DNS and default gateway

[boizoe]

I use CM-13.0 and Tinc_gui 0.9.14.

Then I connect through LTE to peer which I want use as a default gateway, DNS stopped to work. Seems like problem in providers DNS, which stands not in my LAN. Because if I connect through Wi-Fi with DNS in my phone network, all works fine.

For example, through LTE my phone IP can be like 10.99.143.25/30, 10.112.2.159/26 and so on. And DNS is 10.220.4.9, 10.221.4.9. So to ask DNS about name resolution, phone should hops several routers.

I tried

setprop net.dns1 8.8.8.8
setprop net.dns2 8.8.4.4

in default-gateway-up, but without success. As a workaround, I set routes to providers DNS through ORIGINAL_GATEWAY, but I don't like this idea.

My tinc.conf:

Name = phone
ConnectTo = default-gateway
ConnectTo = another-host
Device = /dev/tun
DeviceType = tap
ScriptsInterpreter = /system/bin/sh

tinc-up:

#!/system/bin/sh
ifconfig $INTERFACE 192.168.247.28 netmask 255.255.255.255
#echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/rp_filter

# Use new routing table 100, to have higher priority than android's ones
ip rule add prio 100 from all lookup 100
ip route add table 100 192.168.247.0/24 dev $INTERFACE

tinc-down:

#!/system/bin/sh -x
ip rule del from all lookup 100
ip route del table 100 192.168.247.0/24 dev $INTERFACE

another-host-up:

#!/system/bin/sh -x
VPN_GATEWAY=192.168.247.25

# Use new routing table 100, to have higher priority than android's ones
ip route add table 100 172.16.0.0/12 via $VPN_GATEWAY dev $INTERFACE

another-host-down:

#!/system/bin/sh -x
VPN_GATEWAY=192.168.247.25

ip route del table 100 172.16.0.0/12 via $VPN_GATEWAY dev $INTERFACE

default-gateway-up:

#!/system/bin/sh -x
VPN_GATEWAY=192.168.247.21
ORIGINAL_GATEWAY=$(for TABLE in $(ip rule show | grep lookup | sed -r 's/.* lookup ([^ ]+).*/\1/') ; do ip route show table $TABLE | grep ^default | cut -d ' ' -f 2-5 ; done | grep -v dummy | head -1)
ORIGINAL_DNS1=$(getprop net.dns1)
ORIGINAL_DNS2=$(getprop net.dns2)

# Use new routing table 100, to have higher priority than android's ones
ip route add table 100 $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add table 100 $ORIGINAL_DNS1 $ORIGINAL_GATEWAY
ip route add table 100 $ORIGINAL_DNS2 $ORIGINAL_GATEWAY
ip route add table 100 $VPN_GATEWAY dev $INTERFACE
ip route add table 100 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
ip route add table 100 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE

default-gateway-down:

#!/system/bin/sh -x
VPN_GATEWAY=192.168.247.21
ORIGINAL_DNS1=$(getprop net.dns1)
ORIGINAL_DNS2=$(getprop net.dns2)

ip route del table 100 $REMOTEADDRESS
ip route del table 100 $ORIGINAL_DNS1
ip route del table 100 $ORIGINAL_DNS2
ip route del table 100 $VPN_GATEWAY dev $INTERFACE
ip route del table 100 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
ip route del table 100 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE

I can't understand, is problem in tinc_gui or in my phone. Can you help to determinate the root of issue or suggest another workaround?

[luckyhacky]

Are you shure, your scripts are executed? What is the output of the scripts? Can you post your routes and the ifconfig output?

[boizoe]

Hi.

Im think they executed, because all works, except DNS.

$ ip ad 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 1a:ff:bf:0d:a5:12 brd ff:ff:ff:ff:ff:ff inet6 fe80::18ff:bfff:fe0d:a512/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop state DOWN link/sit 0.0.0.0 brd 0.0.0.0 4: rmnet0: <UP,LOWER_UP> mtu 2000 qdisc pfifo_fast state UNKNOWN qlen 1000 link/[530] 12: rmnet_data0: <UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN qlen 1000 link/[530] inet 10.97.79.105/30 scope global rmnet_data0 valid_lft forever preferred_lft forever inet6 fe80::ab8f:4e13:dbc6:bb8d/64 scope link valid_lft forever preferred_lft forever 13: rmnet_data1: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 14: rmnet_data2: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 15: rmnet_data3: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 16: rmnet_data4: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 17: rmnet_data5: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 18: rmnet_data6: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 19: rmnet_data7: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 20: r_rmnet_data0: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 21: r_rmnet_data1: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 22: r_rmnet_data2: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 23: r_rmnet_data3: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 24: r_rmnet_data4: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 25: r_rmnet_data5: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 26: r_rmnet_data6: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 27: r_rmnet_data7: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 28: r_rmnet_data8: <> mtu 1500 qdisc noop state DOWN qlen 1000 link/[530] 31: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether fc:3d:93:44:34:93 brd ff:ff:ff:ff:ff:ff 32: p2p0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether fe:3d:93:44:34:93 brd ff:ff:ff:ff:ff:ff 33: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether ae:1d:9d:dd:36:ed brd ff:ff:ff:ff:ff:ff inet 192.168.247.28/32 brd 192.168.247.255 scope global tap0 valid_lft forever preferred_lft forever inet6 fe80::ac1d:9dff:fedd:36ed/64 scope link valid_lft forever preferred_lft forever

$ ip ro list table all 0.0.0.0/1 via 192.168.247.21 dev tap0 table 100 10.220.4.9 via 10.97.79.106 dev rmnet_data0 table 100 10.221.4.9 via 10.97.79.106 dev rmnet_data0 table 100 45.55.211.201 via 10.97.79.106 dev rmnet_data0 table 100 128.0.0.0/1 via 192.168.247.21 dev tap0 table 100 172.16.0.0/12 via 192.168.247.25 dev tap0 table 100 192.168.247.0/24 dev tap0 table 100 scope link 192.168.247.21 dev tap0 table 100 scope link 192.168.249.0/24 via 192.168.247.10 dev tap0 table 100 default dev dummy0 table 1002 proto static scope link default via 10.97.79.106 dev rmnet_data0 table 1012 proto static 10.97.79.104/30 dev rmnet_data0 proto kernel scope link src 10.97.79.105 broadcast 10.97.79.104 dev rmnet_data0 table local proto kernel scope link src 10.97.79.105 local 10.97.79.105 dev rmnet_data0 table local proto kernel scope host src 10.97.79.105 broadcast 10.97.79.107 dev rmnet_data0 table local proto kernel scope link src 10.97.79.105 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 local 192.168.247.28 dev tap0 table local proto kernel scope host src 192.168.247.28 broadcast 192.168.247.255 dev tap0 table local proto kernel scope link src 192.168.247.28 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 fe80::/64 dev tap0 table 1033 proto kernel metric 256 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 fe80::/64 dev dummy0 table 1002 proto kernel metric 256 default dev dummy0 table 1002 proto static metric 1024 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 fe80::/64 dev rmnet_data0 table 1012 proto kernel metric 256 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101 local ::1 dev lo table local proto none metric 0 local fe80::18ff:bfff:fe0d:a512 dev lo table local proto none metric 0 local fe80::ab8f:4e13:dbc6:bb8d dev lo table local proto none metric 0 local fe80::ac1d:9dff:fedd:36ed dev lo table local proto none metric 0 ff00::/8 dev dummy0 table local metric 256 ff00::/8 dev rmnet_data0 table local metric 256 ff00::/8 dev tap0 table local metric 256 unreachable default dev lo table 0 proto kernel metric 4294967295 error -101

[luckyhacky]

questions:

• you can connect to a website over ip or this this also not possible?
• does your vpn server forward traffic to the internet?
• does your vpn server have a own dns?

[boizoe]

you can connect to a website over ip or this this also not possible? No, I can't. If I comment rows with routes to $ORIGINAL_DNS, after starting tinc I can't reach any host ever by ip: "connect: Network is unreachable"

does your vpn server forward traffic to the internet? Yes, because it works on my another, non-android, devices.

does your vpn server have a own dns? One of them (home router with OpenWRT) yes, but main gateway (CentOS 7) no. I tried to use my OpenWRT as a DNS for android, but without success.

On Tue, Oct 11, 2016 at 10:56 PM, B. S. [email protected] wrote:

questions:

• you can connect to a website over ip or this this also not possible?
• does your vpn server forward traffic to the internet?
• does your vpn server have a own dns?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Vilbrekin/tinc_gui/issues/38#issuecomment-253027067, or mute the thread https://github.com/notifications/unsubscribe-auth/ACEg4D_kcNQwGiSPnYLr6Iv-L977VQCtks5qy-n9gaJpZM4JLGwT .

brgds Maxim Vorontsov