I can't seem to stop my commercial VPN provider (https://vpn.ac) from pushing down a DNS server to the connection on iOS. They provide an ovpn configuration file which I have shown below (the X's in the certs I have change for readability). Everything below the commented line I have added.
What is working is that my client is adding the prefered DNS servers, but I can't stop the VPN server from pushing down another DNS server.
Below is the config file used for the import.
Code: Select all
remote-random
remote sg1.vpn.ac 8000
remote sg1.vpn.ac 50000
dev tun
tls-client
persist-tun
persist-key
nobind
pull
redirect-gateway def1
route-delay 3
auth-user-pass
verb 3
explicit-exit-notify 2
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
auth SHA512
persist-remote-ip
[b]###MODIFICATIONS ARE BELOW THIS LINE###
#ignore server DNS
pull-filter ignore "dhcp-option DNS"
pull-filter ignore "dhcp-option DNS6"
# use preferred dns
dhcp-option DNS 176.103.130.130
dhcp-option DNS 176.103.130.131[/b]
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-auth>
Code: Select all
2019-30-13 18:30:28 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2019-30-13 18:30:28 Frame=512/2048/512 mssfix-ctrl=1250
2019-30-13 18:30:28 UNUSED OPTIONS
4 [tls-client]
5 [persist-tun]
6 [persist-key]
7 [nobind]
8 [pull]
10 [route-delay] [3]
12 [verb] [3]
13 [explicit-exit-notify] [2]
18 [persist-remote-ip]
19 [pull-filter] [ignore] [dhcp-option DNS]
20 [pull-filter] [ignore] [dhcp-option DNS6]
2019-30-13 18:30:28 EVENT: RESOLVE
2019-30-13 18:30:28 Contacting [209.58.160.189]:50000/UDP via UDP
2019-30-13 18:30:28 EVENT: WAIT
2019-30-13 18:30:28 Connecting to [sg1.vpn.ac]:50000 (209.58.160.189) via UDPv4
2019-30-13 18:30:28 EVENT: CONNECTING
2019-30-13 18:30:28 Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
2019-30-13 18:30:28 Creds: Username/Password
2019-30-13 18:30:28 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
2019-30-13 18:30:28 VERIFY OK : depth=1
cert. version : 3
serial number : C7:EB:A7:3D:C3:43:82:B0
issuer name : C=RO, ST=BUC, O=VPN.AC, OU=VPN.AC CA, CN=VPN.AC, emailAddress=info@vpn.ac
subject name : C=RO, ST=BUC, O=VPN.AC, OU=VPN.AC CA, CN=VPN.AC, emailAddress=info@vpn.ac
issued on : 2014-01-05 14:34:59
expires on : 2024-01-03 14:34:59
signed using : RSA with SHA-512
RSA key size : 4096 bits
basic constraints : CA=true
2019-30-13 18:30:28 VERIFY OK : depth=0
cert. version : 3
serial number : 82
issuer name : C=RO, ST=BUC, O=VPN.AC, OU=VPN.AC CA, CN=VPN.AC, emailAddress=info@vpn.ac
subject name : CN=sg1-4096
issued on : 2014-05-20 06:34:09
expires on : 2024-05-17 06:34:09
signed using : RSA with SHA-512
RSA key size : 4096 bits
basic constraints : CA=false
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-30-13 18:30:28 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-30-13 18:30:28 Session is ACTIVE
2019-30-13 18:30:28 EVENT: GET_CONFIG
2019-30-13 18:30:28 Sending PUSH_REQUEST to server...
2019-30-13 18:30:28 OPTIONS:
0 [redirect-gateway] [def1]
[b]1 [dhcp-option] [DNS] [176.103.130.130]
2 [dhcp-option] [DNS] [176.103.130.131] [/b]
3 [redirect-gateway] [def1]
[b]4 [dhcp-option] [DNS] [10.10.100.1] [/b]
5 [sndbuf] [524288]
6 [rcvbuf] [524288]
7 [route] [10.10.100.1]
8 [topology] [net30]
9 [ping] [60]
10 [ping-restart] [120]
11 [ifconfig] [10.10.100.6] [10.10.100.5]
12 [peer-id] [0]
13 [cipher] [AES-256-GCM]
2019-30-13 18:30:28 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA512
compress: NONE
peer ID: 0
2019-30-13 18:30:28 EVENT: ASSIGN_IP
2019-30-13 18:30:28 NIP: preparing TUN network settings
2019-30-13 18:30:28 NIP: init TUN network settings with endpoint: 209.58.160.189
2019-30-13 18:30:28 NIP: adding IPv4 address to network settings 10.10.100.6/255.255.255.252
2019-30-13 18:30:28 NIP: adding (included) IPv4 route 10.10.100.4/30
2019-30-13 18:30:28 NIP: adding (included) IPv4 route 10.10.100.1/32
2019-30-13 18:30:28 NIP: redirecting all IPv4 traffic to TUN interface
[b]2019-30-13 18:30:28 NIP: adding DNS 176.103.130.130
2019-30-13 18:30:28 NIP: adding DNS 176.103.130.131
2019-30-13 18:30:28 NIP: adding DNS 10.10.100.1[/b]
2019-30-13 18:30:28 Connected via NetworkExtensionTUN
2019-30-13 18:30:28 EVENT: CONNECTED vpnXXXXXX@sg1.vpn.ac:50000 (209.58.160.189) via /UDPv4 on NetworkExtensionTUN/10.10.100.6/ gw=[/]