Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Emerging Member
Posts: 91
Registered: ‎10-10-2013
Kudos: 41
Solutions: 4
Accepted Solution

EdgeRouter DNS and VPN-connections

I have a problem with the EdgeRouter Lite DNS server and VPN-connections (PPTP and L2TP). The problem is that I can't find a good way to make the DNS server listen to the VPN interfaces. If I'm connceted with PPTP, the DNS-server will not answer any questions until I add the PPTP interface to the interface list for the DNS server.

In short, I'm missing a way to add PPTP and L2TP (and possibly OpenVPN) interfaces to the interface list for the DNS server.


Accepted Solutions
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5390
Solutions: 1656
Contributions: 2

Re: EdgeRouter DNS and VPN-connections

I'm assuming you mean making DNS forwarding work for PPTP and L2TP clients too? If so, you could try adding the following to the DNS forwarding configuration (from the CLI and assuming you already have DNS forwarding configured):

configure
set service dns forwarding options "listen-address=x.x.x.x"
commit
save

The "x.x.x.x" is the IP address that PPTP/L2TP is returning to the clients for DNS server (i.e., should the router's own IP address).

View solution in original post


All Replies
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3054
Solutions: 945
Contributions: 16

Re: EdgeRouter DNS and VPN-connections

I assume you're talking about DNS forwarding since there  is no DNS server built in to EdgeOS.  For pptp sessions on the server you can specify the dns for the client to use:

set vpn pptp remote-access dns-servers server-1 10.1.0.1
set vpn pptp remote-access dns-servers server-2 8.8.8.8  

 

EdgeMAX Router Software Development
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5390
Solutions: 1656
Contributions: 2

Re: EdgeRouter DNS and VPN-connections

I'm assuming you mean making DNS forwarding work for PPTP and L2TP clients too? If so, you could try adding the following to the DNS forwarding configuration (from the CLI and assuming you already have DNS forwarding configured):

configure
set service dns forwarding options "listen-address=x.x.x.x"
commit
save

The "x.x.x.x" is the IP address that PPTP/L2TP is returning to the clients for DNS server (i.e., should the router's own IP address).

Emerging Member
Posts: 91
Registered: ‎10-10-2013
Kudos: 41
Solutions: 4

Re: EdgeRouter DNS and VPN-connections

Most things are easy when you know how to do it Smiley Happy

Thank You!

New Member
Posts: 16
Registered: ‎05-21-2014
Kudos: 5
Solutions: 1

Re: EdgeRouter DNS and VPN-connections

Adding the "listen-address=192.168.1.1" option worked for me too, but I'd like to understand why both are necessary in order for DNS resolution to work correctly for the L2TP VPN client.

 

Since dnsmasq is already listening on interface=eth1, why do we need to tell dnsmasq to also listen on the IP address 192.168.1.1?  Is it because the L2TP VPN is not using the physical eth1 interface?  DNS forwarding worked on my local network just fine before specifying the listen-address option, so if dnsmasq wasn't normally listening on 192.168.1.1 by default, how did the DNS forwarding work OK for local clients?

 

Sorry if this is a dumb question, I'm not really familiar with how VPN works internally and I just want to make sure I understand what's going on here instead of blindly entering CLI commands.

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5390
Solutions: 1656
Contributions: 2

Re: EdgeRouter DNS and VPN-connections

Yeah the L2TP VPN clients are connecting from "virtual" interfaces instead of eth1, so the listen-address would be needed to support them. The local clients are already covered by the "interface=eth1".

Emerging Member
Posts: 90
Registered: ‎03-30-2016
Kudos: 7
Solutions: 3

Re: EdgeRouter DNS and VPN-connections

I too amy trying to setup L2TP to use my routers DNS and to also follow some of the DNS forwarding options I've set (for example, forward any DNS queries to skysports.com).

 

Here is the VPN config, which doesn't have a DNS setting

 

 ipsec {
     ipsec-interfaces {
         interface eth0
     }
     nat-networks {
         allowed-network 0.0.0.0/0 {
         }
     }
     nat-traversal enable
 }
 l2tp {
     remote-access {
         authentication {
             local-users {
                 username user {
                     password password
                 }
             }
             mode local
         }
         client-ip-pool {
             start 192.168.90.1
             stop 192.168.90.5
         }
         dhcp-interface eth0
         ipsec-settings {
             authentication {
                 mode pre-shared-secret
                 pre-shared-secret sharedsecretkey
             }
         }
         mtu 1492
     }
 }

and here is my DNS forwarding settings 

 

listen-on eth1
listen-on eth2
options server=/skysports.com/168.1.108.215
options listen-address=192.168.1.1

VPN connection works, and I receive an IP address from the 192.168.90.1 pool, I can connect to servers on my LAN but cannot browse.  Can anyone spot the problem? 

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5390
Solutions: 1656
Contributions: 2

Re: EdgeRouter DNS and VPN-connections

From the config fragment, looks like the L2TP config is missing the "dns-server" setting, i.e., it needs to return 192.168.1.1 as the DNS server to the L2TP/IPsec clients. So try adding that, e.g.:

set vpn l2tp remote-access dns-servers server-1 192.168.1.1

then troubleshoot from there.

Emerging Member
Posts: 90
Registered: ‎03-30-2016
Kudos: 7
Solutions: 3

Re: EdgeRouter DNS and VPN-connections

Thanks, @UBNT-ancheng - that solved it! Man Happy 

Reply