VPN split tunneling DNS error

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

VPN split tunneling DNS error

Post by Mortificator » Sat Dec 04, 2021 3:14 pm

I use OpenVPN with ProtonVPN. I have updated relevant *.ovpn config file with the following lines:

Code: Select all

route-nopull
route 172.67.208.45 255.255.255.255 vpn_gateway
route 104.21.23.5 255.255.255.255 vpn_gateway
The IP addresses are for https://api.myip.com/ to check my IP.

When I connect to the VPN, my traffic to that page correctly goes through the VPN, however, when I want to load any other page, the browser tells me there is a DNS error.

How do I fix it please?

Thanks,

M.
Last edited by Mortificator on Sat Dec 04, 2021 5:18 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN tunneling DNS error

Post by TinCanTech » Sat Dec 04, 2021 3:23 pm

Do not use --route-nopull

Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

Re: VPN tunneling DNS error

Post by Mortificator » Sat Dec 04, 2021 3:37 pm

TinCanTech wrote:
Sat Dec 04, 2021 3:23 pm
Do not use --route-nopull
When i remove route-nopull, it fixes the DNS error but for some reason all of my traffic seems to go through the VPN.

When I check https://api.myip.com/ it shows the same IP as when I google 'my ip' and google shows me, whereas it should show two different IPs.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN tunneling DNS error

Post by TinCanTech » Sat Dec 04, 2021 3:51 pm

Mortificator wrote:
Sat Dec 04, 2021 3:37 pm
When i remove route-nopull, it fixes the DNS error
obviously..
Mortificator wrote:
Sat Dec 04, 2021 3:37 pm
but for some reason all of my traffic seems to go through the VPN
as it should..

If you don't want to tunnel your traffic then Why are you using ProtonVPN ?

Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

Re: VPN split tunneling DNS error

Post by Mortificator » Sat Dec 04, 2021 5:17 pm

TinCanTech wrote:
Sat Dec 04, 2021 3:51 pm
If you don't want to tunnel your traffic then Why are you using ProtonVPN ?
Yayx, I guess know what the confusion is - the title. My bad

I want to use split tunneling. In other words only traffic directed towards those two IPs should go through the VPN. The rest should stay unaffected.

EDIT: fixed the first post title

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN split tunneling DNS error

Post by TinCanTech » Sat Dec 04, 2021 6:18 pm

This should help: viewtopic.php?f=15&t=33383

Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

Re: VPN split tunneling DNS error

Post by Mortificator » Sat Dec 04, 2021 7:42 pm

It should, had I more experience with how stuff works. :-/

By default, the ProtonVPN *.ovpn config files come with: 'block-outside-dns'. Which works in normal use, so it feels like it should stay there? Or on the other hand, since I had issues with DNS, maybe I should not be blocking it?

The other two options in that thread are:

Code: Select all

pull-filter ignore "dhcp-option DNS" # Ignore the pushed DNS servers
dhcp-option DNS <YOUR_DNS_SERVER_IP>  # Use your own server
I don't want to use my own server. Don't have any.

EDIT: commenting out 'block-outside-dns' seemed to have fixed the issue. Is that the correct approach or have I just entered some undesirable mode? Thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN split tunneling DNS error

Post by TinCanTech » Sat Dec 04, 2021 7:52 pm

I put the wrong filter ..oops.

Try this:

Code: Select all

pull-filter ignore "redirect-gateway"
And see the manual for options that you don't understand.

Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

Re: VPN split tunneling DNS error

Post by Mortificator » Sat Dec 04, 2021 7:56 pm

Please see my edit above.

Also, this doesn't work for me:
block-outside-dns
pull-filter ignore "redirect-gateway"
route-nopull
route 172.67.208.45 255.255.255.255 vpn_gateway
route 104.21.23.5 255.255.255.255 vpn_gateway
Nor with the route-nopull commented out.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN split tunneling DNS error

Post by TinCanTech » Sat Dec 04, 2021 9:00 pm

TinCanTech wrote:
Sat Dec 04, 2021 3:23 pm
Do not use --route-nopull
Mortificator wrote:
Sat Dec 04, 2021 7:56 pm
block-outside-dns
pull-filter ignore "redirect-gateway"
##### DIE -> route-nopull
route 172.67.208.45 255.255.255.255 vpn_gateway
route 104.21.23.5 255.255.255.255 vpn_gateway
And that will not work because you are blocking your DNS.

Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

Re: VPN split tunneling DNS error

Post by Mortificator » Sat Dec 04, 2021 9:14 pm

Right, so this should be the correct approach, right? Do I understand correctly?

Code: Select all

# block-outside-dns
pull-filter ignore "redirect-gateway"
# route-nopull
route 172.67.208.45 255.255.255.255 vpn_gateway
route 104.21.23.5 255.255.255.255 vpn_gateway
Will try tomorrow morning.

Mortificator
OpenVpn Newbie
Posts: 7
Joined: Sat Dec 04, 2021 3:12 pm

Re: VPN split tunneling DNS error

Post by Mortificator » Sun Dec 05, 2021 7:38 am

Yep, that works.

Thanks, @TinCanTech

Post Reply