[SOLVED] OpenVPN Static Host resolve issue

sklerotraficon · April 14, 2020, 6:18pm

Hello Forum,
I set up my OpenVPN connection and it's working well so far.

Except:
I set up a static hostname to ip (myhostname.lan -> 192.168.x.y) assignment in Network->DHCP and DNS->Static Entries.

Only when connected via OpenVPN, the hostname is not resolved to the IP (the IP itself of course is working fine).

What could possibly be the reason for this?

Thank you for your assistance!

Andreas

psherman · April 14, 2020, 7:06pm

It is likely that the dns is being overridden from local to a dns server specified in the OpenVPN configuration (or pushed by the server).

sklerotraficon · April 14, 2020, 7:35pm

Indeed, the dns config is pushed in the openvpn config:

list push 'redirect-gateway def1'
list push 'block-outside-dns'
list push 'dhcp-option DNS [router_ip]'
list push 'route 192.168.[x].0 255.255.255.0'

and dnsmasq is configured:

option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option confdir '/tmp/dnsmasq.d'
option logqueries '1'
option localservice '1'

But how can the dns be configured correctly to resolve also local hostnames ?

Thanks for an insight!

trendy · April 14, 2020, 10:45pm

First of all if you want to configure a hostname you need to do it under Network/Hostnames and not as a static DHCP lease.
Post the following with VPN enabled:

uci export dhcp; ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.* ;\
nslookup myhostname.lan

Finally the 192.168.X.Y is private address space and you don't need to cover the octets for security.

sklerotraficon · April 14, 2020, 11:08pm

Hi trendy,

thanks for the hint on the config of the hostname, I already fixed that.

This is the output:

root@OpenWrt:~# uci export dhcp; ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0
/etc/resolv.* /tmp/resolv.* ;\
> nslookup myhostname.lan
package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option confdir '/tmp/dnsmasq.d'
        option logqueries '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config domain
        option name 'myhostname.lan'
        option ip '192.168.2.211'

lrwxrwxrwx    1 root     root            16 Feb 27 22:05 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Apr 15 00:58 /tmp/resolv.conf
-rw-r--r--    1 root     root           151 Apr 14 22:47 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver [nameserver_1_ipv4]
nameserver [nameserver_2_ipv4]
# Interface wan6
nameserver [nameserver_1_ipv6]
nameserver [nameserver_2_ipv6]
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      myhostname.lan
Address 1: 192.168.2.211
*** Can't find myhostname.lan: No answer

Note: replaced nameserver IPs and myhostname.lan

Thank your for taking a look at it!

trendy · April 14, 2020, 11:13pm

Works fine!

sklerotraficon · April 14, 2020, 11:16pm

Hi Trendy,
well the openvpn client (Android) cannot find myhostname.lan ... with the corresponding IP (192.168.2.211) this works just fine...so something is still not right.

trendy · April 14, 2020, 11:20pm

Either you are not pushing the DNS to the client or the client is not using this DNS to resolve the hostname.
Run a tcpdump to verify that:
tcpdump -i any -vvvn host 192.168.x.y and udp port 53
where 192.168.x.y the IP of the Android

sklerotraficon · April 14, 2020, 11:28pm

 10.8.0.6.44939 > 192.168.2.253.53: [udp sum ok] 29964+ A? myhostname.lan. (28)
 10.8.0.6.17888 > 192.168.2.253.53: [udp sum ok] 8160+ A? myhostname.lan. (28)
 10.8.0.6.1100 > 192.168.2.253.53: [udp sum ok] 49168+ A? myhostname.lan. (28)
 10.8.0.6.4515 > 192.168.2.253.53: [udp sum ok] 22233+ A? myhostname.lan. (28)
 10.8.0.6.15175 > 192.168.2.253.53: [udp sum ok] 64249+ A? myhostname.lan. (28)
 10.8.0.6.3345 > 192.168.2.253.53: [udp sum ok] 23876+ A? myhostname.lan. (28)

Note: Regular dns resolving on the Android work just fine, just the *.lan names are not resolved when connected with OpenVPN...

trendy · April 14, 2020, 11:33pm

You need to disable the localservice option in dns configuration to allow dnsmasq to respond to hosts outside of the server.

sklerotraficon · April 14, 2020, 11:35pm

Hi trendy,

so you mean the following change in /etc/config/dhcp:

config dnsmasq
...
option localservice '0'

sklerotraficon · April 14, 2020, 11:38pm

Hi trendy,

that was it!!!

Thank you very much!

trendy · April 14, 2020, 11:38pm

If the problem is solved, feel free to mark the topic accordingly.

system · April 24, 2020, 11:38pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.