openVPN-AS on Windows 10: Cannot resolve host address

Post Reply
jamesnb
OpenVPN User
Posts: 24
Joined: Tue Sep 22, 2015 3:01 am

openVPN-AS on Windows 10: Cannot resolve host address

Post by jamesnb » Thu May 25, 2017 8:41 pm

Hello everyone,
I am now helping my friend to install a openVPN Access Server on his Windows 10 Pro desktop.
I follow the documentation found here:
https://community.openvpn.net/openvpn/w ... dows_Guide

He uses a Macbook Pro, running TunnelBlick version 3.7.2beta02 (build 4830) as a openVPN client to connect to his Windows PC. His Windows PC is behind a router. The router has a built-in Dyndns updater to map the public dynamic IP address to "myopvn.dyndns.org" host. I use default port 1194 UDP for the connection. In the router, I have also forwarded the port 1194 to the his Windows PC. So technically speaking, his OPVN-AS on the Windows PC can be reached at "myovpn.dyndns.org:1194"

Imported all necessary files into TunnelBlick was OK, no errors. I also start the OpenVPN service in the Windows machine. I also add port 1194 UDP in the firewall rule to allow it

But when I try to connect to the Windows PC (from his MBP, using TunnelBlick), the process is stuck at "Resolving Domain Name" and the error from the log is:

"RESOLVE: Cannot resolve host address: myovpn.dyndns.org:1194: nodename nor servname provided, or not known"

I understand that the client could not even find the host myovpn.dyndns.org:1194.

Any helps is appreciated as to what I am missing? (please refer to my server/client config below)


1/ Server config:
port 1194
proto udp
dev tun
ca "C:\\OpenVPN\\config\\ca.crt"
cert "C:\\OpenVPN\\config\\server.crt"
key "C:\\OpenVPN\\config\\server.crt"
dh "C:\\OpenVPN\\config\dh2048.pem"
server 10.10.10.0 255.255.255.0
push "route 192.168.40.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3

2/ Client config
client
port 1194
protoudp
dev tun
remote myovpn.dyndns.org:1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
ca /Users/xxx/Documents/ca.crt
cert /Users/xxx/Documents/client1.crt
key /Users/xxx/Documents/client1.key

jamesnb
OpenVPN User
Posts: 24
Joined: Tue Sep 22, 2015 3:01 am

Re: openVPN-AS on Windows 10: Connected but does not seem to work properly

Post by jamesnb » Sat May 27, 2017 6:03 pm

So I have managed to get the Dyndns mapped correctly between the Windows-based OpenVPN-AS and my friend's MBP.
However, once it is connected, I can ping the OVPN-AS at 10.9.9.1 but I cannot ping any other IP such as the LAN or access any Internet.

I am not sure what steps that I am missing? Any advices and pointers are greatly appreciated.

Log files:

The client log - using TunnelBlick on MacOS
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*Tunnelblick: OS X 10.12.5; Tunnelblick 3.7.2beta02 (build 4830); prior version 3.7.2beta01 (build 4820)
2017-05-27 10:49:53 *Tunnelblick: Attempting connection with client; Set nameserver = 769; monitoring connection
2017-05-27 10:49:53 *Tunnelblick: openvpnstart start client.tblk 1337 769 0 3 0 1065264 -ptADGNWradsgnw 2.3.16-openssl-1.0.2k
2017-05-27 10:49:53 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.16-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-05-27 10:49:53 OpenVPN 2.3.16 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on May 19 2017
2017-05-27 10:49:53 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-05-27 10:49:53 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-05-27 10:49:53 Need hold release from management interface, waiting...
2017-05-27 10:49:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-05-27 10:49:53 MANAGEMENT: CMD 'pid'
2017-05-27 10:49:53 MANAGEMENT: CMD 'state on'
2017-05-27 10:49:53 MANAGEMENT: CMD 'state'
2017-05-27 10:49:53 MANAGEMENT: CMD 'bytecount 1'
2017-05-27 10:49:53 MANAGEMENT: CMD 'hold release'
2017-05-27 10:49:53 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-05-27 10:49:53 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-05-27 10:49:53 *Tunnelblick: openvpnstart starting OpenVPN
2017-05-27 10:49:53 *Tunnelblick: Established communication with OpenVPN
2017-05-27 10:49:53 Socket Buffers: R=[131072->131072] S=[131072->131072]
2017-05-27 10:49:53 MANAGEMENT: >STATE:1495907393,RESOLVE,,,
2017-05-27 10:49:53 Attempting to establish TCP connection with [AF_INET]xx.xxx.xxx.xxx:1194 [nonblock]
2017-05-27 10:49:53 MANAGEMENT: >STATE:1495907393,TCP_CONNECT,,,
2017-05-27 10:49:54 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
2017-05-27 10:49:54 TCPv4_CLIENT link local: [undef]
2017-05-27 10:49:54 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
2017-05-27 10:49:54 MANAGEMENT: >STATE:1495907394,WAIT,,,
2017-05-27 10:49:54 MANAGEMENT: >STATE:1495907394,AUTH,,,
2017-05-27 10:49:54 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=3be68970 31decd8c
2017-05-27 10:49:54 VERIFY OK: depth=1, C=changename, ST=changename, L=changename, O=changename, OU=changeme, CN=YYY, name=changname, emailAddress=abc@xyz.com
2017-05-27 10:49:54 VERIFY OK: depth=0, C=changename, ST=changename, L=changename, O=changename, OU=changeme, CN=YServer, name=changname, emailAddress=abc@xyz.com
2017-05-27 10:49:54 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-05-27 10:49:54 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-05-27 10:49:54 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2017-05-27 10:49:54 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-05-27 10:49:54 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
2017-05-27 10:49:54 [YRVServer] Peer Connection Initiated with [AF_INET]xx.xxx.xxx.xxx:1194
2017-05-27 10:49:56 MANAGEMENT: >STATE:1495907396,GET_CONFIG,,,
2017-05-27 10:49:57 SENT CONTROL [YRVServer]: 'PUSH_REQUEST' (status=1)
2017-05-27 10:49:57 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.9.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.9.9.6 10.9.9.5,peer-id 0'
2017-05-27 10:49:57 OPTIONS IMPORT: timers and/or timeouts modified
2017-05-27 10:49:57 OPTIONS IMPORT: --ifconfig/up options modified
2017-05-27 10:49:57 OPTIONS IMPORT: route options modified
2017-05-27 10:49:57 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-05-27 10:49:57 OPTIONS IMPORT: peer-id set
2017-05-27 10:49:57 OPTIONS IMPORT: adjusting link_mtu to 1562
2017-05-27 10:49:57 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-05-27 10:49:57 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-05-27 10:49:57 Opened utun device utun2
2017-05-27 10:49:57 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-05-27 10:49:57 MANAGEMENT: >STATE:1495907397,ASSIGN_IP,,10.9.9.6,
2017-05-27 10:49:57 /sbin/ifconfig utun2 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-05-27 10:49:57 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-05-27 10:49:57 /sbin/ifconfig utun2 10.9.9.6 10.9.9.5 mtu 1500 netmask 255.255.255.255 up
2017-05-27 10:49:57 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun2 1500 1562 10.9.9.6 10.9.9.5 init
**********************************************
Start of output from client.up.tunnelblick.sh
Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
Not aggregating ServerAddresses because running on OS X 10.6 or higher
Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
Saved the DNS and SMB configurations so they can be restored
Changed DNS ServerAddresses setting from '192.168.1.1' to '8.8.8.8 8.8.4.4'
Changed DNS SearchDomains setting from '' to 'openvpn'
Changed DNS DomainName setting from '' to 'openvpn'
Did not change SMB NetBIOSName setting of ''
Did not change SMB Workgroup setting of 'WORKGROUP'
Did not change SMB WINSAddresses setting of ''
DNS servers '8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
Setting up to monitor system configuration with process-network-changes
End of output from client.up.tunnelblick.sh
**********************************************
2017-05-27 10:50:01 *Tunnelblick: No 'connected.sh' script to execute
2017-05-27 10:50:01 /sbin/route add -net 23.16.203.65 192.168.1.1 255.255.255.255
add net 23.16.203.65: gateway 192.168.1.1
2017-05-27 10:50:01 /sbin/route add -net 0.0.0.0 10.9.9.5 128.0.0.0
add net 0.0.0.0: gateway 10.9.9.5
2017-05-27 10:50:01 /sbin/route add -net 128.0.0.0 10.9.9.5 128.0.0.0
add net 128.0.0.0: gateway 10.9.9.5
2017-05-27 10:50:01 MANAGEMENT: >STATE:1495907401,ADD_ROUTES,,,
2017-05-27 10:50:01 /sbin/route add -net 10.9.9.1 10.9.9.5 255.255.255.255
add net 10.9.9.1: gateway 10.9.9.5
2017-05-27 10:50:01 Initialization Sequence Completed
2017-05-27 10:50:01 MANAGEMENT: >STATE:1495907401,CONNECTED,SUCCESS,10.9.9.6,23.16.203.65
2017-05-27 10:50:05 *Tunnelblick process-network-changes: A system configuration change was ignored

***************************************************************************************************************************************************************************

Server Log: Windows 10 Pro, VPN run as Service

Sat May 27 10:49:53 2017 TCP connection established with [AF_INET6]::ffff:192.168.1.1:62390
Sat May 27 10:49:54 2017 192.168.1.1 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.1:62390, sid=b59a4f4c 5038a12f
Sat May 27 10:49:54 2017 192.168.1.1 VERIFY OK: depth=1, C=changename, ST=changename, L=changename, O=changename, OU=changeme, CN=YYY, name=changname, emailAddress=abc@xyz.com
Sat May 27 10:49:54 2017 192.168.1.1 VERIFY OK: depth=0, C=changename, ST=changename, L=changename, O=changename, OU=changeme, CN=YMBP, name=changname, emailAddress=abc@xyz.com
Sat May 27 10:49:54 2017 192.168.1.1 peer info: IV_VER=2.3.16
Sat May 27 10:49:54 2017 192.168.1.1 peer info: IV_PLAT=mac
Sat May 27 10:49:54 2017 192.168.1.1 peer info: IV_PROTO=2
Sat May 27 10:49:54 2017 192.168.1.1 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat May 27 10:49:54 2017 192.168.1.1 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 27 10:49:54 2017 192.168.1.1 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat May 27 10:49:54 2017 192.168.1.1 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May 27 10:49:54 2017 192.168.1.1 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat May 27 10:49:54 2017 192.168.1.1 [JamesMBP] Peer Connection Initiated with [AF_INET6]::ffff:192.168.1.1:62390
Sat May 27 10:49:54 2017 JamesMBP/192.168.1.1 MULTI_sva: pool returned IPv4=10.9.9.6, IPv6=(Not enabled)
Sat May 27 10:49:54 2017 JamesMBP/192.168.1.1 MULTI: Learn: 10.9.9.6 -> YMBP/192.168.1.1
Sat May 27 10:49:54 2017 JamesMBP/192.168.1.1 MULTI: primary virtual IP for YMBP/192.168.1.1: 10.9.9.6
Sat May 27 10:49:57 2017 JamesMBP/192.168.1.1 PUSH: Received control message: 'PUSH_REQUEST'
Sat May 27 10:49:57 2017 JamesMBP/192.168.1.1 SENT CONTROL [JamesMBP]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.9.9.1,topology net30,ping 10,ping-restart 120,ifconfig 10.9.9.6 10.9.9.5,peer-id 0' (status=1)
Sat May 27 10:50:19 2017 JamesMBP/192.168.1.1 Connection reset, restarting [0]
Sat May 27 10:50:19 2017 JamesMBP/192.168.1.1 SIGUSR1[soft,connection-reset] received, client-instance restarting

********************************************************************************************************************************************************************

Pledget
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 07, 2017 4:11 am

Re: openVPN-AS on Windows 10: Cannot resolve host address

Post by Pledget » Wed Jun 07, 2017 5:13 am

Did you set a static route on the LAN router so addresses going back to the VPN subnet will be routed to the VPN server local address so that any LAN machines know how to reach/respond to the connected clients?

I am a little confused that the addresses in you your logs don't seem to match those set in the configs you attached

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3006
Joined: Fri Jun 03, 2016 1:17 pm

Re: openVPN-AS on Windows 10: Cannot resolve host address

Post by TinCanTech » Wed Jun 07, 2017 9:45 am

jamesnb wrote:Server Log: Windows 10 Pro, VPN run as Service

Sat May 27 10:49:53 2017 TCP connection established with [AF_INET6]::ffff:192.168.1.1:62390
Please post the start of the log showing the version of OpenVPN ..

Post Reply