search

mdnsfr / docker-rancher-openvpn

OpenVPN Server with optionnal Rancher specific abilities, with multiple authentication backends
58 stars 32 forks source link

DNS not working under macOS Sierra #10

Open AlexTawse opened 7 years ago

AlexTawse commented 7 years ago

Our present VPN configuration works just fine with Tunnelblick, except for users of macOS Sierra.

It appears that the Rancher DNS nameserver IP address - 169.254.169.250 - is routed differently in Sierra. Instead of traffic to this IP correctly sending over the VPN to the Rancher DNS service, this self-assigned IP fails to send traffic anywhere.

The workaround I am experimenting with is to add the push "redirect-gateway def1" directive to the server config to forcibly route all traffic over the VPN.

I thought it worth raising the issue here as it would be really great if this image was able to support macOS Sierra users using Tunnelblick as a VPN client without any additional configuration.

maZahaca commented 7 years ago

I have the same issue, did you find any solution how to fix it?

maZahaca commented 7 years ago

For me actually worked following: I've replaced a line in entry.sh

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 169.254.169.250"

That helped with a internet access, but I'm still having issue about search option, so I cannot resolve internal rancher domains :(

From Tunnelblick's log:

WARNING: 'foreign_option_4' = 'dhcp-option SEARCH rancher.internal' ignored
Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 169.254.169.250 ], search domain(s) [  ] and SMB server(s) [  ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '192.168.10.1' to '8.8.8.8 8.8.4.4 169.254.169.250'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
maZahaca commented 7 years ago

Fixed in #11

maZahaca commented 7 years ago

About this SEARCH options also fixed by adding the line:

push "dhcp-option DOMAIN rancher.internal"

@AlexisDucastel What do you think about adding this as well to the default config? After that fixes my resolv.conf:

search rancher.internal
nameserver 169.254.169.250
nameserver 8.8.8.8
nameserver 8.8.4.4