It has been working great until recently when he started proxying DNS requests. I assumed all traffic would go through the VPN but apparently that is not the case. I noticed he started pushing DNS servers through DHCP and my adapter was configured to use auto configured DNS servers. I tried setting the wireless adapter to use Google's DNS servers, but when I do that I just get timeouts on lookups. I tried setting the 'redirect-gateway' and pushing DNS servers to the client, but when I do that I am not able to get a session open. I get connected, but then it instantly drops. The server log shows the connection, then the OpenVPN service restarts and the session fails.
Here are my logs and configs:
Client OpenVPN Configuration:
dev tun
proto tcp
#connect to local stunnel service
remote 127.0.0.1 22994
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert tneal.crt
key tneal.key
remote-cert-tls server
comp-lzo
verb 3
route-method exe
route-delay 2
redirect-gateway def1
Code: Select all
23:44:01 2017 OpenVPN 2.3.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 23 2016
23:44:01 2017 Windows version 6.2 (Windows 8 or greater) 64bit
23:44:01 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
23:44:01 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
23:44:01 2017 Need hold release from management interface, waiting...
23:44:01 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
23:44:01 2017 MANAGEMENT: CMD 'state on'
23:44:01 2017 MANAGEMENT: CMD 'log all on'
23:44:01 2017 MANAGEMENT: CMD 'hold off'
23:44:01 2017 MANAGEMENT: CMD 'hold release'
23:44:01 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
23:44:01 2017 Attempting to establish TCP connection with [AF_INET]127.0.0.1:22994 [nonblock]
23:44:01 2017 MANAGEMENT: >STATE:1491374641,TCP_CONNECT,,,
23:44:01 2017 TCP connection established with [AF_INET]127.0.0.1:22994
23:44:01 2017 TCPv4_CLIENT link local: [undef]
23:44:01 2017 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:22994
23:44:01 2017 MANAGEMENT: >STATE:1491374641,WAIT,,,
23:44:02 2017 Connection reset, restarting [-1]
23:44:02 2017 SIGUSR1[soft,connection-reset] received, process restarting
23:44:02 2017 MANAGEMENT: >STATE:1491374642,RECONNECTING,connection-reset,,
23:44:02 2017 Restart pause, 5 second(s)
Code: Select all
[openvpn]
client = yes
accept = 127.0.0.1:22994
connect = [Server IP]:443
PSKsecrets=psks.txt
Server OpenVPN Configuration:
port 11303
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4""
keepalive 10 120
comp-lzo
persist-key
persist-tun
Code: Select all
09:33:14 server systemd[1]: Starting OpenVPN connection to server...
09:33:14 server systemd[1]: Stopping OpenVPN service...
09:33:14 server systemd[1]: Starting OpenVPN service...
09:33:14 server systemd[1]: Failed to start OpenVPN connection to server.
09:33:14 server systemd[1]: Started OpenVPN service.
Code: Select all
sslVersion = all
options = NO_SSLv2
pid = /stunnel4.pid
debug = 7
output = /var/log/stunnel4/stunnel4.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[openvpn]
accept = [Server IP]:443
connect = [Server IP]:11303
cert=/etc/stunnel/server.pem
key=/etc/stunnel/server.key
ciphers=PSK
PSKsecrets=/etc/stunnel/psk.txt
verb 10
Server is running Debian and the client is Windows as you can see from the log. If I take out the DNS push lines, it connects and I can connect to IP addresses directly, but DNS goes through his servers.
Can anyone see why this is happening and how can I make sure I'm protecting my DNS lookups? Thanks for reading