1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server to client DNS on site-to-site VPN?

Discussion in 'Tomato Firmware' started by gfunkdave, May 8, 2012.

  1. gfunkdave

    gfunkdave LI Guru Member

    I've got a site to site VPN working mostly fine between two Tomato routers using OpenVPN. From the client to the server, I have full connectivity and DNS lookup. From the server to the client, I can ping anything on the client LAN but DNS lookups time out.

    I've tried doing the following:

    1. adding a line to DNSMasq's configuration on the server router of server=/clientsuffix/192.168.2.1

    2. adding a line to DNSMasq's configuration on the client router of no-dhcp-interface=tun11

    3. I've unchecked the "Prevent DNS rebind attacks" on both client and server

    But still, DNS lookups time out, either when I do a nslookup device.clientsuffix or a nslookup device.clientsuffix 192.168.2.1.

    Can someone help me figure out what's going on?

    Thanks!
     
  2. waeking

    waeking Networkin' Nut Member

    add interface=br0,tun11 to the dnsmasq
     
  3. gfunkdave

    gfunkdave LI Guru Member

    Yes!! Thank you!

    Actually, it was just tun11 that was required. br0 is already specified in the defaults...I think I saw it in dnsmasq.conf.

    I had had no-dhcp-interface=tun11, but apparently that doesn't work. Changing it to simply interface=tun11 did the trick.

    Thanks again!
     
  4. waeking

    waeking Networkin' Nut Member

    you still need no-dhcp-interface=tun11
     
  5. gfunkdave

    gfunkdave LI Guru Member

    Ahh, got it. I thought you needed one or the other. You need to do interface to let DNSMasq know to listen on the interface, and no-dhcp-interface to keep it from acting as a DHCP server on that interface. Thanks!
     

Share This Page