[SOLVED] Strange openVPN behaviour! DNS configuration problem.

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

[SOLVED] Strange openVPN behaviour! DNS configuration problem.

Post by eddie3000 »

Ok, I am not an expert at all in networking, so here is my problem.

I have setup an openvpn server on a pc at home using pivpn. I can connect to it from my laptop using my phone's internet connection perfectly: browse the internet, see my home network, ssh into other devices on my local network, ...all seems ok.

At work we have another internet connection, a super fast optic fiber. But when I use this connection instead of my phone's I can only access my local network at home but not browse the internet. I think it's weird. I can ping 8.8.8.8 from terminal but I cannot open www.google.com from the internet browser.

Is this behaviour normal? If it is, is there anything I can do so that openvpn works on any internet connection I have access to?

Thanks.
Last edited by eddie3000 on Thu Jan 16, 2020 9:51 am, edited 4 times in total.

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by rene »

You likely need a line push "dhcp-option DNS v.w.x.y in /etc/openvpn/server.conf in which that address is a DNS server reachable from the private network.

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

OOPS! I messed it up. Trying to do something else I remotely rebooted the VPN machine and I can't access anything at all :roll: :roll: I can't even ssh into it either. I'll have to get home and see what I did, and get it going again. :lol: :lol: :lol:

I will definitely read about that push option and try it out, but not until tomorrow unfortunately.

Thanks Rene for your help.

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

I managed to ssh into my vpn server, and I added your line to the config file and no. It didn't work.

But googling your solution produced an interesting thread that very much looks like what is happening to me:

https://forums.openvpn.net/viewtopic.php?t=28008

I might be able to solve this problem, but it's not going to be easy for me given my limited knowledge.

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by rene »

If it doesn't Just Work, it seems the important question would be what the office client computer is running. Linux? Windows?

[EDIT] Oh, and by the way, I see I missed a closing quote in the above. Also, did you try with say 8.8.8.8?

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by rene »

OK, and since I have to be off in a bit, in order to perhaps save a bit of time, be suspicious of something blocking DNS traffic to anything but the corporate DNS at work. If Windows, perhaps just in the form of some private firewall or anti-malware stuff...

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

Thanks for your interest.

We have multiple netwotks where I am. The fiber connection I am using is just a plain internet access, like the ones at home. A fiber, an OTG and a router. I connect using wifi.

The vpn connection works because I can access my home devices using their local ip addresses. My public ip shows to be the same as my home router's public ip. It's just that I can't browse the internet with firefox, nor chromium, as if I were at home.

When I use my phone's hotspot wifi it all works.

Tomorrow I will reconfigure the vpn using the fiber at work from scratch. I suspect it will work perfectly, and stop working using my phone's internet connection.

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

Couldn't wait.

I quickly reconfigured from scratch connecting via ssh using the optical fiber internet access. The behaviour is just the same as before and it didn't work as it should. And it does on my phone's hotspot. I am now borrowing someone else's mobile internet connection and it's working as it should. I should try and find other optical fiber internet connections and try and see. I still don't understand what's going on. :?

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

To summarize symptoms:

When I connect to my vpn server using my mobile internet connection I can access my home network, shares, printers, etcetera. And I can browse the web. And ping 8.8.8.8 too.

Using optical fiber internet access without vpn, seems to be a plain internet connection through a router. When I connect to my vpn server, I can access my home network, shares, printers, etcetera. And ping 8.8.8.8. But not browse the web with a web browser.

Tomorrow might be an interesting day.

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by rene »

eddie3000 wrote:
Tue Jan 14, 2020 3:48 pm
I still don't understand what's going on. :?
What is going on is simply the DNS-server not being set (right) on the client; it has nothing to do with "optical fiber" or any other sort of hardware characteristic. You have however still not answered what the client system is so I can't tell you how to verify.

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

Sorry! One has to be pinpoint specific.

The host vpn server is an raspberry pi, at home.

The client is my laptop running linux mint 19.3, of course.

On the client computer I generally use my phone's hotspot wifi to access the web. When I have a faster internet connection available, like I do at work, I sometimes switch to that other one. The ISPs are different.

In my previous tests, using the connection at work (movistar is the ISP) the openVPN DNS-server setting is not functioning correctly, as you pointed out.
In another test, using another android mobile phone's hotspot, also with movistar being the ISP, the DNS issue dissapears (probably using google dns).
Using my own hotspot on my phone, with a different ISP, not movistar, everything also seems to work fine(probably using google dns too).

Could it be that when I connect to my works wifi with dhcp provides me with movistar dns and this dns configuration remains the same when I connect to my VPN server and it is my home ISP, different from movistar, the one that filters out the dns provided to me at my work wifi? If so, shouldn't the push dns options solve that?

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by rene »

Ah, yes, that does make sense, given that Linux Mint would not otherwise seem involved. Yes, it seems that the introduction of systemd-resolved broke that as well (I don't use systemd-resolved), i.e., https://askubuntu.com/questions/1032476 ... to-openvpn

The second answer there looks most relevant, the one with the 1, 2, 3 guide. Note interaction with the previously mentioned "push" command in the server config; if you changed something there you may also need to restore that. The fourth solution goes through NetworkManager...

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: I do not understand the strange behaviour openVPN is giving me!

Post by eddie3000 »

I have found a solution that works.

Disabling the automatic dns configuration for the wifi network at work using the network manager on the client. I then add 8.8.8.8, or whatever dns I want, and voilá. The dns change doesn't affect web browsing from work either when not using the vpn connection.

What I think is happening is that the dns server belonging to movistar are only for movistar clients. My ISP at home is not movistar. So openVPN was just being transparent.

I suppose I can consider this SOLVED. Maybe it's not very elegant, but it's just for me. I'm ok with that.

Thanks Rene once again for you generous help and interest.

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: [SOLVED] I do not understand the strange behaviour openVPN is giving me! DNS configuration problem.

Post by rene »

If that's good enough, that's good enough. You can/could probably easily check what exactly was happening by comparing /etc/resolv.conf before and after connecting to the VPN, but that was before you hardcoded a DNS server. If Google's DNS works for you, all fine.

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: [SOLVED] I do not understand the strange behaviour openVPN is giving me! DNS configuration problem.

Post by eddie3000 »

/etc/resolv.conf BEFORE changing network manager's DNS settings, with or without active openvpn connection:

Code: Select all

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search Home

/etc/resolv.conf AFTER changing network manager's DNS settings to DNS 8.8.8.8, with or without active openvpn connection:

Code: Select all

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

The only difference is the last line.

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: [SOLVED] Strange openVPN behaviour! DNS configuration problem.

Post by rene »

Yes, you are using systemd-resolved in which case certainly NetworkManager adds newly discovered DNS servers via DBus; supposedly also openvpm after installing the mentioned openvpn-systemd-resolved --- but I'm afraid I'm not going to test/try it further; I removed systemd-resolved locally due to being very, very tired of debugging the multitude of regressions the pice of shiet introduced, so, pardon, but if 8.8.8.8 is good enough for you, it's good enough, period :)

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: [SOLVED] Strange openVPN behaviour! DNS configuration problem.

Post by eddie3000 »

Thank you for your expert opinion.

rene
Level 14
Level 14
Posts: 5130
Joined: Sun Mar 27, 2016 6:58 pm

Re: [SOLVED] Strange openVPN behaviour! DNS configuration problem.

Post by rene »

In which I'll explicitly note for future reviewers of this thread that said "expert opinion" then largely consists of "if systemd-resolved turns out involved, run away like hell" :-)

eddie3000
Level 3
Level 3
Posts: 112
Joined: Mon Jun 24, 2013 2:11 pm

Re: [SOLVED] Strange openVPN behaviour! DNS configuration problem.

Post by eddie3000 »

:lol: :lol: :lol: :lol: :lol: :lol:

Post Reply

Return to “Other networking topics”