Answer the question
In order to leave comments, you need to log in
M
M
Max2016-07-16 17:28:02
Max, 2016-07-16 17:28:02
Ovpn client on Mikrotik. DNS request timed out before CD?
Hello. I have such a problem here ...
There is an office1. Mikrotik serves as a gateway there, dhcp and ovpn server are raised on it. There is a second office2 gateway, which also serves as a mikrotik on which a dhcp server and an Ovpn client are raised.
office1 network 192.168.0.0/24
office2 network 192.168.3.0/24
ovpn network 192.168.10.0/24
office1 gateway 192.168.0.1 office2
gateway 192.168.3.1
Traffic goes to both networks normally.
tracert from office2 to office1
pastebin.com/wDC6rtMa
tracert from office1 to office2
pastebin.com/B4Uhm9tZ
But clients behind a router in office2 with nslookup 192.168.0.28 have such a problem DNS request timed out (In office1 there is a CD with ip 192.168.0.28).
nslookup -d2 on CD from office2 client
pastebin.com/8p5KdaAc
Policies don't apply, etc.
ipconfig -all on office2 client
pastebin.com/Apnnywtq
Actually why is DNS request timed out? :pioneer:
add: nslookup from office1 to CD 192.168.0.28 - everything is ok. Politicians, etc. work.
2 answer(s)
@ifaustrue
@younghacker
The timeout can be because:
1) DNS does not listen to the required interface does not want to respond to someone else's subnet
2) There is no route
3) Firewall drops packets coming from the TUN interface
4) OpenVPN does not know anything about the fact that someone else's subnet is behind the TUN interface.
Sorry, but from your descriptions and copy-pastes it is impossible to understand where the ping and tracerout were performed. It's one thing if from the gate. Other if from the machine in another's subnet. Two big differences in terms of routing.
PS
I am very superficially familiar with Mikrotik's OpenVPN. Due to the fact that he was "castrated" there - I do not see the point. Just flash OpenWRT on good Mikrotik hardware and get the full functionality of OpenVPN. :)
PPS
Encryption tools, by definition, cannot be closed from analysis. Therefore, only OpenSource!
C
Cool Admin, 2016-07-16 @ifaustrue
Taxi, on cd case the firewall is not included? In the sense - turn it off and check the DNS.
If this does not help right away, then you need to look at the firewall settings on the gateways, routes, mangles, and so on.
Y
younghacker, 2016-07-16 @younghacker
It looks like the client from office2 is receiving a DNS push from office1.
DNS-серверы. . . . . . . . . . . : 192.168.0.28
8.8.4.4
192.168.3.1The timeout can be because:
1) DNS does not listen to the required interface does not want to respond to someone else's subnet
2) There is no route
3) Firewall drops packets coming from the TUN interface
4) OpenVPN does not know anything about the fact that someone else's subnet is behind the TUN interface.
Sorry, but from your descriptions and copy-pastes it is impossible to understand where the ping and tracerout were performed. It's one thing if from the gate. Other if from the machine in another's subnet. Two big differences in terms of routing.
PS
I am very superficially familiar with Mikrotik's OpenVPN. Due to the fact that he was "castrated" there - I do not see the point. Just flash OpenWRT on good Mikrotik hardware and get the full functionality of OpenVPN. :)
PPS
Encryption tools, by definition, cannot be closed from analysis. Therefore, only OpenSource!
Similar questions
I
R
A
N
H
hixr0k2020-11-09 20:56:32
Why is the local network not available when connected via WireGuard?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question