OpenVPN - push DNS

1. offizieller Beitrag

    Dear Developers,


    First of all, thank you for making OMV such a valuable and versatile platform with your plug-ins.


    In particular I have a question to OpenVPN: Do you think it would be possible to enable in the GUI the pushing of DNS-servers to the client, and also using ssh or other methods to hide the OpenVPN-traffic, by using checkboxes in the GUI?


    The reasoning behind my question: If one needs OpenVPN-access in countries where the internet is censored, then usually one needs also uncensored/unblocked DNS-servers, as well as might be needed to hide OpenVPN-traffic at all, like for China.


    I assume many people are interested in using OpenVPN while being noobs like me, and these features in the GUI could bring more liberty to noobs, too.


    Thank you for considering my request, and thank you for your very much appreciated work.


    Kind regards,
    Markus

    Thank you for your quick reply tekkb.


    Sorry for not having expressed myself clearly enough.


    Regarding DNS-server:
    If I am using the OpenVPN-connection, it seems it is connecting to the server, but somehow seems to still use the local DNS-server. If I am mistaken, and the OpenVPN-server-DNS-entries are used, then of course this topic is resolved.


    Regarding VPN through SSH:
    Some countries who censor the internet also do deep-packet-inspection in order to determine if an OpenVPN-connection is established. If an OpenVPN-connection is detected, then the connection will be terminated. So it seems to help to add an additional layer around in order to complicate the identification of an OpenVPN-usage in the first place.

    I see on the packets issue. There is always a way.


    Give me a screenshot of your settings, blackout the last field. What CPU are you using? I am going to be doing some testing tonight on a rpi 2. So I'll take a look at what you got going then.

    Thank you for your quick reply again.


    I just tried to re-produce it exactly as I did before, and see now to my surprise the correct Austrian DNS-servers. I am not sure how this is possible, because when I created the initial post, I have seen my Austrian server but the Algerian (where I am located at the moment) DNS-Servers when I tested it with F-secure (link below). I assume my question is resolved, but since I have no explication for this, I put below what I actually already prepared for replying to you when I executed in the background the f-secure-test and was surprised by the results. However, the network-manager still shows the local Algerian DNS-server as in use.


    I will also do some further testing, because I did not change anything during my first post and this one now.


    edit: I forgot to answer the question regarding CPU: It is an i3-2100, and memory I use 4 GB RAM.


    --


    Please find enclosed 3 screenshots:


    * One is the picture
    of OMV, with my public IP-address removed as requested, but it is correctly set in real life.


    * One is the system-view
    of the Ubuntu network manager, where you can see that it is using the local (Algerian) address, despite it is successfully connected to my server in Austria. When I do a „how is my ip-address“-request while using OpenVPN, I see my Austrian IP-address as well as the location 'Austria'.


    * The third screenshot,
    which brings [NOW: brought] me to the assumption that local DNS-servers are used despite a working OpenVPN-connection is from


    https://campaigns.f-secure.com/router-checker/


    where it displays [now: displayED] my Austrian server, but still reflects [now: reflected] to Algerian DNS-servers.

    Not sure what is going on in the community version plugin. I see a drop down is missing from the old plugin that allowed you to choose "all network traffic" option which would force your browsing traffic to use DNS servers from server end of connection. In this version you may have to put something in extra options. I send pm to HK-47. I mostly use the OpenVPN-AS plugin which I created.

    • Offizieller Beitrag
    Zitat von tekkb

    I send pm to HK-47.


    CC shadowzero since he is taking over maintaining this plugin.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    This option should still be available. Sometimes you do not want your browser going through the VPN (e.g. if you are at home in a trusted network and connecting to the office. It would effect speed of your browser.). You should be able to choose how you want the server/clients setup.

    Tested with an RPi 2 and OpenVPN Connect app on a Galaxy android phone. It is pushing the browser traffic through the browser with the mobile chrome browser. With the default browser, that is called "Internet" that has a globe icon, it did not work. So this is a browser issue with the default browser. I would recommend using the Chrome mobile browser if you want your browser traffic to go through the VPN. We should have option not to push traffic through the VPN too.

    Hello all,


    Just an update from my side. I am working on the community version of the openvpn plugin. I am including functions back into the plugin such as creating your own certificates. Redirect all traffic through the vpn. I plan to have the plugin updated and ready to use after stoneburner is released. If you have any questions on the current plugin release, please feel free to contact me.


    Thanks,


    ShadowZero

    I have tested the community version now. It seems HK-47 replaced the dropdown route field with a checkmark field labeled "default gateway" in the VPN Network section. So you still do have the option to push all network traffic, or not, through the browser. So no upgrades will be needed to resolve this issue. It was not clear as the label and field type changed. Now that I've used the plugin I see this.


    After enabling the plugin it did not work properly, the push through of all network traffic, til a reboot of the machine. So everyone should reboot once after enabling. If you make any changes to the server you should download the zip folder of client files again and replace them on the client machine.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden