I'm having the same issue OpenVPN Client for iOS Version 3.2.2 (3507) and OpenVPN Client for Mac Version 3.2.5 (2468) with OpenVPN server 2.4.9. Tunnelblick 3.8.4a (build 5601) for Mac works as expected with the same server instance. It appears that OpenVPN client fails to update DNS and Search Domains for the client. Manually updating DNS and Search Domain works on a Mac and iOS Wifi (information icon). For iOS cellular a third-party app is required. Be careful if you make the manual updates as subsequent attempts to connect to a host name (not IP) will fail because the client won't be able to resolve the host.
OpenVPN appears to generate the following command to update both the DNS and Domain Search
Code: Select all
/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0add net fc00::: gateway ::1%lo0MacDNSAction: FLAGS=F RD=0 SO=5000 DNS=10.0.0.1 DOM=domain.org ADS=
If I attempt to run this command manually it fails with "net: nodename nor servname provided, or not known".
Manually configuring the server to push DNS and Domain as shown here doesn't help
Code: Select all
push "dhcp-option DNS 10.0.0.1"
push "dhcp-option DOMAIN domain.org"
Redacted Mac client log follows:
Code: Select all
1/8/2021, 10:40:51 AM OpenVPN core 3.git::662eae9a mac x86_64 64-bit built on Nov 4 2020 11:18:22
⏎1/8/2021, 10:40:51 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎1/8/2021, 10:40:51 AM UNUSED OPTIONS
1 [persist-tun]
2 [persist-key]
3 [data-ciphers-fallback] [AES-256-CBC]
5 [tls-client]
7 [resolv-retry] [infinite]
9 [verify-x509-name] [Server Certificate] [name]
12 [keysize] [256]
14 [link-mtu] [1557]
⏎1/8/2021, 10:40:51 AM EVENT: RESOLVE ⏎1/8/2021, 10:40:52 AM Contacting xx.xx.xx.xx:1194 via UDP
⏎1/8/2021, 10:40:52 AM UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xx.xx.xx.xx",
"ipv6" : false,
"pid" : 38491
}
⏎1/8/2021, 10:40:52 AM EVENT: WAIT ⏎1/8/2021, 10:40:52 AM Connecting to [host.domain.org]:1194 (xx.xx.xx.xx) via UDPv4
⏎1/8/2021, 10:40:52 AM EVENT: CONNECTING ⏎1/8/2021, 10:40:52 AM Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
⏎1/8/2021, 10:40:52 AM Creds: Username/Password
⏎1/8/2021, 10:40:52 AM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_GUI_VER=OCmacOS_3.2.5-2468
IV_SSO=openurl
⏎1/8/2021, 10:40:52 AM VERIFY OK: depth=0, /CN=Server Certificate/subjectAltName=/C=US/ST=State/L=Location/O=Organization
⏎1/8/2021, 10:40:52 AM SSL Handshake: CN=Server Certificate, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
⏎1/8/2021, 10:40:52 AM EVENT: GET_CONFIG ⏎1/8/2021, 10:40:52 AM Session is ACTIVE
⏎1/8/2021, 10:40:52 AM Sending PUSH_REQUEST to server...
⏎1/8/2021, 10:40:53 AM Sending PUSH_REQUEST to server...
⏎1/8/2021, 10:40:53 AM OPTIONS:
0 [route] [10.0.0.0] [255.255.255.0]
1 [route] [10.0.1.0] [255.255.255.0]
2 [dhcp-option] [DOMAIN] [domain.org]
3 [dhcp-option] [DNS] [10.0.0.1]
4 [register-dns]
5 [route-gateway] [10.0.2.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [60]
9 [ifconfig] [10.0.2.2] [255.255.255.0]
10 [peer-id] [1]
11 [cipher] [AES-128-GCM]
12 [block-ipv6]
⏎1/8/2021, 10:40:53 AM PROTOCOL OPTIONS:
cipher: AES-128-GCM
digest: NONE
compress: NONE
peer ID: 1
⏎1/8/2021, 10:40:53 AM TunPersist: short-term connection scope
⏎1/8/2021, 10:40:53 AM TunPersist: new tun context
⏎1/8/2021, 10:40:53 AM CAPTURED OPTIONS:
Session Name: host.domain.org
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: xx.xx.xx.xx
Tunnel Addresses:
10.0.2.2/24 -> 10.0.2.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: yes
Add Routes:
10.0.0.0/24
10.0.1.0/24
Exclude Routes:
DNS Servers:
10.0.0.1
Search Domains:
domain.org
⏎1/8/2021, 10:40:53 AM EVENT: ASSIGN_IP ⏎1/8/2021, 10:40:53 AM SetupClient: transmitting tun setup list to /var/run/agent_ovpnconnect.sock
{
"config" :
{
"iface_name" : "",
"layer" : "OSI_LAYER_3",
"tun_prefix" : false
},
"pid" : 38491,
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.0.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.0.1.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : true,
"dns_servers" :
[
{
"address" : "10.0.0.1",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 1500,
"remote_address" :
{
"address" : "xx.xx.xx.xx",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"search_domains" :
[
{
"domain" : "domain.org"
}
],
"session_name" : "home.domain.org",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.0.2.2",
"gateway" : "10.0.2.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
}
}
POST unix://[/var/run/agent_ovpnconnect.sock]/tun-setup : 200 OK
{
"iface_name" : "utun4",
"layer" : "OSI_LAYER_3",
"tun_prefix" : true
}
/sbin/ifconfig utun4 down
/sbin/ifconfig utun4 10.0.2.2 10.0.2.1 netmask 255.255.255.0 mtu 1500 up
/sbin/route add -net 10.0.2.0 -netmask 255.255.255.0 10.0.2.2
add net 10.0.2.0: gateway 10.0.2.2
/sbin/route add -net 10.0.0.0 -netmask 255.255.255.0 10.0.2.1
add net 10.0.0.0: gateway 10.0.2.1
/sbin/route add -net 10.0.1.0 -netmask 255.255.255.0 10.0.2.1
add net 10.0.1.0: gateway 10.0.2.1
/sbin/route add -net -inet6 2000:: -prefixlen 4 -reject ::1%lo0
add net 2000::: gateway ::1%lo0
/sbin/route add -net -inet6 3000:: -prefixlen 4 -reject ::1%lo0
add net 3000::: gateway ::1%lo0
/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0
add net fc00::: gateway ::1%lo0
MacDNSAction: FLAGS=F RD=0 SO=5000 DNS=10.0.0.1 DOM=domain.org ADS=
open utun4 SUCCEEDED
⏎1/8/2021, 10:40:53 AM Connected via utun4
⏎1/8/2021, 10:40:53 AM EVENT: CONNECTED user@host.domain.org:1194 (xx.xx.xx.xx) via /UDPv4 on utun4/10.0.2.2/ gw=[10.0.2.1/]⏎