Hi All,
hoping for a little assistance pls and hope I'm in the right forum for it.
My setup:
OSX host(s) making OpenVPN
Internal DNS Svr sitting on DS NAS DSM v6.2.2 w. internal LAN interface in RT2600 LAN subnet.
My issue:
The host(s) make successful vpn connections to the RT2600 - I can see that in the client & svr logs and in Svr UI.
However, both routing to the internal LAN subnet and/or DNS Svr
What am I missing pls?
Background:
RT2600:
2nd router in a DMZ setup. It sits behind an external router and calls are port fwdd to it.
SRM runs DHCP for LAN clients w. DNS set to 'Internal View' for DSM DNS Svr.
Standard VPN 'OpenVPN' setup using VPN Plus Svr package.
UDP Proto :
DSM:
DSM has a foot in each subnet (i.e. LAN2 sits in the RT2600's LAN subnet -192.168.x.x- and LAN1 in same subnet as RT2600's WAN subnet -10.x.x.x).
Further the DNS Svr sitting on DSM has an
This all works perfectly irrespective of whether the client presently sits in 192.168.x/24 or 10.x.x/24. (i.e. Firewall config appears all good and DNS config - prior to VPN also appears all good).
Hosts:
OSX hosts (Mojave, Catalina) using Viscosity client. Logs and UI show connection to VPN successful.
I have set the 'Internal View' to allow queries from both 192.168.x.x _and_ the OpenVPN 172.22.x.x subnets.
However, tracerouting, pinging, Network Discovery and/or querying the Internal DNS does not work.
Given the DNS setup works for these same hosts, I am working on the assumption that DNS config is all good and what I am facing is a routing issue w. the VPN.
VPN Specific:
I am testing VPN connectivity with the host hotspotted to 4G phone, so completely external.
I have tried to set
If I leave VPN Plus Svr to determine Traffic Routing, it sets itself to “Split DNS”. But that means “Resolver 1” gets set to whatever DNS is set by the Hotspot network and Resolver 2 then gets whatever I have configured in dhcp-options.
And no internal DNS queries succeed.
However, if I specifically set
But still no internal DNS queries succeed.
Questions:
Possibly unrelated, but a little understanding never hurts. What is the significance of the
What/Which IP is considered the Default Gateway?
What/Which IP is considered the VPN Gateway?
What/Which IP is considered the Local Network Gateway?
Where else do I need to be looking please?
Hoping I’ve laid it all out sufficiently clearly and really hoping you are able to assist pls. Below is a couple of shots of the Networking options in the Viscosity client and the route table from the host when connected to the VPN.
Internet:
hoping for a little assistance pls and hope I'm in the right forum for it.
My setup:
OSX host(s) making OpenVPN
(Viscosity VPN client: www.sparklabs.com/viscosity)
connection to RT2600 configured w. VPN Plus Svr.Internal DNS Svr sitting on DS NAS DSM v6.2.2 w. internal LAN interface in RT2600 LAN subnet.
My issue:
The host(s) make successful vpn connections to the RT2600 - I can see that in the client & svr logs and in Svr UI.
However, both routing to the internal LAN subnet and/or DNS Svr
(Internal View)
do not seem to work.What am I missing pls?
Background:
RT2600:
2nd router in a DMZ setup. It sits behind an external router and calls are port fwdd to it.
"Internet > Connection > Primary Interface“
set to Manual w. 10.x.x.x address."Internet > Connection > Manually Configure DNS Server“
: Preferred points to DNS ‘External View’ : Alternative points to a.n.other DNS addr.SRM runs DHCP for LAN clients w. DNS set to 'Internal View' for DSM DNS Svr.
Standard VPN 'OpenVPN' setup using VPN Plus Svr package.
UDP Proto :
‘Allow Clients to access Server’s LAN’
ticked. : ‘Use manual DNS’
defaults to Preferred above. N.B. I have tried to set this to LAN’s DNS Internal View w. no success. DSM:
DSM has a foot in each subnet (i.e. LAN2 sits in the RT2600's LAN subnet -192.168.x.x- and LAN1 in same subnet as RT2600's WAN subnet -10.x.x.x).
Further the DNS Svr sitting on DSM has an
"Internal View" - 192.168.x.x addr’s
- and an "External View" - 10.x.x.x addr’s
- providing different IP's to clients depending from where they query the DNS.This all works perfectly irrespective of whether the client presently sits in 192.168.x/24 or 10.x.x/24. (i.e. Firewall config appears all good and DNS config - prior to VPN also appears all good).
Hosts:
OSX hosts (Mojave, Catalina) using Viscosity client. Logs and UI show connection to VPN successful.
I have set the 'Internal View' to allow queries from both 192.168.x.x _and_ the OpenVPN 172.22.x.x subnets.
However, tracerouting, pinging, Network Discovery and/or querying the Internal DNS does not work.
Given the DNS setup works for these same hosts, I am working on the assumption that DNS config is all good and what I am facing is a routing issue w. the VPN.
VPN Specific:
I am testing VPN connectivity with the host hotspotted to 4G phone, so completely external.
I have tried to set
‘dhcp-options DNS <DNS Svr Addrs>’
in the ovpn config. If I leave VPN Plus Svr to determine Traffic Routing, it sets itself to “Split DNS”. But that means “Resolver 1” gets set to whatever DNS is set by the Hotspot network and Resolver 2 then gets whatever I have configured in dhcp-options.
And no internal DNS queries succeed.
However, if I specifically set
“ALL Traffic to run over the VPN interface”
, it sets itself to use “Full DNS” which then reverses the Resolver order.But still no internal DNS queries succeed.
Questions:
Possibly unrelated, but a little understanding never hurts. What is the significance of the
"Internet > Connection > Manually Configure DNS Server“
setup? Given they are in the “Internet” section, I would expect they are for onforwarding requests for the SRM’s DHCP clients. But there is no Synology documentation for them.What/Which IP is considered the Default Gateway?
What/Which IP is considered the VPN Gateway?
What/Which IP is considered the Local Network Gateway?
Where else do I need to be looking please?
Hoping I’ve laid it all out sufficiently clearly and really hoping you are able to assist pls. Below is a couple of shots of the Networking options in the Viscosity client and the route table from the host when connected to the VPN.
Internet:
Destination | Gateway | Flags | Refs | Use | Netif | Expire |
0/1 | 172.22.0.5 | UGSc | 55 | 0 | utun10 | |
default | 192.168.1.1 | UGSc | 0 | 0 | en0 | |
<Public IP>/32 | 192.168.1.1 | UGSc | 1 | 0 | en0 | |
127 | 127.0.0.1 | UCS | 0 | 0 | lo0 | |
127.0.0.1 | 127.0.0.1 | UH | 1 | 1939386 | lo0 | |
128.0/1 | 172.22.0.5 | UGSc | 1 | 0 | utun10 | |
169.254 | link#5 | UCS | 1 | 0 | en0 | ! |
172.22/24 | 172.22.0.5 | UGSc | 1 | 0 | utun10 | |
172.22.0.1/32 | 172.22.0.5 | UGSc | 0 | 0 | utun10 | |
172.22.0.5 | 172.22.0.6 | UHr | 14 | 0 | utun10 | |
172.22.0.5/32 | link#15 | UCS | 0 | 0 | utun10 | |
192.168.1 | link#5 | UCS | 1 | 0 | en0 | ! |
192.168.1.1/32 | link#5 | UCS | 1 | 0 | en0 | ! |
192.168.1.1 | <MAC Address> | UHLWIir | 7 | 61 | en0 | 1173 |
192.168.1.129/32 | link#5 | UCS | 1 | 0 | en0 | ! |
192.168.1.129 | <MAC Address> | UHLWI | 0 | 30 | lo0 | |
192.168.1.255 | ff:ff:ff:ff:ff:ff | UHLWbI | 0 | 18 | en0 | ! |
192.168.XX | 172.22.0.5 | UGSc | 1 | 0 | utun10 | |
224.0.0/4 | link#15 | UmCS | 0 | 0 | utun10 | |
224.0.0/4 | link#5 | UmCSI | 1 | 0 | en0 | ! |
224.0.0.251 | <MAC Address> | UHmLWI | 0 | 0 | en0 | |
255.255.255.255/32 | link#15 | UCS | 0 | 0 | utun10 | |
255.255.255.255/32 | link#5 | UCSI | 0 | 0 | en0 | ! |