After About 5 Days I get this: openvpn[5531]: RESOLVE: Cannot resolve host addre
-
Hehe I am glad it's working for you!!!
It's freaking cool stuff.So regarding your private message.
In order to have each VPN client (i assuming you have 2 setup in openpn) to randomly connect to its available server you have to
specify 1 address in its remote field and rest put in advanced section.Regarding nat.
As I understand how nat works it translates your internal IP address ie 192.168.1.5 to outside world.
By saying DO NOT NAT this address your router wont translate to outside world. (btw this rule should be on top). So it's kinda hanging around in router….
Then this way floating section of firewall will drop your packet and wont let it go outside. If you don't set floating rule i think it may still get out but will be dropped by isp. (I may be wrong here i am not a network expert) :)So in my personal setup i have:
2 Clients
2 Gateways
2 Floating firewall rules
2 Nat rules don't nat in nat section
In LAN tab I have 2 rules routing traffic from alias -> gateways
in openvpn tab I have nothing no rules all dropped.
In each gateway tabs I have nothing all incoming dropped.Hope this helped. If anything you can post your setup (gateways, clients, firewall floating rules, etc.... here) I can check stuff.
also is connection still dropped after few days or all good?
PS
I may have misread your post are you saying both all vpn client machine stop working like if one goes down both us and eu go down?
keep in mind you should have DNAT rule for each machine or each alias
DNT for EU
DNT for US -
As far as the original issue of the network cannot resolve host name, it is still to early to tell if that is fixed (It used to happen after about 5 days or so… and I am only on day 2).
I believe I now have the same setup as you are describing. The weird thing is that if one VPN goes down then both the US and EU VPN's kill the connections (I do have 2 - Do NOT NAT rules). I would have assumed that if the EU VPN went down then only the EU connections would be stopped.
So why did you want to setup random remote IP's? Also I have attached a couple of screen shots of how I setup the various remote severs (hopefully I did that correctly).
-
I have random servers just so it connects to different servers and not single one every time no particular reason but just to make sure if one of servers is slow it will connect to different one automatically next time i reconnect.
Could you take screenshots of:
1. List of your gateways.
2. Your floating rules.
3. Your LAN rules.
4. Your NAT outgoing table
5. Your clients list (you can blank out what you dont wanna show) -
I have attached the screenshots. I also have an internal OpenVPN server setup so that I can access my network so that is why my NAT outgoing tables has so many entries. Let me know if you need any other screenshots.
![System Gateways.JPG](/public/imported_attachments/1/System Gateways.JPG)
![System Gateways.JPG_thumb](/public/imported_attachments/1/System Gateways.JPG_thumb)
![Floating Rules.JPG](/public/imported_attachments/1/Floating Rules.JPG)
![Floating Rules.JPG_thumb](/public/imported_attachments/1/Floating Rules.JPG_thumb)
![LAN Rules.JPG](/public/imported_attachments/1/LAN Rules.JPG)
![LAN Rules.JPG_thumb](/public/imported_attachments/1/LAN Rules.JPG_thumb) -
More Screenshots
![NAT Outgoing Table.JPG](/public/imported_attachments/1/NAT Outgoing Table.JPG)
![NAT Outgoing Table.JPG_thumb](/public/imported_attachments/1/NAT Outgoing Table.JPG_thumb)
![OpenVPN Clients.JPG](/public/imported_attachments/1/OpenVPN Clients.JPG)
![OpenVPN Clients.JPG_thumb](/public/imported_attachments/1/OpenVPN Clients.JPG_thumb) -
Your protocols should be any.
Also floating rules should block traffic not allow it. -
Oh thanks! I changed the rules to blocked. The protocols are set to any see the attached screenshots (I am not sure why it says IPv4 *). Also, to make sure it is working all I have to do is disable a vpn client and then ping google.com and as long as the packets don't send I am good right?
![Floating Rule 1.JPG](/public/imported_attachments/1/Floating Rule 1.JPG)
![Floating Rule 1.JPG_thumb](/public/imported_attachments/1/Floating Rule 1.JPG_thumb)
![Floating Rule 2.JPG](/public/imported_attachments/1/Floating Rule 2.JPG)
![Floating Rule 2.JPG_thumb](/public/imported_attachments/1/Floating Rule 2.JPG_thumb) -
Theoretically now you should have either one vpn working. I don't know why both of yours go down. Maybe something to do with your interface assignments ?
-
Here is the interface assignment page?
![Interface Assignments.JPG](/public/imported_attachments/1/Interface Assignments.JPG)
![Interface Assignments.JPG_thumb](/public/imported_attachments/1/Interface Assignments.JPG_thumb)
![Interface Assignments 2.JPG](/public/imported_attachments/1/Interface Assignments 2.JPG)
![Interface Assignments 2.JPG_thumb](/public/imported_attachments/1/Interface Assignments 2.JPG_thumb) -
Strange so if you disable one of the clients now. Then both EU and US machines wont have internet ?
-
Correct, If I disable one VPN client both the US and EU machines will not ping google
-
Hmm… that could be dns issue.... what if you ping google on one of those machines by ip?
Also is there an overlap in your aliases by any chance?EU_VPNCLIENT -> DOWN
US_VPNCLIENT -> UPEU_MACHINE -> ping -> 8.8.8.8 ??
US_MACHINE -> ping -> 8.8.8.8 ?? -
I checked to make sure the aliases where in the correct spots and they appear to be. I then took the EU vpn down and tried 8.8.8.8 and still both will not get packets.
-
can you screenshot the do not nat rule?
-
Also try disabling floating rules try to troubleshoot. What happens if floating rules are disabled? any luck then?
-
Here is the DO NOT NAT RULE
![Do NOT NAT.JPG](/public/imported_attachments/1/Do NOT NAT.JPG)
![Do NOT NAT.JPG_thumb](/public/imported_attachments/1/Do NOT NAT.JPG_thumb) -
If I disable the floating rules and ping 8.8.8.8 instead of getting "destination host unreachable" it says "request timed out" on both machines. So that doesn't seem to be the problem.
-
This means that DO NOT NAT is applied. So packets are not dropped. But still lurking. Keep Floating disabled for now. Try turning off do not nat rules. ( keep in mind they are applied top down.) If one doesnt apply next one will catch it ;)
-
OK so (Note: EU Do NOT NAT is on top)
TEST 1:
ALL floating rules disabled -> USA DO NOT NAT unchecked -> USA VPN disabled = USA machines can ping / EU machine will not pingTEST 2:
ALL floating rules disabled -> USA DO NOT NAT unchecked -> EU VPN disabled = USA machines can ping / EU machine will not pingTEST 3:
ALL floating rules disabled -> EU DO NOT NAT unchecked -> EU VPN disabled = USA machines can ping / EU machine will not pingTEST 4:
ALL floating rules disabled -> EU DO NOT NAT unchecked -> USA VPN disabled = USA machines can ping / EU machine can pingTEST 5:
ALL floating rules disabled -> ALL DO NOT NAT unchecked -> USA VPN disabled = USA machines can ping / EU machine can ping -
Figured it out. The problems was that under Firewall -> Rules -> Lan, proto was set to "TCP" on both VPN's, I changed proto to "Any" and now if one vpn goes down the other one still works.