Closed Bug 1225555 Opened 10 years ago Closed 10 years ago

Can't resolve private hosts if using custom dns on osx

Categories

(Infrastructure & Operations :: Corporate VPN: Support requests, task)

Product:
Infrastructure & Operations
Component:
Corporate VPN: Support requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: magopian, Unassigned)

Details

I've been successfully and happily using tunnelblick and openvpn to connect to the VPN. I'm using it for example to connect to pyrepo1.addons.phx1.mozilla.com. However, lately, I've set up some custom DNS (opendns) because my provider's DNS are really flaky. To do that, I simply added the two IP addresses using the network preferences. Since then, I can't access the private hosts anymore: > ssh: Could not resolve hostname pyrepo1.addons.phx1.mozilla.com: nodename nor servname provided, or not known If I remove those IP addresses from the DNS configuration of my connection in the network preferences, and reconnect to the vpn, everything works correctly again. Is there a way for me to continue using opendns, and still benefit from the full vpn experience? Here's my tunnelblick/openvpn configuration: #-- Config Auto Generated By Viscosity --# #viscosity startonopen false #viscosity dhcp true #viscosity dnssupport true #viscosity name Mozilla Certificate Based VPN remote openvpn.scl3.mozilla.com 1194 udp remote openvpn.scl3.mozilla.com 1194 tcp-client remote openvpn.scl3.mozilla.com 443 tcp-client remote openvpn.scl3.mozilla.com 80 tcp-client auth-user-pass persist-key tls-client tls-auth ta.key 1 pull ca ca.crt dev tun persist-tun cert cert.crt comp-lzo no nobind key key.key cipher AES-256-CBC remote-cert-eku "TLS Web Server Authentication" resolv-retry infinite
Assignee: infra → vpn-support
Component: Infrastructure: OpenVPN → Mozilla VPN: Support requests
QA Contact: jdow → cshields
Maybe. When you connect to the VPN, you are pushed the VPN's DNS resolvers. These should override your system's DNS servers, and while connected to the VPN, all DNS queries should go to the VPN server's DNS servers. If you want to use OpenDNS resolvers *while* connected to VPN, then you will not be able to resolve internal Mozilla hostnames. If you want to use OpenDNS resolvers while not connected to VPN, but use VPN's resolvers while connected, then probably the best way to achieve this is if you have access to modify your DHCP server's DNS options. How to do this, or if it's possible, will depend on the network setup you have. I believe in theory if you manually enter in your DNS servers in the system preferences, VPN should still be able to override these, but it probably depends on the specific configuration or client. You might look through Tunnelblick's advanced settings to see if there is any way to have it handle DNS in a custom way, if not, you could look at Viscosity, which is another client that might have better options for this. Depending on how many hosts you access through the VPN, if it's just one or two things, you could just add their internal IP addresses to your /etc/hosts file and not worry about our internal DNS.
Wow, didn't understand it was that complicated (meaning, I didn't know the VPN's DNS resolvers were pushed when connecting, it does make sense now though ;). Thanks a lot for all the solutions you gave, I think I'll go with your last one, at least for now. Thanks again!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.