I am going nuts (OpenVPN DN issues)

  1. paulfred

    I am going nuts... (OpenVPN DNS issues)

    Hello everyone,

    I have to admit that I am not the absolute Linux, FreeBSB nor CLI guru - working more that 15 years as a "mouse punisher" on Windows GUI only did leave their mark's. So - please excuse if I ask "stupid" questions and do not understand exactly everything firsthand.

    Second - I have tried to search a solution here for my issue within this forum. Either I am to blind or to whatever; I did not find the right answer for me.

    My situation:

    I am running a pfSense 1.3 in my office and love this firewall. IHMO I have not seen such a good firewall - even paid solutions are... but that's my issue.

    I need to connect more than one WRT54GL with latest Tomato build as OpenVPN Client to my network.

    The tunnel itself works fine; connecting with a laptop and OpenVPN GUI works like a charm and I able to reach servers and shares easilly, ping(ing) works fine. But... when I try to the same with one WRT54GL with latest Tomato build, I can connect, DNS fails completly, I am able to reach servers by IP only - which is "okay". Working with edited hosts file could be an option... but not my choice.

    My settings on my WRT54GL as "Client 1":

    Start with WAN: on
    Interface Type: TUN
    Protocol: UDP
    Server Addess/Port: myserver.tld 1194
    Firewall: Automatic
    Auth: TLS
    HMAC: Disabled
    Create NAT on Tunnel: on
    - - -
    Poll Int.: 0
    Redirect Traffic: off
    Accept DNS: Relaxed
    Encryption cipher: Adaptive
    TLS Renegotiation Time: -1
    Connection retry: 30
    Custom Configuration: none
    - - -
    Filled with my keys, I have created

    So basically - the tunnel is up and running.... but I do have this DNS and probably Firewall issues.

    Any hint or tip is very much appreciated. Thank you in advance for your reply and have a good day.

    Regards from Germany,
  2. SgtPepperKSU

    Try changing "Accept DNS" to "Strict".
  3. paulfred

    Halfway through...

    Hello SgtPepperKSU,

    thank you for your tip. I have tried to set my box the way you suggested. But it did not 100% the trick. But....

    ...after struggeling a few weeks now, today I did again some extensive Google research and found a post, saying WINS would be vital to run connections with/for non Windows Clients. So I gave this one a try, enabled WINS on my SBS2008 Box and added this information to my OVPN Tunnel in pfSense - et voila, it works :)

    Anyway - I still have one minor issue.

    From my connected client I am able to ping all clients / servers on my network. Vice versa - from my network to the client - it fails.

    What do I need to set to get this working with Tomato / WRT54GL?

  4. SgtPepperKSU

  5. paulfred

  6. SgtPepperKSU

    What IP address are you trying to use to ping the client? If you're using the client's local LAN IP (instead of the VPN IP) have you set up the client-specific options for that?
