OpenVPN - push DNS

    • OMV 2.x
    • OpenVPN - push DNS

      Dear Developers,

      First of all, thank you for making OMV such a valuable and versatile platform with your plug-ins.

      In particular I have a question to OpenVPN: Do you think it would be possible to enable in the GUI the pushing of DNS-servers to the client, and also using ssh or other methods to hide the OpenVPN-traffic, by using checkboxes in the GUI?

      The reasoning behind my question: If one needs OpenVPN-access in countries where the internet is censored, then usually one needs also uncensored/unblocked DNS-servers, as well as might be needed to hide OpenVPN-traffic at all, like for China.

      I assume many people are interested in using OpenVPN while being noobs like me, and these features in the GUI could bring more liberty to noobs, too.

      Thank you for considering my request, and thank you for your very much appreciated work.

      Kind regards,
      Markus
    • Thank you for your quick reply tekkb.

      Sorry for not having expressed myself clearly enough.

      Regarding DNS-server:
      If I am using the OpenVPN-connection, it seems it is connecting to the server, but somehow seems to still use the local DNS-server. If I am mistaken, and the OpenVPN-server-DNS-entries are used, then of course this topic is resolved.

      Regarding VPN through SSH:
      Some countries who censor the internet also do deep-packet-inspection in order to determine if an OpenVPN-connection is established. If an OpenVPN-connection is detected, then the connection will be terminated. So it seems to help to add an additional layer around in order to complicate the identification of an OpenVPN-usage in the first place.
    • Thank you for your quick reply again.

      I just tried to re-produce it exactly as I did before, and see now to my surprise the correct Austrian DNS-servers. I am not sure how this is possible, because when I created the initial post, I have seen my Austrian server but the Algerian (where I am located at the moment) DNS-Servers when I tested it with F-secure (link below). I assume my question is resolved, but since I have no explication for this, I put below what I actually already prepared for replying to you when I executed in the background the f-secure-test and was surprised by the results. However, the network-manager still shows the local Algerian DNS-server as in use.

      I will also do some further testing, because I did not change anything during my first post and this one now.

      edit: I forgot to answer the question regarding CPU: It is an i3-2100, and memory I use 4 GB RAM.

      --

      Please find enclosed 3 screenshots:

      * One is the picture
      of OMV, with my public IP-address removed as requested, but it is correctly set in real life.

      * One is the system-view
      of the Ubuntu network manager, where you can see that it is using the local (Algerian) address, despite it is successfully connected to my server in Austria. When I do a „how is my ip-address“-request while using OpenVPN, I see my Austrian IP-address as well as the location 'Austria'.

      * The third screenshot,
      which brings [NOW: brought] me to the assumption that local DNS-servers are used despite a working OpenVPN-connection is from

      campaigns.f-secure.com/router-checker/

      where it displays [now: displayED] my Austrian server, but still reflects [now: reflected] to Algerian DNS-servers.
      Images
      • DNS-display_Ubuntu-Networkmanager_with_VPN-connection_established.png

        680.41 kB, 441×513, viewed 734 times
      • Result_of_F-secure.png

        70.71 kB, 984×788, viewed 765 times
      • Screenshot-OMV-OpenVPN_without_my_public-IP-address.png

        124.37 kB, 1,437×801, viewed 1,122 times
    • Not sure what is going on in the community version plugin. I see a drop down is missing from the old plugin that allowed you to choose "all network traffic" option which would force your browsing traffic to use DNS servers from server end of connection. In this version you may have to put something in extra options. I send pm to HK-47. I mostly use the OpenVPN-AS plugin which I created.
      Images
      • vpn network 1.jpg

        56.4 kB, 1,094×222, viewed 585 times
      • vpn network 2.jpg

        62.32 kB, 1,091×234, viewed 730 times

      The post was edited 1 time, last by tekkb ().

    • tekkb wrote:

      I send pm to HK-47.

      CC shadowzero since he is taking over maintaining this plugin.
      omv 5.2.3 usul | 64 bit | 5.3 proxmox kernel | omvextrasorg 5.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Tested with an RPi 2 and OpenVPN Connect app on a Galaxy android phone. It is pushing the browser traffic through the browser with the mobile chrome browser. With the default browser, that is called "Internet" that has a globe icon, it did not work. So this is a browser issue with the default browser. I would recommend using the Chrome mobile browser if you want your browser traffic to go through the VPN. We should have option not to push traffic through the VPN too.
    • Hello all,

      Just an update from my side. I am working on the community version of the openvpn plugin. I am including functions back into the plugin such as creating your own certificates. Redirect all traffic through the vpn. I plan to have the plugin updated and ready to use after stoneburner is released. If you have any questions on the current plugin release, please feel free to contact me.

      Thanks,

      ShadowZero
      ShadowZero -- OMV Fan since 0.3
    • I have tested the community version now. It seems HK-47 replaced the dropdown route field with a checkmark field labeled "default gateway" in the VPN Network section. So you still do have the option to push all network traffic, or not, through the browser. So no upgrades will be needed to resolve this issue. It was not clear as the label and field type changed. Now that I've used the plugin I see this.

      After enabling the plugin it did not work properly, the push through of all network traffic, til a reboot of the machine. So everyone should reboot once after enabling. If you make any changes to the server you should download the zip folder of client files again and replace them on the client machine.
      Images
      • vpnalltraffic.jpg

        53.89 kB, 1,040×178, viewed 726 times

      The post was edited 2 times, last by tekkb ().