OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Mac openvpn connect client not updating DNS domain suffix

https://forums.openvpn.net/viewtopic.php?f=29&t=28336

Page 1 of 1

Mac openvpn connect client not updating DNS domain suffix

Posted: Tue May 07, 2019 1:52 pm
by olafman1
I'm looking for tips for troubleshooting the DNS domain not updating in /etc/resolv.conf on a Mac client (10.13.6) when using openvpn connect 2.6.0.103 or 2.7.1.100. The DNS servers do update properly, just not the domain suffix. The domain suffix remains the same as what it was prior to connecting to the VPN instead of updating to the server configed push "dhcp-option DOMAIN vpndomain.com".

If I do nothing except downgrade the openvpn connect client to 2.5.0.136, the DNS domain suffix updates properly when I connect to the VPN, and reverts after disconnecting. I do see in the client log on the Mac that the push "dhcp-option DOMAIN vpndomain.com" is there and I even see it in the MacDNSAction log line.

MacDNSAction: FLAGS=F RD=1 SO=5000 DNS=1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001 DOM=vpndomain.com

So the server is delivering the correct config to the client, the client just isn't fully applying the DNS configuration.

Re: Mac openvpn connect client not updating DNS domain suffix

Posted: Thu Jun 18, 2020 4:56 pm
by olafman1
I am seeing the same thing on Mac OS (10.15.5) and OpenVPN Connect client 3.1.1.1089. Anyone else experience this? I can still go back to OpenVPN connect client 2.5 and the domain suffix updates properly. The same server config updates the domain suffix properly on iOS devices.

Re: Mac openvpn connect client not updating DNS domain suffix

Posted: Tue Sep 29, 2020 3:54 pm
by johnstewart
olafman1 - did you ever find a solution to this.

I'm finding the same thing with OpenVPN Connect client 3.2.1 on Windows 10.

Re: Mac openvpn connect client not updating DNS domain suffix

Posted: Tue Sep 29, 2020 4:08 pm
by TinCanTech
OpenVPN Connect Client, this is not server administration.

Re: Mac openvpn connect client not updating DNS domain suffix

Posted: Fri Dec 04, 2020 8:21 pm
by olafman1
I am only finding OpenVPN Connect (iOS) and OpenVPN Connect (Android) client forums listed. Is there another more generic OpenVPN Connect (Mac) client forum I can post this question to?

I have yet to figure out a solution even with the latest 3.2.5 client it is doing the same thing.

Re: Mac openvpn connect client not updating DNS domain suffix

Posted: Fri Jan 08, 2021 4:47 pm
by jimryan
I'm having the same issue OpenVPN Client for iOS Version 3.2.2 (3507) and OpenVPN Client for Mac Version 3.2.5 (2468) with OpenVPN server 2.4.9. Tunnelblick 3.8.4a (build 5601) for Mac works as expected with the same server instance. It appears that OpenVPN client fails to update DNS and Search Domains for the client. Manually updating DNS and Search Domain works on a Mac and iOS Wifi (information icon). For iOS cellular a third-party app is required. Be careful if you make the manual updates as subsequent attempts to connect to a host name (not IP) will fail because the client won't be able to resolve the host.

OpenVPN appears to generate the following command to update both the DNS and Domain Search

Code: Select all

/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0add net fc00::: gateway ::1%lo0MacDNSAction: FLAGS=F RD=0 SO=5000 DNS=10.0.0.1 DOM=domain.org ADS=
If I attempt to run this command manually it fails with "net: nodename nor servname provided, or not known".

Manually configuring the server to push DNS and Domain as shown here doesn't help

Code: Select all

push "dhcp-option DNS 10.0.0.1"
push "dhcp-option DOMAIN domain.org"
Redacted Mac client log follows:

Code: Select all

1/8/2021, 10:40:51 AM OpenVPN core 3.git::662eae9a mac x86_64 64-bit built on Nov  4 2020 11:18:22
⏎1/8/2021, 10:40:51 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎1/8/2021, 10:40:51 AM UNUSED OPTIONS
1 [persist-tun] 
2 [persist-key] 
3 [data-ciphers-fallback] [AES-256-CBC] 
5 [tls-client] 
7 [resolv-retry] [infinite] 
9 [verify-x509-name] [Server Certificate] [name] 
12 [keysize] [256] 
14 [link-mtu] [1557] 
⏎1/8/2021, 10:40:51 AM EVENT: RESOLVE ⏎1/8/2021, 10:40:52 AM Contacting xx.xx.xx.xx:1194 via UDP
⏎1/8/2021, 10:40:52 AM UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
	"host" : "xx.xx.xx.xx",
	"ipv6" : false,
	"pid" : 38491
}

⏎1/8/2021, 10:40:52 AM EVENT: WAIT ⏎1/8/2021, 10:40:52 AM Connecting to [host.domain.org]:1194 (xx.xx.xx.xx) via UDPv4
⏎1/8/2021, 10:40:52 AM EVENT: CONNECTING ⏎1/8/2021, 10:40:52 AM Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
⏎1/8/2021, 10:40:52 AM Creds: Username/Password
⏎1/8/2021, 10:40:52 AM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_GUI_VER=OCmacOS_3.2.5-2468
IV_SSO=openurl

⏎1/8/2021, 10:40:52 AM VERIFY OK: depth=0, /CN=Server Certificate/subjectAltName=/C=US/ST=State/L=Location/O=Organization
⏎1/8/2021, 10:40:52 AM SSL Handshake: CN=Server Certificate, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
⏎1/8/2021, 10:40:52 AM EVENT: GET_CONFIG ⏎1/8/2021, 10:40:52 AM Session is ACTIVE
⏎1/8/2021, 10:40:52 AM Sending PUSH_REQUEST to server...
⏎1/8/2021, 10:40:53 AM Sending PUSH_REQUEST to server...
⏎1/8/2021, 10:40:53 AM OPTIONS:
0 [route] [10.0.0.0] [255.255.255.0] 
1 [route] [10.0.1.0] [255.255.255.0] 
2 [dhcp-option] [DOMAIN] [domain.org] 
3 [dhcp-option] [DNS] [10.0.0.1] 
4 [register-dns] 
5 [route-gateway] [10.0.2.1] 
6 [topology] [subnet] 
7 [ping] [10] 
8 [ping-restart] [60] 
9 [ifconfig] [10.0.2.2] [255.255.255.0] 
10 [peer-id] [1] 
11 [cipher] [AES-128-GCM] 
12 [block-ipv6] 

⏎1/8/2021, 10:40:53 AM PROTOCOL OPTIONS:
  cipher: AES-128-GCM
  digest: NONE
  compress: NONE
  peer ID: 1
⏎1/8/2021, 10:40:53 AM TunPersist: short-term connection scope
⏎1/8/2021, 10:40:53 AM TunPersist: new tun context
⏎1/8/2021, 10:40:53 AM CAPTURED OPTIONS:
Session Name: host.domain.org
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: xx.xx.xx.xx
Tunnel Addresses:
  10.0.2.2/24 -> 10.0.2.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: yes
Add Routes:
  10.0.0.0/24
  10.0.1.0/24
Exclude Routes:
DNS Servers:
  10.0.0.1
Search Domains:
  domain.org

⏎1/8/2021, 10:40:53 AM EVENT: ASSIGN_IP ⏎1/8/2021, 10:40:53 AM SetupClient: transmitting tun setup list to /var/run/agent_ovpnconnect.sock
{
	"config" : 
	{
		"iface_name" : "",
		"layer" : "OSI_LAYER_3",
		"tun_prefix" : false
	},
	"pid" : 38491,
	"tun" : 
	{
		"adapter_domain_suffix" : "",
		"add_routes" : 
		[
			{
				"address" : "10.0.0.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			},
			{
				"address" : "10.0.1.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			}
		],
		"block_ipv6" : true,
		"dns_servers" : 
		[
			{
				"address" : "10.0.0.1",
				"ipv6" : false
			}
		],
		"layer" : 3,
		"mtu" : 1500,
		"remote_address" : 
		{
			"address" : "xx.xx.xx.xx",
			"ipv6" : false
		},
		"reroute_gw" : 
		{
			"flags" : 256,
			"ipv4" : false,
			"ipv6" : false
		},
		"route_metric_default" : -1,
		"search_domains" : 
		[
			{
				"domain" : "domain.org"
			}
		],
		"session_name" : "home.domain.org",
		"tunnel_address_index_ipv4" : 0,
		"tunnel_address_index_ipv6" : -1,
		"tunnel_addresses" : 
		[
			{
				"address" : "10.0.2.2",
				"gateway" : "10.0.2.1",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			}
		]
	}
}
POST unix://[/var/run/agent_ovpnconnect.sock]/tun-setup : 200 OK
{
	"iface_name" : "utun4",
	"layer" : "OSI_LAYER_3",
	"tun_prefix" : true
}
/sbin/ifconfig utun4 down
/sbin/ifconfig utun4 10.0.2.2 10.0.2.1 netmask 255.255.255.0 mtu 1500 up
/sbin/route add -net 10.0.2.0 -netmask 255.255.255.0 10.0.2.2
add net 10.0.2.0: gateway 10.0.2.2
/sbin/route add -net 10.0.0.0 -netmask 255.255.255.0 10.0.2.1
add net 10.0.0.0: gateway 10.0.2.1
/sbin/route add -net 10.0.1.0 -netmask 255.255.255.0 10.0.2.1
add net 10.0.1.0: gateway 10.0.2.1
/sbin/route add -net -inet6 2000:: -prefixlen 4 -reject ::1%lo0
add net 2000::: gateway ::1%lo0
/sbin/route add -net -inet6 3000:: -prefixlen 4 -reject ::1%lo0
add net 3000::: gateway ::1%lo0
/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0
add net fc00::: gateway ::1%lo0
MacDNSAction: FLAGS=F RD=0 SO=5000 DNS=10.0.0.1 DOM=domain.org ADS=
open utun4 SUCCEEDED
⏎1/8/2021, 10:40:53 AM Connected via utun4
⏎1/8/2021, 10:40:53 AM EVENT: CONNECTED user@host.domain.org:1194 (xx.xx.xx.xx) via /UDPv4 on utun4/10.0.2.2/ gw=[10.0.2.1/]⏎
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/