OMV - OpenVPN AS "blocks" router DHCP messing up DNS

    • OMV 1.0
    • Resolved
    • OMV - OpenVPN AS "blocks" router DHCP messing up DNS

      Hello all,

      I have an issue with my OMV NAS similar with this Internet connection dies when OMV box is attached
      But the solution posted there is not an option for me. I have also searched for similar posts on the forum but couldn't find any.

      The details are:

      - 1 router connected directly to the ISP and some computers connected to it, both wireless and cable, including the NAS.

      - after a few minutes from the startup of the NAS system, the internet stops working on all the devices connected to the router via wireless, then after a few minutes it works again and so on. I've already tried restarting the router, NAS, PC etc. On cable it's stable.

      - issue: communication with router's DHCP gets blocked, and since the router's DHCP acts like DNS for the connected computers, the internet becomes unreacheable. Also, it means I cannot access the router's web interface for configuration. But what's even strange is that both DHCP and let's say google.com respond to ping even when I can't access the pages.

      - a workaround that I found for the internet access, is to manually set up the DNS for the connection to 8.8.8.8 or 8.8.4.4, but that still doesn't solve the fact that I can't access the router's web interface.

      - at first I thought it was related to the minidlna service because I stopped it and it appeared to be working, but apparently it was only a matter of timing, I stopped it when the loop was back on the "now it's working" time.

      - also I saw that the Transmission client is not able to connect to trakers - this is permanent, it's not having the working/not working loop.

      Any thoughts on this? Maybe a known issue? Please let me know if you need more details. Thanks!

      Regards

      The post was edited 4 times, last by orpheus ().

    • If you can ping the pages via hostname, the dns is reachable. Check if you can access the hosts via IP. If ping resolves hostnames to ip - for unknown hosts - you can be certain that it is not a dns problem.

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • Presuming your NAS, router, clients are in the same subnet, i would wireshark the traffic, when the NAS comes up.
      I would look at the following points:
      • ARP (Mapping IP adress to MAC adress) of your Gateway should not change
      • DHCP offers of your NAS (hope, your NAS does not act as a DHCP server)
      • Other strange traffic
    • Thanks for the suggestions guys!

      I finally have 2 days off work, so I will try to get to the bottom of this. I will try to use wireshark and see what I can find out, it will be a new challenge for me :)

      Here is what I managed to find out so far:

      - I am able to constantly ping the router's DHCP IP address, but when trying to access it via http it works but only intermittently (a couple of minutes it's reachable, a couple not) - no timeouts on ping - very strange

      - if I set the DNS servers (either 8.8.8.8 or 8.8.4.4) manually on the router or on the PC, the internet works without interruption, but only the router's settings page remains intermittently not accessible

      - somehow, the OMV box cannot access the internet intermittently, even if I manually set up the DNS servers - I did some apt-get update via ssh with putty and sometimes it worked, but sometimes it got errors like:
      Err security.debian.org wheezy/updates Release.gpg
      Something wicked happened resolving 'security.debian.org:http' (-5 - No address associated with hostname)


      I will keep you updated after trying wireshark and also removing some OMV plugins one by one. I suspect one of them, but not sure which :)

      =========================================================================================================

      Found the guilty bastard !!! It's the OpenVPN AS plugin - if the server is set to OSI layer 3 with NAT it somehow manages to create chaos on the router's hardware NAT. If I stop the server, or switch to layer 2, everything is working fine.

      What I found out with wireshark - a lot of -
      [TCP Spurious Retransmission] 52768→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1 when I couldn't connect via http to the router.

      I still don't understand why it happens intermittently - I guess it has something to do with the NAT refresh rate on the router, don't know exactly how NAT works.

      The post was edited 4 times, last by orpheus ().

    • You're right as always tekkb, my fault all the way :( thanks for opening my mind :thumbsup:

      I was keeping the router's default DHCP (192.168.0.x/24) and in the same time manually forcing the Open VPN AS to provide the same 192.168.0.x/24 for the clients, instead of just creating a link between the router's LAN IP pool and the VPN IP pool.

      In case others might experience similar issues, just read here: openvpn.net/index.php/open-sou…tation/howto.html#vpntype:

      The best solution is to avoid using 10.0.0.0/24 or 192.168.0.0/24 as private LAN network addresses. Instead, use something that has a lower probability of being used in a WiFi cafe, airport, or hotel where you might expect to connect from remotely. The best candidates are subnets in the middle of the vast 10.0.0.0/8 netblock (for example 10.66.77.0/24).

      The topic can be closed.