How to forward DNS requests through OpenVPN?

E

ESP2014-10-17 17:23:58

Domain Name System

ESP, 2014-10-17 17:23:58

I wanted to play a little with one free VPN.
Armed with the OpenVPN distribution. Installed without pads. The TAP interface has appeared.
In route -print, the corresponding paths with priorities to the VPN interface appeared.
192.168.1.1 - router with dhcp (distributes ip and google dns.
192.168.1.33 - client
10.15.0.81 - dhcp in vpn network
10.15.0.82 - vpn interface

IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес           Маска сети      Адрес шлюза       Интерфейс  Метрика
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.33     40
          0.0.0.0        128.0.0.0       10.15.0.81       10.15.0.82      1
     5.254.100.70  255.255.255.255      192.168.1.1     192.168.1.33     20
        10.15.0.1  255.255.255.255       10.15.0.81       10.15.0.82      1
       10.15.0.80  255.255.255.252         On-link        10.15.0.82    257
       10.15.0.82  255.255.255.255         On-link        10.15.0.82    257
       10.15.0.83  255.255.255.255         On-link        10.15.0.82    257
         25.0.0.0        255.0.0.0         On-link       25.182.81.1   9256
      25.182.81.1  255.255.255.255         On-link       25.182.81.1   9256
   25.255.255.255  255.255.255.255         On-link       25.182.81.1   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0       10.15.0.81       10.15.0.82      1
      192.168.1.0    255.255.255.0         On-link      192.168.1.33    276
     192.168.1.33  255.255.255.255         On-link      192.168.1.33    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.33    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.33    276
        224.0.0.0        240.0.0.0         On-link       25.182.81.1   9256
        224.0.0.0        240.0.0.0         On-link        10.15.0.82    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.33    276
  255.255.255.255  255.255.255.255         On-link       25.182.81.1   9256
  255.255.255.255  255.255.255.255         On-link        10.15.0.82    257

Connects successfully.
Wireshark shows that all traffic is going through the VPN server.
What is not sent to the VPN server is DNS queries. For some reason, they are sent through the router (the only traffic to the outside world that runs around the VPN).
Tried to manually set the DNS server in the VPN settings. Everything is the same.
Wool Google-requests official documentation, but did not find anything intelligible.
Could there be a reason that this VPN service blocks traffic on port 53 and therefore, without gaining access, the system accesses the next available path - that is, directly through the router and provider? Can this be checked somehow?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

ESP, 2014-10-17
@ESP

I managed to fix the hole with DNS queries myself using a crutch from DNSCrypt.
In the settings of the TAP interface, I prescribe a static DNS gateway 127.0.0.1;
I connect via OpenVPN without first editing routes (everything is by default in them);
After that, I launch the exe-shnik DNSCrypt ;
As a result, everything responds and opens. There is silence in the wireshark logs. Only one encrypted traffic runs.

I

Ivan, 2014-10-17
@LiguidCool

You can check whether the port is blocked by telnet to port 53.
Actually remove the DNS settings from the DHCP router and see what happens. In principle, you can generally route all traffic in the VPN.