Community discussions

MikroTik App
 
cvdv
just joined
Topic Author
Posts: 3
Joined: Thu Sep 28, 2017 1:22 pm

openvpn server issue clients do not have dns resolution

Thu Sep 28, 2017 1:41 pm

I configured openvpn server om my mikrotik cloud router switch using https://www.medo64.com/2016/12/simple-o ... -mikrotik/
it worked fine as it s very simple to do.
I have my mikrotik being my ISP route and i forwarded (or NATTED) my openvpn port from the ISP router to the local address of the mikrotik

i can connect fine from windows 10 and from android 4.4.2 client fine, but i have no dns resolution
i can connect to websites using ip addresses though and i see in the mikrotik log and in the ppp connections that the openvpn connection is succesfull

i am not sure if this is a mikrotik issue, but i do not find any doc on how to configure dns settings on mikrotik for openvpn server
question is : do i need to specify anything in the dns server of the ppp profile that is used for the openvpn
all blogs assume that mikrotik will also be a DNS server
in my case my ISP provided dyamic dns server to my mikrotik and my devices connected to the mikrotik have dns resolution working fine

in the ppp openvpn profile i have tried setting nothing, setting google's dns, setting my fixed source openvpn ip address (128.169.7.1) but it does no do anyhting for my clients

i also tried adding properties in the client.ovpn file like these ones, but it did not help either:
setprop net.dns1 192.168.7.1
# dhcp-option DNS 192.168.7.1
# setprop net.dns1 8.8.8.8
# setprop net.dns2 8.8.4.4

do i need an extra firewall rule to let DNS pass ? i guess not

PS i have also setup a pptp vpn server on the mikrotik but my clients cannot connect, there is a tcp connection estabished but the mikrotik breaks the connection attempt after some time
or thereis a timeout of some kind

it looks like i am missing something basic here

chris
 
cvdv
just joined
Topic Author
Posts: 3
Joined: Thu Sep 28, 2017 1:22 pm

Re: openvpn server issue clients do not have dns resolution

Fri Sep 29, 2017 10:04 am

solved it myself
it was a mikrotik issue not a client issue and not a dns issue
i hwas missing a firewall srcnat rule tht masquerades the 192.168.7.0/24 network to the outward interface

someone shoudl mention this in the many blogs on hwo to setup ovpn server

nothinh to do with many suggestions to add manually dns client settings in the ovpn config file

now looking why pptp server does not work,
i have seen that others have the same issue but a solution was never proposed, it must be an mikrotik issue or bug becase my android, linux and windows clients
are working well with other pptp servers

here are the errors from the log
rcvd Call-Clear-Request from XX.XX.XX.XX
<188>: LCP lowerdown
<188>: LCP down event in starting state

i disabled all firewall objects and put my mikrotik in the dmz, nothing changed

i see that there are many tcp connections on port 1723, bu there is never a GRE packet received, something is blocking GRE
and it is not my ISP, strange
 
badinka22
just joined
Posts: 1
Joined: Sun Feb 05, 2023 12:13 am

Re: openvpn server issue clients do not have dns resolution

Sun Feb 05, 2023 12:43 am

Hello. I have similar problem too.
I had subnet 192.168.90.0/24 for mikrotik clients.
GW - Mikrotik adress - 192.168.90.1.
VPN profile on mikrotik configured for dns servers 1.1.1.1 and 1.0.0.1.
Client config:
<some standard options>...
.
.
route 192.168.90.0 255.255.255.0
route 192.168.90.0 255.255.255.0

This config say, that default GW after connecting is local GW of internet connection remote client Hardware.
OpenVPN client allways use remote VPN gateway to contact DNS resolver server. But, if you dont setup on openvpn CLIENT config file the routing of DNS resolver, local machine can not connect to these dns resolvers.
So there are two possibilities.
1. VPN profile on mikrotik set to use mikrotik VPN gw address as DNS resolver. In this example 192.168.90.1
2. on client config set route to these resolvers too if you want to use like in this example 1.1.1.1 etc.:
route 1.1.1.1
route 1.0.0.1

Who is online

Users browsing this forum: arm920t, Bing [Bot], ccrsxx and 55 guests