search

openwrt / packages

Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
GNU General Public License v2.0
3.94k stars 3.45k forks source link

openconnect: DNS resolution for VPN-only domains doesn't work #1975

Closed marcosscriven closed 8 years ago

marcosscriven commented 8 years ago

When one starts openconnect on OpenWRT, it duly adds DNS entries:

# Interface lan
nameserver 10.0.2.3
# Interface vpn
nameserver xxx.xxx.xxx.xxx <--- added when openconnect starts
nameserver xxx.xxx.xxx <--- added when openconnect starts
search mydomain.com <--- added when openconnect starts
# Interface wan
nameserver 192.168.1.1

However, unless I then manually remove the first lan DNS entry, hostnames on the VPN won't resolve.

Wondering if I'm missing a setting somewhere? My guess is dnsmasq is interfering with this somehow.

nmav commented 8 years ago

Hi incidentally I noticed the same issue. Try upgrading to the version of ocserv in master 0.10.9-4 as well as vpnc-script 20150116-3. There dns information will pass through if you set split_dns=1 to ocserv's config file or if you set default_domain to your domain name.

nmav commented 8 years ago

The issue is that dnsmasq treats the servers in resolv.conf as equal and can query any of them. Thus is you query myhost.lan and it goes through the externals dnsmasq will remember that this host doesn't exist. That is solved with split-dns information which will result to a special setting in dnsmasq which will tell it, that for .lan query this particular server.

nmav commented 8 years ago

It should work with the latest updates. Please reopen if not.