Cannot resolve host address

Technical Support for Routers VPN, DNS, Leaks
1

I have a GL-AR300M16 and am having an OpenVPN issue. I’m getting a “Cannot resolve host address”

The config file are below. I tried to post the log files but I was getting “too many links because you are new” message. I searched here and Google without finding an answer.

Because the .ovpn client works on all of my android devices as well as my Ubuntu laptop I’m assuming this is specific to the router and I’m not sure how to fix it. If I replace xxxx.asuscomm.com with the actual IP address, everything works.

I’m running firmware 4.3.7. No firewall rules. Any ideas?

remote xxxx.asuscomm.com 1111
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 10 30

for OpenVPN 2.4 or older

comp-lzo yes

for OpenVPN 2.4 or newer

;compress lzo

auth-user-pass
client
auth SHA1
ignore-unknown-option cipher data-ciphers
cipher AES-128-CBC
data-ciphers AES-128-CBC
remote-cert-tls server

2

Well, this case should be pretty straight forward. :slight_smile:

Your domain xxxx.asuscomm.com seem to not return the correct IP address. You should check if the dynamic DNS service you are using is working correctly.

3

The domain is not really xxxx.asuscomm.com. xxxx are placeholders. This works on all other devices but the router so the config file has to be good.

4

I can PM the actual domain but don’t want it published in an open forum

5

It could also be a DNS bootstrap issue not shunting the requests thru the tunnel.

@stevenj
Do you have the option to declare DNS in the OVPN confs? Try 9.9.9.9 (Quad9) or Cloudflare (1.1.1.1) for the tunnel’s DNS.

6

I’m not a network guy. I know just enough to be dangerous. What your describing is going right over my head. I thought this might be something simple since dns resolution is only failing when trying to resolve the domain name in the config file.

7

So if you use https://dnschecker.org/ the correct IP for your domain will return?

8

Yes. I get the correct IP address.

9

:frowning_with_open_mouth: There goes my „easy as pie“

On the device you are using for connecting to your VPN: What DNS server is configured? Did you try to connect from inside your network or from outside?

10

I’m pulling the default DNS from the router I am repeating.

I am outside my home asus network that the OpenVPN server resides on.

I tried manually setting 1.1.1.1 in AR300 but that didn’t make any difference.

11

May you upload the log as txt file here?

12

I guarantee you’re not as ‘dangerous’ as me. I void my equipment’s warranties… intentionally. :wink:

Seriously though, @admon has you in good hands.

@admon
FYI: The Shadow’s support Cloudflare via DoT. I don’t see a reason that couldn’t work like in my subnets using WG w/ DoH.

1 Like
13

Here is a screenshot. I can’t paste text because it says I have too many links.

Screenshot_20231130-133056
Screenshot_20231130-1330561080×2400 262 KB

There was more but it looks like it just keeps trying.

In case I forget to say so, I truly appreciate your assistance.

14

This is really ‘smelling’ like a DNS bootstrapping issue.

Is there any reason we can’t remove OVPN fr the equation & set up WireGuard to test? It’s a world of less complication to define specific DNS servers for the tunnel. Eg:

[Interface]
Address = 10.0.0.9/24
PrivateKey = [redacted]
DNS = 9.9.9.9, 1.1.1.1
MTU = 1320

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = [redacted]:51820
PersistentKeepalive = 25
PublicKey = [redacted]
PresharedKey = [redacted]
15

As far as I remember my OVPN configs there is no boostrapping DNS in OVPN.

The client will use the clients DNS server for the first connection and then the servers DNS might get pushed. But since the problem here is the 1st connection attempt it should be no problem with DNS provided by the OVPN server.

16

I will have to look up what DNS bootstrapping is and I don’t know what the interface and peer means.

I understand in general how a VPN works but when it gets into configuration and network layers and such I’m lost. I never went any farther then A+ certification and that was 25+ years ago

I’m running the VPN server on my home router and it doesn’t support wire guard and I don’t have a Pi laying around for this.

I really do appreciate you trying to help but if it’s beyond the scope of a forum chat I understand.

17

Do you have the possibility to check if the IP of your DNS domain is right on the device you are trying to connect?

Maybe with nslookup or ping or something like that?

18

That’s what I thought too. The problem existed on the last firmware version too and I was hoping this new version i loaded yesterday would help. Anyway, I really like the new version. Nice options.

20

@stevenj

Let’s go a lil’more ‘lower level’:

Can you SSH into your Mango? There’s a piece of software we can run from the command line called drill. It’s used to troubleshoot DNS resolution. That this problem is only happening on the Mango is quite something else. I’d like to chk what’s going on w/ the Mango’s DNS service.

  • opkg update; opkg install drill
  • drill +short $yourAsusDDNS

Example:

root@flint:~# drill +short quad9.net
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 46273
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; quad9.net.   IN      A

;; ANSWER SECTION:
quad9.net.      2390    IN      A       216.21.3.77

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; EDNS: version 0; flags: ; udp: 1232
;; SERVER: 127.0.0.1
;; WHEN: Thu Nov 30 17:01:30 2023
;; MSG SIZE  rcvd: 54

See the link below. The default IP for GL devices is 192.168.8.1, username root.

1 Like
21

I can probably try but I don’t see how that will help. The router never establishes the connection. I don’t remember the exact wording but it’s along the lines of “trying to connect”. The very same device will connect to the ovpn server directly if I don’t use the router.

I should probably give my use case. I need to route traffic through my home cable connection when away to view all of the cable channels. First world problem, I know.

This looks like it’s going to be a PIA to solve. I’m thinking I’ll just pull the actual IP address if it changes. It’s not very difficult and doesn’t usually happen more than a handful of times a year.

I thought this would be easy since the same ovpn for works on all of the other devices I’ve tried it on.