I am experiencing problems with DNS after switching from bridge layer2 implementation to S-NAT.
Some sites like youtube resolve really slow through S-NAT. I am in China.
Before implementing the layer2 bridge mode, I used S-NAT and it was ok, so I don´t really know what's going on. I am pushing the google DNS's to the clients, AKA 8.8.8.8-8.8.4.4
Should I use the google DNS's or my local server gateway ? My server is hosted in Amazon Singapore.
Thanks
Problems with DNS through SNAT
-
dajhorn
- Posts: 137
- Joined: Mon Mar 24, 2014 3:59 am
Re: Problems with DNS through SNAT
The SoftEther DHCP configuration should use the same DNS servers as the SoftEther host computer.
An easy solution is to use whatever appears in the /etc/resolv.conf file of the EC2 instance, which is 10.0.0.2 in many EC2 zones.
The AWS documentation describes how to get DNS information through the EC2 API programmatically, which is much more work. Look for the "AmazonProvidedDNS" option.
An easy solution is to use whatever appears in the /etc/resolv.conf file of the EC2 instance, which is 10.0.0.2 in many EC2 zones.
The AWS documentation describes how to get DNS information through the EC2 API programmatically, which is much more work. Look for the "AmazonProvidedDNS" option.
-
cfunk
- Posts: 9
- Joined: Mon Sep 01, 2014 5:09 pm
Re: Problems with DNS through SNAT
What I have managed to do is the following :
dnsmasq : pushes the dns server wich is the IP of the tun interface
in resolv.conf : google working DNS resolver --> 8.8.8.4
What I don´t understand is why with two servers on the same region, same type (m3.medium) one using S-NAT and the other Layer 2 bridge, S-NAT gives 80 ms ping when pinging tun interface from client computer and on bridge gives 230ms, but bridge is much faster than SNAT. I don´t understand why that huge ping. It actually resolves everything faster than the S-NAT version. Looks like the ping is faked somehow, is there any metrics or calculations undergoing through the VPN connection to take in count ? The pings do not seem to be accurate or real in fact. It would be really interesting to know why the ping in Bridge mode is much higher than on S-NAT mode, though S-NAT is much slower on bandwith and Bridge is much faster.
Another thing is ... S-NAT seems much more stable in China than Bridge. On Bridge seems like the public IP of the VPS gets banned really fast. If both are encripted, what does S-NAT differently to Bridge mode to be able to bypass the detection ? I have been reading the documentation multiple times and I don´t see anything S-NAT has related to being detected or not detected by a firewall without a bridge server on the other end. In this case there is no bridge at the other end and the firewall is cutting off the connections made on the Bridge server mode.
Thanks
dnsmasq : pushes the dns server wich is the IP of the tun interface
in resolv.conf : google working DNS resolver --> 8.8.8.4
What I don´t understand is why with two servers on the same region, same type (m3.medium) one using S-NAT and the other Layer 2 bridge, S-NAT gives 80 ms ping when pinging tun interface from client computer and on bridge gives 230ms, but bridge is much faster than SNAT. I don´t understand why that huge ping. It actually resolves everything faster than the S-NAT version. Looks like the ping is faked somehow, is there any metrics or calculations undergoing through the VPN connection to take in count ? The pings do not seem to be accurate or real in fact. It would be really interesting to know why the ping in Bridge mode is much higher than on S-NAT mode, though S-NAT is much slower on bandwith and Bridge is much faster.
Another thing is ... S-NAT seems much more stable in China than Bridge. On Bridge seems like the public IP of the VPS gets banned really fast. If both are encripted, what does S-NAT differently to Bridge mode to be able to bypass the detection ? I have been reading the documentation multiple times and I don´t see anything S-NAT has related to being detected or not detected by a firewall without a bridge server on the other end. In this case there is no bridge at the other end and the firewall is cutting off the connections made on the Bridge server mode.
Thanks
-
myopenid
- Posts: 14
- Joined: Fri Jan 03, 2014 10:11 am
Re: Problems with DNS through SNAT
Can you run a traceroute to see how those two networks are routed?
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Problems with DNS through SNAT
S-NAT virtual host has DNS proxy function.
Usually DNS in DHCP should be set to same as S-NAT virtual host IP address.
Usually DNS in DHCP should be set to same as S-NAT virtual host IP address.