Openvpn problem


(Vasco) #1

Hi everyone,

New in Nethserver, coming from Zentyal. The reasons are known. Sorry for my english, is not my native language.
I’m not a technical guy, just a entusiastic user using a home server. Pls, talk to me like as I have 7 years old. :smile:

Nethserver with 1 NIC
When I connect to Nethserver is not possible browse any site who is not the Nethserver (google, facebook, etc). I can only browse the server itself.

I think is related with the fact we can not define a dns address in the Openvpn server configuration. I think if we can configure one dns address from the lan and another one from the internet the system work without problems.

But has I said I can be wrong.

What do you think?


(Filippo Carletti) #2

I think you hit a bug I discovered recently. Unfortunately I didn’t find time to try to replicate it.
A client connected to NethServer via openvpn receives a DNS server: it’s the NethServer address.
I think that dnsmasq (NethServer DNS server) refuses connections from the vpn client.
I worked around the problem forcing the dns on my client to the first ip address of the openvpn range.
Could you try my workaround and confirm it works even for you?


(Michele Bortolotto) #3

@filippo_carletti
in the openvpn config file i found : push “dhcp-option DNS $nethserverip” ,have you choosed this option to join windows client over vpn?


(George Siotas) #4

I can confirm that this problem exists. I overcome it by configuring my openvpn client to not sending dns requests to nethserver


(8omas) #5

Sometimes it is not necessary to force dns server to client. Wouldn’t be better to have a check box in vpn module? Or even better a check box during the vpnclient creation?


(Vasco) #6

Hi filippo_carletti,

I use the official OpenVPN comunnity client and I can not find any dns configuration at the gui settings.

There are another way to change that?

I don’t have the DNS and DHCP server installed in Nethserver


(Filippo Carletti) #7

NethServer pushes the DNS option to the client. It pushes itself if it’s the dns server or it pushes the configured DNS if it’s not the dns.
Since you don’t have DNS installed, your client should receive the configured dns.
Could you post the output of the command

grep push /etc/openvpn/host-to-net.conf

You should find that your client DNS is the same in the server.


(Vasco) #8

Hi
Sorry for the delay

At my laptop the dns is the router ( 192.168.1.1 ) or the dns address from the network I connect outside my lan.
In the server are two external dns. the beavior is the same when i connect from my lan or from another local

grep push /etc/openvpn/host-to-net.conf

push "dhcp-option DOMAIN home"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option WINS 208.67.222.222"
push "dhcp-option NBDD 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option WINS 208.67.220.220"
push "dhcp-option NBDD 208.67.220.220"
push "dhcp-option NBT 2"
push “route 192.168.1.0 255.255.255.0”


(Michele Bortolotto) #9

Can you ping ip like 8.8.8.8 ? What is the ip assigned by vpn server to your client?


(Vasco) #10

yes, I can ping 8.8.8.8

But I can only connect to the server. I can’t connect to internet or to another box in my lan


(Vasco) #11

@filippo_carletti

Today I reinstaled the Nethserver.

Now when I’m outside my network everithing works fine.
When I connect from my network I have the same problem. I can connect onlly to the Nethserver and can not connect to any other box.
I can ping 8.8.8.8


(Michele Bortolotto) #12

You and nethserver are on the same network? Or you have the same ip class (ex. 192.168.1.* ) of nethserver?


(Vasco) #13

I have the problem when the Nethserver is in the same network. In my case 192.168.1.0/24
If I’m in another network works well.

The OpenVPN is 172.16.32.0/24


(Michele Bortolotto) #14

This because yuo can’t have a vpn server on the same ip network of the clients :slight_smile:


(Vasco) #15

Yes, the settings are correct.


(Michele Bortolotto) #16

vpn server and vpn clients MUST be on different subnets ex server on 192.168.1.0 and clients on 10.0.0.0


(Vasco) #17

Yes, I know and they are.

I think the problem is related with the bug you talked about and the OpenVPN server needs to be more configurable.
Sorry for my bad english.

I’m don’t have technical knowledge but I can help with tests or some any information you need to solve the issues


(Vasco) #18

@filippo_carletti

Hi Filippo
I tried with an external dns (208.67.222.222) and internal IP from my router (192.168.1.1) configured in the NethServer.
In the 2 modes I have the same result I can only connect to the NethServer, I can not connect to the internet or another box from my home network (SSH).

Can you tell me how to force a dns address in the client?
I am using the official OpenVPN comunity client


(Michele Bortolotto) #19

Should you past here : ip of nethserver, ip of your pc before you start openvpn client and the ip of the vpn network


(Vasco) #20

NethServer ip: 192.168.1.254
NethServer dns: 192.168.1.1
My pc: 192.168.43.34 (external network)
OpenVPN client: 172.16.32.6
OpenVPN network: 172.16.32.0