service will be delayed quite a lot .

Another option is setting up the /etc/hosts file with the names you need.

Best,

[robdyke]

I too would like to be able to push DNS servers from the openVPN service provided by ebox/zentyal. I know that pushing dhcp options works for Windows & OS X openVPN clients and also works for all network-manager based linux environments (and perhaps also those using resolvconf scripts.

I added options like this to the zentyal scripts on my server and tested connection - it worked!

Code: [Select]

# Insert your DNS server IP here
 push "dhcp-option DNS 12.34.56.78"
 # Insert your second (if you have one) DNS server IP here
 push "dhcp-option DNS 12.34.56.79"
 # Replace with your search domain
 push "dhcp-option DOMAIN domain.tld"

however my changes were overwritten.

[robdyke]

Can someone point me at the scripts in the SVN? I'll submit a patch of somekind.

I'd like to be able to push options, just as I can with Endian efw2.3 onwards.

Static ip addresses
normally, dynamic IP addresses are assigned to clients, you can override this here and assign a static address
Push these nameservers
assign nameservers on a per-client basis here
Push domain
assign search domains on a per-client basis here

http://docs.endian.com/vpn.html#openvpn-server

[sixstone]

You must modify openvpn module available.

Here [1] you have instruction details to SVN access and you have more info about contributions [2].

Thanks very much for your help here .

[1] http://trac.zentyal.org/wiki/Document/Development/SVN
[2] http://trac.zentyal.org/wiki/Contribute

[FutureTechSys]

I'm not sure that this will be at all helpful, as its about windows, but maybe you can relate it to snow leopard with some googling.

With windows, under c:\windows\system32\drivers\etc there is a HOSTS.SAM file... you can rename it to HOSTS, and edit it and add in host names and IP addresses.  I have had that same issue with Windows/Cisco SSL vpn clients not being able to see the email server and I had to add some things in to prepend the domain name etc.

Afterwards you do nbtstat -R and nbtstat -c to reload the hosts file.

I'm sure the above has an equivalent in mac and in linux.

[robdyke]

You must modify openvpn module available.

Thanks sixstone, I'll see what I can do!

[efimius]

 i guess it's  quite easy:  just  writein openvpn.conf.mas
like general server.conf

 push "dhcp-option DNS 12.34.56.79" , t