Page 1 of 1

Openvpn DNS configuration does not resolve

Posted: Sat Feb 25, 2017 8:32 pm
by TheMac
The client connects to the server correctly.
When trying to resolve any domain this does not get resolved I do not get connection.

Sevidor: CentOs 7.3
Cloente MacOS 10.12.3


Tunneblick Diagnosis

Code: Select all

2017-02-25 21:10:59 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2017-02-25 21:10:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-02-25 21:10:59 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-02-25 21:10:59 UDPv4 link local: [undef]
2017-02-25 21:10:59 UDPv4 link remote: [AF_INET]151.xx.xx.xx:1194
2017-02-25 21:10:59 MANAGEMENT: >STATE:1488053459,WAIT,,,
2017-02-25 21:10:59 MANAGEMENT: >STATE:1488053459,AUTH,,,
2017-02-25 21:10:59 TLS: Initial packet from [AF_INET]151.xx.xx.xx:1194, sid=7080eeed 6fe14af8
2017-02-25 21:10:59 *Tunnelblick: openvpnstart starting OpenVPN
2017-02-25 21:11:00 VERIFY OK: depth=1, C=ES, ST=BA, L=Badajoz, O=tecnofacilblog, OU=Extremadura, CN=openvpn.tecnofacilblog.com, name=tecnofacilblog.com, emailAddress=contacto@tecnofacilblog.com
2017-02-25 21:11:00 VERIFY OK: depth=0, C=ES, ST=BA, L=Badajoz, O=tecnofacilblog, OU=Extremadura, CN=server, name=tecnofacilblog.com, emailAddress=contacto@tecnofacilblog.com
2017-02-25 21:11:00 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
2017-02-25 21:11:00 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
2017-02-25 21:11:00 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-02-25 21:11:00 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-02-25 21:11:00 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-02-25 21:11:00 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-02-25 21:11:00 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2017-02-25 21:11:00 [server] Peer Connection Initiated with [AF_INET]151.xx.xx.xx:1194
2017-02-25 21:11:01 MANAGEMENT: >STATE:1488053461,GET_CONFIG,,,
2017-02-25 21:11:02 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2017-02-25 21:11:02 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2017-02-25 21:11:02 OPTIONS IMPORT: timers and/or timeouts modified
2017-02-25 21:11:02 OPTIONS IMPORT: --ifconfig/up options modified
2017-02-25 21:11:02 OPTIONS IMPORT: route options modified
2017-02-25 21:11:02 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-02-25 21:11:02 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-02-25 21:11:02 Opened utun device utun1
2017-02-25 21:11:02 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-02-25 21:11:02 MANAGEMENT: >STATE:1488053462,ASSIGN_IP,,10.8.0.6,
2017-02-25 21:11:02 /sbin/ifconfig utun1 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-02-25 21:11:02 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-02-25 21:11:02 /sbin/ifconfig utun1 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2017-02-25 21:11:02 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1500 1558 10.8.0.6 10.8.0.5 init
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        Disabled IPv6 for 'Wi-Fi'
                                        Disabled IPv6 for 'Bluetooth PAN'
                                        Disabled IPv6 for 'Thunderbolt Bridge'
                                        Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 ], search domain(s) [  ] and SMB server(s) [  ] and using default domain name [ openvpn ]
                                        WARNING: Ignoring ServerAddresses '8.8.8.8 8.8.4.4' because ServerAddresses was set manually
                                        Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
                                        Saved the DNS and SMB configurations so they can be restored
                                        Did not change DNS ServerAddresses setting of '8.8.8.8 8.8.4.4' (but re-set it)
                                        Changed DNS SearchDomains setting from '' to 'openvpn'
                                        Changed DNS DomainName setting from '' to 'openvpn'
                                        Did not change SMB NetBIOSName setting of ''
                                        Did not change SMB Workgroup setting of ''
                                        Did not change SMB WINSAddresses setting of ''
                                        DNS servers '8.8.8.8 8.8.4.4' were set manually
                                        DNS servers '8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active
                                        The DNS servers include only free public DNS servers known to Tunnelblick.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        Setting up to monitor system configuration with process-network-changes
                                        End of output from client.up.tunnelblick.sh
                                        *******************************************
Client.ovpn

Code: Select all

client
dev tun
proto udp
remote 151... 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
ca /openvpn_cert/ca.crt
cert /openvpn_cert/client.crt
key /openvpn_cert/client.key
I try with what posted in this thread but the proposed solution did not work for me.
viewtopic.php?f=4&t=21678

Re: Openvpn DNS configuration does not resolve

Posted: Sat Feb 25, 2017 11:59 pm
by TinCanTech
Did you configure your server correctly ?

Re: Openvpn DNS configuration does not resolve

Posted: Sun Feb 26, 2017 1:42 am
by TheMac
I guess so
I'm new to openvpn
Follow this tutorial to configure my server

Code: Select all

https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
When I connect, I get the following warnings:

Code: Select all

2017-02-26 02:47:54 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

2017-02-26 02:47:54 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
2017-02-26 02:47:54 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'

  WARNING: Ignoring ServerAddresses '8.8.8.8 8.8.4.4' because ServerAddresses was set manually
Even so the connection with the server is made ping the server ip and this responds open to open any paguine in my browsing and there is no response.

I would appreciate some information about how to fix these warnings....

Re: Openvpn DNS configuration does not resolve

Posted: Sun Feb 26, 2017 2:09 am
by TinCanTech
TheMac wrote:Follow this tutorial to configure my server

..
Go ask the Author of your tutorial why it does not work ..

Re: Openvpn DNS configuration does not resolve

Posted: Sun Feb 26, 2017 3:05 am
by TheMac
The tutorial is more than 4 years old.
The author takes a lot without showing signs of life

Re: Openvpn DNS configuration does not resolve

Posted: Sun Feb 26, 2017 3:28 am
by TinCanTech
Do you still need help ?

The official docs are online ..

Re: Openvpn DNS configuration does not resolve

Posted: Sun Feb 26, 2017 5:01 am
by TheMac
thanks for your help
I have solved it was problem with the certificate authority certificates are re-created and everything works as it should.



I am writing these lines to you through the openvpn tunnel :D