Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OpenDNS?

Posted on 2011-09-21
10
Medium Priority
?
373 Views
Last Modified: 2012-05-12
Hi,

I was looking for a way to route only my Internettraffic via my openvpn-conneciton and stumbled upon opendns.

Can somebody explain me the practical goal/use of it? I 've read the explanation but don't get the full concept and how I could implement it correctly in my config.

Note: I'm working with a dyndns.

Thanks,
J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36572042
I'm not totally clear on what you are asking.  Do you want to route internet-bound traffic over one interface and internal-bound traffic over another?
0
 

Author Comment

by:janhoedt
ID: 36572168
Yes, that would be the goal indeed.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36572176
OK then this is not a DNS issue, but rather a routing issue.

Which OS?

paste the output of 'netstat -rn' from cmd.exe or command line.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:janhoedt
ID: 36572178
In openvpn you can specify a gateway, but then ALL my traffic is routed over openvpn.
I need to specify which traffic goes over openvpn and which not. Ideal situation would be I could specify:
-lan traffic not over vpn (I can see them in route print)
-internet traffic over vpn with an exception list I can manually edit (if possible)

I might need a proxy on my openvpn network (it's running on a Synology NAS)?
0
 

Author Comment

by:janhoedt
ID: 36572193
Goal is to have this as flexible as possible. Iow I would like to do this on openvpn-client, not on machine.

nestat -rn

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.101.161.254  10.101.161.129       1
     10.101.160.0    255.255.254.0   10.101.161.129  10.101.161.129       20
   10.101.161.129  255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255   10.101.161.129  10.101.161.129       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.1.0    255.255.255.0       172.16.1.5      172.16.1.6       1
       172.16.1.1  255.255.255.255       172.16.1.5      172.16.1.6       1
       172.16.1.4  255.255.255.252       172.16.1.6      172.16.1.6       30
       172.16.1.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   172.16.255.255  255.255.255.255       172.16.1.6      172.16.1.6       30
      192.168.1.0    255.255.255.0       172.16.1.5      172.16.1.6       1
        224.0.0.0        240.0.0.0   10.101.161.129  10.101.161.129       20
        224.0.0.0        240.0.0.0       172.16.1.6      172.16.1.6       30
  255.255.255.255  255.255.255.255   10.101.161.129  10.101.161.129       1
  255.255.255.255  255.255.255.255   10.101.161.129               2       1
  255.255.255.255  255.255.255.255       172.16.1.6      172.16.1.6       1
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36572408
Assuming your openvpn gateway is 10.101.161.254, correct?

What is probably happening is that in your server config you have something like
push "redirect-gateway def1"

Open in new window

which is going to set the default gateway of client machines to be the vpn gateway.

So, if you admin the server, remove that line.  If you are a client only, then set
route-nopull

Open in new window

in the client config and re-add all of the other routes that openvpn adds to your routing table.

Is this a personal VPN or something setup by your employer?  I ask because if this is a work vpn, they probably have a good reason for setting it up how they did.  I don't advocate changing settings if that is the case.
0
 

Author Comment

by:janhoedt
ID: 36572617
Hi,

Thanks for your input!
No, my vpn gateway is 172.16.1.6 (the openvpn server -Synology NAS-).
It's a personal vpn I'm testing with in order to set it up for a small company which has laptops which should be able to connect from anywhere over openvpn (3G, behind proxy etc).

I would like to be able to switch between settings: route all traffic through vpn or not, route specific routes or not, exceptions ...
So I could change the vpn-server, but would prefer to have flexibility on the client-side/make different profiles.

J.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36572713
To easily switch between routing fully over the vpn or not would probably be best handled by adding/removing "push "redirect-gateway def1"" in the server config.

From what I can see, the only thing that can be done client-side is to prevent routes from being pushed by the server, thus requiring all vpn routes that are normally added to be added manually.

I must say that I don't have direct experience with this situation, perhaps someone else can answer if client-specific profiles are an option, or verify if my answers are correct.
0
 

Author Comment

by:janhoedt
ID: 36572811
Settings server:
so if I remove the push routes, these will not be routed by my vpn anymore?

Note: there is no push redirect gateway. Traffic is not all over vpn, only my lan, think you understood that wrong. Would only like to set Internet-traffic over vpn.

SETTINGS VPN-SERVER:
------------------------
DS> vi openvpn.conf
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.1.0 255.255.255.0"
dev tun

management 127.0.0.1 1195

server 172.16.1.0 255.255.255.0


dh /usr/local/synovpn/etc/openvpn/keys/dh1024.pem
ca /usr/local/synovpn/etc/openvpn/keys/ca.crt
cert /usr/local/synovpn/etc/openvpn/keys/server.crt
key /usr/local/synovpn/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3


#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /usr/local/synovpn/lib/radiusplugin.so /usr/local/synovpn/etc/openvpn/rad
client-cert-not-required
username-as-common-name
duplicate-cn
proto tcp
~



auth-user-pass
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 36575857
Basically here is what needs to be done:

Setup static routes for all internal networks with a gateway of 10.101.161.254
Set the default gateway (0.0.0.0) to 172.16.1.6

You can try setting the default gateway in the server config by using redirect-gateway statement I posted.  I'm not sure about the "def1" at the end of it, but try it anyways and paste the modified routing table.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question