Hi I'm using openconnect on OpenWRT installed on raspberrypi3 b. I have a lan interface, wan interface and anyconnect interface.
I have defined in the firewall general setting to forward lan traffic to openconnect :
I have have various DNS servers on the lan interface such as 1.1.1.1 and 8.8.8.8 and 9.9.9.9
But unfortunately I cannot open webpages using their name, apparently dns server is not working at all!
In firewall you allow or deny traffic, you don't forward traffic. For that we need to see: uci export network; uci export dhcp; ip -4 addr; ip -4 ru; ip -4 ro
That is wrong, you should assign the nameservers under the interface that the router can reach them, in your case wan or anyconnect.
Thanks for your reply,
the output of uci export network; uci export dhcp; ip -4 addr; ip -4 ru; ip -4 ro:
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.3.1'
list dns '8.8.8.8'
list dns '8.8.4.4'
list dns '1.1.1.1'
list dns '9.9.9.9'
option delegate '0'
config interface 'WAN'
option proto 'dhcp'
option ifname 'eth0'
option type 'bridge'
config interface 'oc'
option proto 'openconnect'
option password '*****'
option serverhash '******'
option password2 '*****'
option username '*****'
option server '*****'
option delegate '0'
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option rebind_protection '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: br-WAN: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.39/24 brd 192.168.1.255 scope global br-WAN
valid_lft forever preferred_lft forever
12: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan
valid_lft forever preferred_lft forever
13: vpn-oc: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1434 qdisc fq_codel state UNKNOWN qlen 500
inet 192.168.11.33/32 brd 255.255.255.255 scope global vpn-oc
valid_lft forever preferred_lft forever
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
default dev vpn-oc scope link
91.134.112.240 via 192.168.1.1 dev br-WAN
192.168.1.0/24 dev br-WAN scope link src 192.168.1.39
192.168.3.0/24 dev br-lan scope link src 192.168.3.1
192.168.8.0/21 dev vpn-oc scope link
And I don't see any option to add dns servers in anyconnect. But I believe openconnect server is pushing its dns servers because this is what I see in the logs:
Sun Apr 5 17:29:07 2020 daemon.info dnsmasq[6365]: using nameserver 8.8.8.8#53
Sun Apr 5 17:29:07 2020 daemon.info dnsmasq[6365]: using nameserver 8.8.4.4#53
99% of the cases I see br-wan interface, is something wrong. Tell us about the bridges you have in lan and wan interfaces.
All the traffic goes through the openconnect.
Don't forget to remove the dns from the lan interface. Assign them to wan if openconnect doesn't take dns options.
This is dnsmasq log, not openconnect. It is mentioning the nameservers it is using and it seems ok judging by what you have configured.
Post also the following to make sure everything else is correct: ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*