Can't get Tomato to serve additional DNS server over VPN

Discussion in 'Tomato Firmware' started by Blatwurst, Sep 18, 2012.

  1. Blatwurst

    Blatwurst Serious Server Member


    I've got a really cool VPN setup working almost perfectly. I have two Tomato routers running, one at home, and one that I take with me when I travel. All I can't figure out is how to get the local Tomato router to include the remote router as a second DNS server in addition to the one it gets from the WAN, and it seems like a very straightforward thing to do, but it isn't working.

    The home router acts as my home network's DNS, re-serving my ISP's DNS server, and also providing local names via DHCP static entries; a pretty standard setup for a home network.

    Just before I went on vacation, I decided to try taking a second router with me and creating a bridge between the two routers. I used TAP, creating keys/certs for a CA and both routers. I setup up my home router as a VPN server. When I got to my vacation condo, I set up the second router as a TAP client using the CA cert and client cert and key. With just one little glitch, I got where I could get to all of my machines at home by IP address.

    One thing I'm not sure about is that I set it up so that the subnet at home and the subnet on the road are different. I see that it is possible to have the whole thing be one subnet by putting both routers on the same subnet in the basic setup. I didn't do that, so I have "server is on the same subnet" unchecked in the client VPN setup. That was the one glitch I had to figure out to get the VPN link going.

    So now I want to be able to take advantage of the DNS entries at home by having the local router query my home router as well as the condo ISP's DNS server when doing lookups. This isn't working though. All it seems I should have to do is two things, both of which I've done:
    1. Added my home router's address (on the home private subnet) to the Static DNS list on Tomato's Basic->Network screen.
    2. Enable the "Use received DNS with user-entered DNS" on Tomato's Advanced->DHCP/DNS screen.
    Alas, this isn't working. The machines on the condo subnet can't resolve any of the names on the home subnet. I know the remote DNS is working fine, because I can use "dig" against it specifically and it looks up names just fine.

    My home router is and my condo router is On any client at the condo, this works to resolve a name on my home network:

    dig @

    but this doesnt:

    dig @

    DHCP is serving up just at the condo, so all of the Internet stuff works via that router. But it doesn't seem to want to query my home router to look up names it doesn't find on the internet.

    What am I missing or doing wrong here? Is adding a DNS address to the Static DNS list a problem when that address is only valid because of a VPN connection? Any help would be appreciated.


  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice