OpenVPN – Site-to-Site routed VPN between two routers – DD-WRT Wiki, DNS is broken

2011/05/22

I am running DD-WRT v24-sp2 (08/07/10) mega – build 14896 on a Linksys WRT610Nv2 and use openvpn to do Site-to-Site routed VPN. There is a problem with recent builds of dd-wrt that breaks DNS between the sites. It is due to the “stop-dns-rebind” option in the “/tmp/dnsmasq.conf” file.

So if you have used this guide:
http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#DHCP_Forwarder_.2F_DHCP_Server_feature_of_DD-WRT

Example:
10.0.50.1 localDomain
10.0.51.1 remoteDomain

Have accomplished:
1) Ping the remote router
ping 10.0.51.1
2) Ping a remote client
ping 10.0.51.x
3) Can get a DNS answer from the remote DNS server
dig @10.0.51.1 remoteClient.remoteDomain
4) From your local client system dns does not work for remote clients
dig remoteClient.remoteDomain
aka
dig @10.0.50.1 remoteClient.remoteDomain

The next step is to:
1) ssh root@10.0.50.1
2) cat /tmp/dnsmasq.conf
3) If you see the option “stop-dns-rebind” this is rejecting the remote dns servers. This is why lookups do not work

Fix it:
1) Log into DD-WRT web interface
2) Administration->Commands
3) Edit startup
4) At the end insert

# This is a hack for dnsmasq because it does not implement rebind-domain-ok yet
 sed -i 's/stop-dns-rebind/# stop-dns-rebind/g' /tmp/dnsmasq.conf
 sleep 5
 killall dnsmasq
 sleep 5
 dnsmasq --conf-file=/tmp/dnsmasq.conf

5) Save Startup
6) Reboot router
7) dig remoteClient.remoteDomain works
8) Profit

References:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=78527&postdays=0&postorder=asc&start=0

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: