OpenVPN Access Server not setting windows 10 client DNS IP Addresses
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
OpenVPN Access Server not setting windows 10 client DNS IP Addresses
OpenVPN Access Server not setting windows 10 client DNS IP Addresseson TAP network interface.
Windows 10 Home Version 1709
Access Server version: 2.5
OpenVPN Connect 2.1.3.110
Description: TAP Adapter OAS NDIS 6.0
Physical Address: 00-FF-5D-DB-6D-9E
DHCP Enabled: Yes
IPv4 Address: 10.1.252.2
IPv4 Subnet Mask: 255.255.252.0
IPv4 Default Gateway: 10.1.252.1
IPv4 DNS Server:
IPv4 WINS Server:
NetBIOS over Tcpip Enabled: Yes
Link-local IPv6 Address: fe80::c86e:abd1:deda:6a7a%10
IPv6 Default Gateway:
IPv6 DNS Servers: fec0:0:0:ffff::1%1, fec0:0:0:ffff::2%1, fec0:0:0:ffff::3%1
Routing is correct, I can ping anything on our domain by IP address just not by name. This use to work on Windows 7 but not working on windows 10?
Windows 10 Home Version 1709
Access Server version: 2.5
OpenVPN Connect 2.1.3.110
Description: TAP Adapter OAS NDIS 6.0
Physical Address: 00-FF-5D-DB-6D-9E
DHCP Enabled: Yes
IPv4 Address: 10.1.252.2
IPv4 Subnet Mask: 255.255.252.0
IPv4 Default Gateway: 10.1.252.1
IPv4 DNS Server:
IPv4 WINS Server:
NetBIOS over Tcpip Enabled: Yes
Link-local IPv6 Address: fe80::c86e:abd1:deda:6a7a%10
IPv6 Default Gateway:
IPv6 DNS Servers: fec0:0:0:ffff::1%1, fec0:0:0:ffff::2%1, fec0:0:0:ffff::3%1
Routing is correct, I can ping anything on our domain by IP address just not by name. This use to work on Windows 7 but not working on windows 10?
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
You are using the DNS resolution zones feature, therefore it is doing exactly as you instruct it to do. If you want the DNS server visible in your ipconfig output then empty the DNS resolution zones field.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
that makes no sense, if you empty the fields it as least requires 127.0.0.1? I have also try
DNS Settings
Pushing DNS servers to clients is optional, unless clients' Internet traffic is to be routed through the VPN
Do not alter clients' DNS server settings No
Have clients use the same DNS servers as the Access Server host Yes
Have clients use specific DNS servers No
same issues
DNS Settings
Pushing DNS servers to clients is optional, unless clients' Internet traffic is to be routed through the VPN
Do not alter clients' DNS server settings No
Have clients use the same DNS servers as the Access Server host Yes
Have clients use specific DNS servers No
same issues
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
Got it, thanks
If anyone else has this issue please leave the following under VPN Settings:
DNS resolution zones (optional)
For split tunnels that only route private traffic (not internet traffic), specify a comma-separated list of internal domains that clients will resolve through the AS-pushed DNS server(s). Note that some clients (such as Windows) may only respect the first domain given.
DNS zones <LEAVE BLANK>
If anyone else has this issue please leave the following under VPN Settings:
DNS resolution zones (optional)
For split tunnels that only route private traffic (not internet traffic), specify a comma-separated list of internal domains that clients will resolve through the AS-pushed DNS server(s). Note that some clients (such as Windows) may only respect the first domain given.
DNS zones <LEAVE BLANK>
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
Glad you found it! And to explain it a little further; DNS resolution zones uses NRPT on windows, which does split-DNS, meaning only specific zones are resolved through the DNS server pushed by the VPN server, and others are resolved through already configured and present DNS servers in the system. As such implementing the DNS server globally in the network interface configuration is a no-no, so it must be done in the NRPT, and that means it isn't visible.
I'm not entirely sure why those self-assigned ipv6 DNS servers show up, seems to be a curiosity in Windows.
I'm not entirely sure why those self-assigned ipv6 DNS servers show up, seems to be a curiosity in Windows.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
Still not working though
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
PS C:\Users\carpe> Get-DnsClientNrptRule
Name : OpenVPNDNSRouting-0
Version : 2
Namespace : {.profilexxxx.xxx}
IPsecCARestriction :
DirectAccessDnsServers :
DirectAccessEnabled : False
DirectAccessProxyType :
DirectAccessProxyName :
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired :
NameServers : {10.254.x.167, 10.255.x.167}
DnsSecEnabled : False
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired :
DnsSecValidationRequired :
NameEncoding : Disable
DisplayName :
Comment :
Name : OpenVPNDNSRouting-0
Version : 2
Namespace : {.profilexxxx.xxx}
IPsecCARestriction :
DirectAccessDnsServers :
DirectAccessEnabled : False
DirectAccessProxyType :
DirectAccessProxyName :
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired :
NameServers : {10.254.x.167, 10.255.x.167}
DnsSecEnabled : False
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired :
DnsSecValidationRequired :
NameEncoding : Disable
DisplayName :
Comment :
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
PS C:\Users\carpe> netstat -rn
===========================================================================
Interface List
3...48 ba 4e 54 5e f8 ......Realtek PCIe GBE Family Controller
7...d4 6a 6a 24 5f 33 ......Realtek RTL8822BE 802.11ac PCIe Adapter
8...d6 6a 6a 24 5f 33 ......Microsoft Wi-Fi Direct Virtual Adapter
15...00 ff ab dc 4e e2 ......TAP Adapter OAS NDIS 6.0
18...d4 6a 6a 24 5f 34 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.2 25
10.0.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.1.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.2.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.3.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.4.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.9.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.16.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.254.0.0 255.255.252.0 10.254.6.1 10.254.6.2 136
10.254.6.0 255.255.255.0 On-link 10.254.6.2 291
10.254.6.2 255.255.255.255 On-link 10.254.6.2 291
10.254.6.255 255.255.255.255 On-link 10.254.6.2 291
10.255.0.0 255.255.252.0 10.254.6.1 10.254.6.2 136
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.0 255.255.255.252 10.254.6.1 10.254.6.2 136
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.77.0 255.255.255.0 On-link 192.168.77.2 281
192.168.77.2 255.255.255.255 On-link 192.168.77.2 281
192.168.77.255 255.255.255.255 On-link 192.168.77.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.254.6.2 291
224.0.0.0 240.0.0.0 On-link 192.168.77.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.254.6.2 291
255.255.255.255 255.255.255.255 On-link 192.168.77.2 281
===========================================================================
===========================================================================
Interface List
3...48 ba 4e 54 5e f8 ......Realtek PCIe GBE Family Controller
7...d4 6a 6a 24 5f 33 ......Realtek RTL8822BE 802.11ac PCIe Adapter
8...d6 6a 6a 24 5f 33 ......Microsoft Wi-Fi Direct Virtual Adapter
15...00 ff ab dc 4e e2 ......TAP Adapter OAS NDIS 6.0
18...d4 6a 6a 24 5f 34 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.77.1 192.168.77.2 25
10.0.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.1.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.2.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.3.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.4.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.9.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.16.0.0 255.255.0.0 10.254.6.1 10.254.6.2 136
10.254.0.0 255.255.252.0 10.254.6.1 10.254.6.2 136
10.254.6.0 255.255.255.0 On-link 10.254.6.2 291
10.254.6.2 255.255.255.255 On-link 10.254.6.2 291
10.254.6.255 255.255.255.255 On-link 10.254.6.2 291
10.255.0.0 255.255.252.0 10.254.6.1 10.254.6.2 136
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.0 255.255.255.252 10.254.6.1 10.254.6.2 136
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.77.0 255.255.255.0 On-link 192.168.77.2 281
192.168.77.2 255.255.255.255 On-link 192.168.77.2 281
192.168.77.255 255.255.255.255 On-link 192.168.77.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.254.6.2 291
224.0.0.0 240.0.0.0 On-link 192.168.77.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.254.6.2 291
255.255.255.255 255.255.255.255 On-link 192.168.77.2 281
===========================================================================
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
but I can reach everything by IP address just not DNS name?
PS C:\Users\carpe> ping frontiernas
Ping request could not find host frontiernas. Please check the name and try again.
PS C:\Users\carpe> ping 10.1.0.7
Pinging 10.1.0.7 with 32 bytes of data:
Reply from 10.1.0.7: bytes=32 time=122ms TTL=62
Reply from 10.1.0.7: bytes=32 time=118ms TTL=62
Reply from 10.1.0.7: bytes=32 time=117ms TTL=62
Reply from 10.1.0.7: bytes=32 time=116ms TTL=62
Ping statistics for 10.1.0.7:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 116ms, Maximum = 122ms, Average = 118ms
PS C:\Users\carpe> ping frontiernas
Ping request could not find host frontiernas. Please check the name and try again.
PS C:\Users\carpe> ping 10.1.0.7
Pinging 10.1.0.7 with 32 bytes of data:
Reply from 10.1.0.7: bytes=32 time=122ms TTL=62
Reply from 10.1.0.7: bytes=32 time=118ms TTL=62
Reply from 10.1.0.7: bytes=32 time=117ms TTL=62
Reply from 10.1.0.7: bytes=32 time=116ms TTL=62
Ping statistics for 10.1.0.7:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 116ms, Maximum = 122ms, Average = 118ms
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
I suggest monitoring tcpdump while filtering for port 53 traffic, see if the DNS requests make it from the VPN client to the VPN server. If it does, but it still does not work, then it's an issue with your network setup or your DNS server or something as the requests are then obviously making it to the VPN tunnel. If you don't see queries through the VPN tunnel then try manually setting the DNS server in the OS to see if that makes a difference at all. It then likely is an issue with the OS network configuration or some weird combination of factors breaking DNS resolution on the client system.
To monitor DNS requests on the Access Server, as root user:
apt-get update
apt-get install tcpdump
tcpdump -eni any port 53
Then do some ping tests to resolve DNS addresses. If you see results and you see things like NXDOMAIN then the DNS server doesn't know the record you're trying to query.
To monitor DNS requests on the Access Server, as root user:
apt-get update
apt-get install tcpdump
tcpdump -eni any port 53
Then do some ping tests to resolve DNS addresses. If you see results and you see things like NXDOMAIN then the DNS server doesn't know the record you're trying to query.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Fri Mar 09, 2018 12:40 am
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
FYI, it was my MalwareBytes causing it from the web protection, I had to add exclusion for my DNS servers IP Addresses. It is an issue they are working on resolving.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN Access Server not setting windows 10 client DNS IP Addresses
Ah okay. Yes, I have heard a report or two about malwarebytes before. They're good guys though, and their software is great, but this particular bit is a little too protective I think.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.