search

bnhf / openvpn-admin-plus

Docker-based web interface (with golang backend) for monitoring and admin of an OpenVPN TAP/TUN server setup with PiVPN or other OpenVPN server installations. This project has been renamed from pivpn-tap-web-ui, to reflect its new broader scope.
MIT License
141 stars 23 forks source link

Remove the DNS1 and DNS2 input fields in the WebUI form #11

Closed karabelnikov closed 1 year ago

karabelnikov commented 1 year ago

Scott, I'll explain why this needs to be done! I ran into such an interesting problem. In OpenVPN Admin WebUI, you must specify the DNS addresses in the appropriate fields. DNS is directly linked to the Gateway option.

The bottom line is that if DNS addresses are specified in the config, but the default gateway is not specified, i.e. the OpenVPN server (this is necessary for only local resources to work in tun mode), then in the new OpenVPN Client Connect client, this causes a problem with the fact that the Internet stops working for the client! So OpenVPN Client Connect, when pushing DNS to the client, for some reason believes that the OpenVPN server is the gateway. At the same time, such a problem is not observed in the old classic OpenVPN GUI application. I personally came across this, and you can check it yourself. I had to remove the DNS fields in the file ovconfig.html and delete these parameters in the openvpn-server-config.tpl file

If it will be necessary to change the configuration and specify the Gateway and DNS addresses, then I use the Extra Server Options option, indicating there:

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

and it works, if you don't need it, then just comment it out. I believe that DNS fields cannot be mandatory in tun mode when the gateway is not used. This will cause the problem of losing the client's internet through the OpenVPN Clinet Connect application. This information can be specified in the Extra Server Options field. I spent a lot of time trying to understand and deal with this problem.

bnhf commented 1 year ago

@karabelnikov

You are quite right. There's also a related issue when someone wants to push a DNS server but only has one, rather than two. I'm thinking I'll keep the fields but make them more flexible. This can be done by putting the entire directive in the field, rather than just asking for the IP addresses, and showing them in comment form.

# push "dhcp-option DNS 8.8.8.8" and # push "dhcp-option DNS 8.8.4.4"

This way the database structure that contains the values for these directives remains as is, but for new users they would need to explicitly uncomment these items to have them take effect. And of course, doing the DNS entries this way would allow these fields to be used for anything. Comments, other push directives, or whatever directives could be put there -- or they could be left blank.

karabelnikov commented 1 year ago

Great! This is also a good option that you suggested. Another way, but the result is the same. I also agree with you that when you specify one server or do not specify it at all, standard values were prescribed in the config. The problem is solved.