OpenVPN Support Forum

Hello

When you connect to OpenVPN a key called OpenVPNDNSRouting auto creates which has DNS server settings from the OpenVPN server. When you disconnect this key then auto deletes. (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting)

I have a one client where the key creates on connection but will not never auto delete on when it disconnects from OpenVPN resulting it it still trying to use the OpenVPN DNS servers so nothing will then work as DNS cannot be contacted.

Removing / reinstalling the client does not help.

I have 100's of users who use OpenVPN and issue does not occur anywhere except this one. Next step is to replace the laptop but user is typically travelling so want to avoid this.

In meanwhile the user has a script on their desktop they can run to manually fix when they disconnect "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting /f"

Laptop is Windows 10.

Anyone ever see this?

Doesn't sound familiar at all. Check permissions of the keys, compare with a system that is working normally, see if there's a difference?

This issue is still randomly happening at multiple clients now. I have tested every possible scenario to try emulate and pretty sure it has to do with how the user is ending their session however cannot pin point it.

I'll let someone here in the company have a look at it and see what we can do from our end about this problem.

This is happening to my users now. Internet connection is very spotty. Google often works while most other webpages don't load. If you troubleshoot the connection in Windows you get a DNS error. The only way to get the user back on the internet is to delete that key. That can be very tricky for a user with no administrator access. Reinstalling or updating does not help.
It's also possible to that when you delete the key OpenVPN will not work properly. At least they can get back on the internet, though.
Has anyone from OpenVPN been able to replicate this issue?

I have come up with a preemptive fix for this using PDQ. I'm sure you could figure it out in SCCM. Broadly speaking, I am enabling all users to full control over the 'DnsPolicyConfig' folder that is located just above the registry key in question. Then I am putting a script on their machines that they can run to delete this key. It is a preemptive fix because this stuff has to be pushed to the user while they are on the network/VPN.

First I push SubInACL.exe to every VPN users' Windows\System32 folder. This is the official MS tool for editing registry permissions. It will be used in the next step.
Second I run the command "SUBINACL /keyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" /grant=users=f" on the users' mahcines. With PDQ it's very simple to run commands on user's machines as an admin. They just need to be on the network/VPN.
Finally I copy a .bat file to the users' C:\Scripts folder. It has one line: "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting-0 /f"

In testing I have found that the user cannot delete OpenVPNDNSRouting from RegEdit because the key does not get installed with Users having Full Control even if they have Full Control of the key folder. They must run the .bat file. They don't need admin permissions, though.

Hi All,

Almost the the same bug started to appear on some PCs after the latest Windows 10 Update (+OpenVPN driver was installed), probably something have changed in the way dnscache service works.

Here is the step-by-step solution from Seed4.Me VPN:

Step 1. Open Windows PowerShell as administrator: click START > Windows PowerShell (Admin)

Step 2. Enter the line to remove OpenVPN DNS Policies:

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig /f

Step 3. Enter one more line to reset Windows Firewall configuration:

netsh advfirewall reset

Step 4. Reboot.

You can download premade BAT file to fix the bug here: https://seed4.me/blog/no-internet-windows-update-fix/
(Save as... then Run as admin).

We hope this information will be helpful

Problem:
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0

Hope this helps someone

I have not experienced this myself but just in case it is a real bug there is now a ticket for it:
https://community.openvpn.net/openvpn/t ... 311#ticket

Thanks for reporting your findings

Which version of OpenVPN are you using ?

OpenVPN Connect 2.6.0.100
Access Server 2.6.1

amakaresu wrote: ↑

Wed Jul 29, 2020 1:52 pm

Problem:
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0

Hope this helps someone

This helped me at my firm. A couple of users had this issue, after removing VPN client or disconnecting from VPN, the internet connection was gone.
We could connect through wifi and cable but could not browse, DNS issues.
Everything works fine when in the office but when connected with different network (wifi, cable or mobile) nothing.
After deleting the registry key and rebooting everything was fine.

I see reports about this surfacing but also that older software is being used. For example I saw a post from just a month ago from a user that has Access Server 2.6.1 and OpenVPN Connect 2.6.0. This was released over a year and a half ago. I really suggest updating software, it's so important with security software, and it will resolve many issues that are long ago discovered and resolved.