Openvpn problem

vcc · April 9, 2015, 7:05pm

Hi everyone,

New in Nethserver, coming from Zentyal. The reasons are known. Sorry for my english, is not my native language.
I’m not a technical guy, just a entusiastic user using a home server. Pls, talk to me like as I have 7 years old.

Nethserver with 1 NIC
When I connect to Nethserver is not possible browse any site who is not the Nethserver (google, facebook, etc). I can only browse the server itself.

I think is related with the fact we can not define a dns address in the Openvpn server configuration. I think if we can configure one dns address from the lan and another one from the internet the system work without problems.

But has I said I can be wrong.

What do you think?

filippo_carletti · April 10, 2015, 8:39am

I think you hit a bug I discovered recently. Unfortunately I didn’t find time to try to replicate it.
A client connected to NethServer via openvpn receives a DNS server: it’s the NethServer address.
I think that dnsmasq (NethServer DNS server) refuses connections from the vpn client.
I worked around the problem forcing the dns on my client to the first ip address of the openvpn range.
Could you try my workaround and confirm it works even for you?

AbsyntH · April 10, 2015, 9:30am

@filippo_carletti
in the openvpn config file i found : push “dhcp-option DNS $nethserverip” ,have you choosed this option to join windows client over vpn?

gsiotas · April 10, 2015, 10:37am

I can confirm that this problem exists. I overcome it by configuring my openvpn client to not sending dns requests to nethserver

8omas · April 10, 2015, 11:13am

Sometimes it is not necessary to force dns server to client. Wouldn’t be better to have a check box in vpn module? Or even better a check box during the vpnclient creation?

vcc · April 10, 2015, 2:25pm

Hi filippo_carletti,

I use the official OpenVPN comunnity client and I can not find any dns configuration at the gui settings.

There are another way to change that?

I don’t have the DNS and DHCP server installed in Nethserver

filippo_carletti · April 10, 2015, 2:56pm

NethServer pushes the DNS option to the client. It pushes itself if it’s the dns server or it pushes the configured DNS if it’s not the dns.
Since you don’t have DNS installed, your client should receive the configured dns.
Could you post the output of the command

grep push /etc/openvpn/host-to-net.conf

You should find that your client DNS is the same in the server.

vcc · April 11, 2015, 12:42pm

Hi
Sorry for the delay

At my laptop the dns is the router ( 192.168.1.1 ) or the dns address from the network I connect outside my lan.
In the server are two external dns. the beavior is the same when i connect from my lan or from another local

grep push /etc/openvpn/host-to-net.conf

push "dhcp-option DOMAIN home"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option WINS 208.67.222.222"
push "dhcp-option NBDD 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option WINS 208.67.220.220"
push "dhcp-option NBDD 208.67.220.220"
push "dhcp-option NBT 2"
push “route 192.168.1.0 255.255.255.0”

AbsyntH · April 11, 2015, 1:02pm

Can you ping ip like 8.8.8.8 ? What is the ip assigned by vpn server to your client?

vcc · April 11, 2015, 1:39pm

yes, I can ping 8.8.8.8

But I can only connect to the server. I can’t connect to internet or to another box in my lan

vcc · April 12, 2015, 11:31am

@filippo_carletti

Today I reinstaled the Nethserver.

Now when I’m outside my network everithing works fine.
When I connect from my network I have the same problem. I can connect onlly to the Nethserver and can not connect to any other box.
I can ping 8.8.8.8

AbsyntH · April 12, 2015, 12:02pm

You and nethserver are on the same network? Or you have the same ip class (ex. 192.168.1.* ) of nethserver?

vcc · April 12, 2015, 4:18pm

I have the problem when the Nethserver is in the same network. In my case 192.168.1.0/24
If I’m in another network works well.

The OpenVPN is 172.16.32.0/24

AbsyntH · April 12, 2015, 5:17pm

This because yuo can’t have a vpn server on the same ip network of the clients

vcc · April 12, 2015, 5:46pm

Yes, the settings are correct.

AbsyntH · April 12, 2015, 5:52pm

vpn server and vpn clients MUST be on different subnets ex server on 192.168.1.0 and clients on 10.0.0.0

vcc · April 14, 2015, 11:42am

Yes, I know and they are.

I think the problem is related with the bug you talked about and the OpenVPN server needs to be more configurable.
Sorry for my bad english.

I’m don’t have technical knowledge but I can help with tests or some any information you need to solve the issues

vcc · April 26, 2015, 2:23pm

@filippo_carletti

Hi Filippo
I tried with an external dns (208.67.222.222) and internal IP from my router (192.168.1.1) configured in the NethServer.
In the 2 modes I have the same result I can only connect to the NethServer, I can not connect to the internet or another box from my home network (SSH).

Can you tell me how to force a dns address in the client?
I am using the official OpenVPN comunity client

AbsyntH · April 26, 2015, 3:32pm

Should you past here : ip of nethserver, ip of your pc before you start openvpn client and the ip of the vpn network

vcc · April 26, 2015, 4:25pm

NethServer ip: 192.168.1.254
NethServer dns: 192.168.1.1
My pc: 192.168.43.34 (external network)
OpenVPN client: 172.16.32.6
OpenVPN network: 172.16.32.0