Bug #2525

OpenVPN name resolution

Added by Filippo Carletti over 7 years ago. Updated over 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-openvpn
Target version:v6.5-beta3
Security class: Resolution:
Affected version:v6.4-beta2 NEEDINFO:No

Description

After openvpn connection to our firewall, DNS names are not resolved on client.
Firewall pushes its IP address as DNS to client, but our firewall is not our dns, it has no name server active on port 53, it simply direct queries to our internal DNS.

Associated revisions

Revision 7962bbdf
Added by Giacomo Sanchietti over 7 years ago

host-to-net.conf template: push DNS server address to client. Refs #2525

Revision 16284f2f
Added by Giacomo Sanchietti over 7 years ago

host-to-net.conf template: use dns 'role' property. Refs #2525

History

#1 Updated by Filippo Carletti over 7 years ago

A possibile fix:

--- /etc/e-smith/templates/etc/openvpn/host-to-net.conf/40route    2013-10-24 10:08:03.000000000 +0200
+++ /etc/e-smith/templates-custom/etc/openvpn/host-to-net.conf/40route    2013-12-19 16:07:47.280732034 +0100
@@ -4,6 +4,7 @@
     my $ndb = esmith::NetworksDB->open_ro();
     my $green = $ndb->green();
     my $IPAddress = $green->prop('ipaddr');
+    $DNS = $dns{'NameServers'} || $IPAddress;

     $OUT  = "";

@@ -13,8 +14,8 @@
     }

     $OUT .= "push \"dhcp-option DOMAIN $DomainName\"\n";
-    $OUT .= "push \"dhcp-option DNS $IPAddress\"\n";
-    $OUT .= "push \"dhcp-option WINS $IPAddress\"\n";
+    $OUT .= "push \"dhcp-option DNS $DNS\"\n";
+    $OUT .= "push \"dhcp-option WINS $DNS\"\n";
     $OUT .= "push \"dhcp-option NBT 2\"\n";
     $OUT .= "push \"dhcp-option NBDD $IPAddress\"\n";

#2 Updated by Filippo Carletti over 7 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.5-beta3
  • % Done changed from 0 to 20

#3 Updated by Giacomo Sanchietti over 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti over 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-openvpn-1.0.1-2.0git16284f2f.ns6.noarch.rpm
Test case
  • Configure and connect an OpenVPN client to the server
  • If the server is the network DNS (dns[role] = 'resolver'), the client must receive the ip address of the server itself as DNS server
  • Otherwise the client must receive the value of dns[NameServers] property as DNS server(s)

#6 Updated by Davide Principi over 7 years ago

  • Assignee set to Davide Principi

#7 Updated by Davide Principi over 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

#8 Updated by Davide Principi over 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Released in nethserver/6.5/base repository.

Also available in: Atom PDF