Results 1 to 6 of 6
I have a subscription to a remote secure proxy server service. It uses openvpn to establish the tunnel. I can connect to the VPN, but once I do I can't ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-19-2012 #1
DNS resolution(?) and OpenVPN issues.
I can connect to the VPN, but once I do I can't acess the web. At first I thought it was DNS resolution, but I just tested a direct IP connection and can't connect to the web that way either.
I have my system setup to not resolve DNS locally by commenting out DNS-dnsmasq in /etc/NetworkManager/NetworkManager.conf and have my router set to use OpenDNS to resolve names.
I've tried turning off name resolution in the router.
I've tried turning dnsmasq back on to no effect.
I've checked portsentry and the only DNS setting it contains is to enable a reverse look up on an attacking host.
I've created an IP Tables allow rule with “sudo ufw allow openvpn”.
I've manually set the vpn in the GUI to resolve only vpn address automatically and to use OpenDNS's static IPs to resolve DNS.
I've tried turning ArpON off.
Torrents, wlan, lan, ftp and samba all work fine.
dns-nameservers 18.104.22.168 22.214.171.124
dns-search 126.96.36.199 188.8.131.52
dns-domain 184.108.40.206 220.127.116.11
to /etc/network/interfaces under primary network interfaces.
I edited resolv so that OpenDNS's addresses are listed as nameservers in /etc/resolv.conf
I prepended OpenDNS's addresses in /etc/dhcp/dhclient.conf
I've restarted both the networking service and the network manager with every change I've tried.
I've tried un/re-installing the client
I've tried dozens of combinations of the above. And probably more stuff that I can't remember right now.
But nothing has worked.
One odd note: I couldn't get my DNS addresses to change from my router to OpenDNS for my current wlan connection until I manually edited the properties of the connection in the GUI.
I've been at this for 6 hours, my brain is fried and I'm out of ideas.
Can anybody suggest something I haven't looked at yet?
- 12-20-2012 #2
You are going to have to tell your system how it is to resolve names and this is done through resolv.conf. My question is are you using a static IP or dhcp? This will define where you have to set this up. If you are using static then you need to configure resolv.conf to point to a dns server. If you are using dhcp then you are going to have to configure the dhcp server to tell your system what dns server to use.
- 12-20-2012 #3
I'm using DHCP. But (I guess?) I need to set static DNS on my systems as a whole to get the VPN to work. I'm not even sure that will fix the issue since I can't resolve an IP address from the address bar. But the forums for the service said it's a DNS issue and has to be set up manually. I have followed the tutorial on the web site and set the static DNS addresses in the GUI for the VPN connection and that didn't work either. I'm still out of ideas. I've followed several tutorials from around the web for changing various DNS settings in various ways and none have made any difference. If you can point me in the right direction I would greatly appreciate it.
- 12-21-2012 #4
If you are using DHCP then DHCP will over write the resolv.conf file. You need to setup your DHCP server to give out the DNS server that you should be using. My question is where are you getting your DHCP from? A router/switch like linksys or a servers on your network?
If it is a router/switch like Linksys then on the main page there should be a setup for DHCP server and there you should see a place to enter the DNS server ip addresses.
If it is a server on the network then you need to check it's config to ensure that DNS servers are configured.
- 12-23-2012 #5
OK, I've reverted everything back the way I originally had it set up.
My laptop does not resolve DNS locally. My router resolves DNS. And I have the router set up to assign dynamic addresses to everything on the network, but to use static OpenDNS addresses to resolve DNS.
My wireless connection automatically selects the routers IP address to resolve DNS when I connect. I supposed I could go in to the GUI and set the VPN connection to use 192.168.1.1 manually to resolve DNS. (About the only thing I haven't tried yet.) But that would pretty much negate the whole point of pay for a subscription to a remote secure proxy.
We travel a lot and crap happens. I can't count the number of times something has gone wrong on a trip and we had to stop at a McD's or a coffee shop or laudromat and book a hotel room or see if there was enough cash in the bank to pay for new engine, or whatever. I'd like for some script kidde with a sniffer to not be able to side jack my session and suck my accounts dry. And I'm pretty sure that trying to use my router to resolve DNS from some McD's 1500 miles away ain't gonna work.
The program for the VPN / proxy service is automagical on doze. But traveling with doze is like playing russian roulette. I can't coun't how many public nodes I've run it to over the years with a worm in them. I figure traveling with a secure *nix install will help keep the worms out. But you can still get sidejacked running *nix.
The service is supposed to work on *nix too. I followed all the directions at the web site to get it working on *nix with no luck.
Supposedly, all I have to do is go in to the network manager GUI and set static DNS addresses on a per connection basis for the VPN and everything is supposed work. It didn't and I've done a lot of googling and haven't really run in to anything I haven't tried yet.
I can connect to the proxy server. But I can't go anywhere on the web after I do. Their forums say that's a DNS issue. But I think it's something else because even when I put an IP address in firefox's I can't go anywhere.
Next thing I'll try is setting the VPN as FF's proxy?
And manually pointing the VPN connection at the router for DNS resolution in the network manager GUI didn't work either, I just tried it.
- 12-23-2012 #6
Thanks for the attempt at the help. But it turns out that there is a mistake in the tutorial at the web site of the service. I found it through trial and error. They tell you to turn on a setting in the GUI which will prevent the connection from working.