Server to client DNS on site-to-site VPN?

Discussion in 'Tomato Firmware' started by gfunkdave, May 8, 2012.

  1. gfunkdave

    gfunkdave LI Guru Member

    I've got a site to site VPN working mostly fine between two Tomato routers using OpenVPN. From the client to the server, I have full connectivity and DNS lookup. From the server to the client, I can ping anything on the client LAN but DNS lookups time out.

    I've tried doing the following:

    1. adding a line to DNSMasq's configuration on the server router of server=/clientsuffix/192.168.2.1

    2. adding a line to DNSMasq's configuration on the client router of no-dhcp-interface=tun11

    3. I've unchecked the "Prevent DNS rebind attacks" on both client and server

    But still, DNS lookups time out, either when I do a nslookup device.clientsuffix or a nslookup device.clientsuffix 192.168.2.1.

    Can someone help me figure out what's going on?

    Thanks!
     
  2. waeking

    waeking Addicted to LI Member

    add interface=br0,tun11 to the dnsmasq
     
  3. gfunkdave

    gfunkdave LI Guru Member

    Yes!! Thank you!

    Actually, it was just tun11 that was required. br0 is already specified in the defaults...I think I saw it in dnsmasq.conf.

    I had had no-dhcp-interface=tun11, but apparently that doesn't work. Changing it to simply interface=tun11 did the trick.

    Thanks again!
     
  4. waeking

    waeking Addicted to LI Member

    you still need no-dhcp-interface=tun11
     
  5. gfunkdave

    gfunkdave LI Guru Member

    Ahh, got it. I thought you needed one or the other. You need to do interface to let DNSMasq know to listen on the interface, and no-dhcp-interface to keep it from acting as a DHCP server on that interface. Thanks!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice