How to push DNS servers to the Windows client with net30 on the server?
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Dec 17, 2021 1:34 am
How to push DNS servers to the Windows client with net30 on the server?
Hi,
How do I get the ipv4 address of a DNS server which I set on my OpenVPN server to be pushed to a Windows OpenVPN client, when the server is using the net30 topology?
Thank you,
James Pedersen
How do I get the ipv4 address of a DNS server which I set on my OpenVPN server to be pushed to a Windows OpenVPN client, when the server is using the net30 topology?
Thank you,
James Pedersen
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Dec 17, 2021 1:34 am
Re: How to push DNS servers to the Windows client with net30 on the server?
I'm using OpenVPN Connect 3.3.3, and I'm using Windows 11.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: How to push DNS servers to the Windows client with net30 on the server?
Hello James,
I think I should inform you that net30 is deprecated and really should not be used anymore.
But anyway, that was not your question. You want to know the IP of the DNS server in net30. You can either take the IP that the server itself gets in this range, which you can find by for example looking at your route table on the client side, to see where traffic is routed to, and use that to implement parameters for having the client implement a DNS server on the client side with that IP. Or you can just take an IP that the server itself has on its main ethernet interface for example and push that as DNS server to the VPN clients. Packet forwarding will need to be enabled for that but I figure that's already enabled if it's serving as a VPN server.
Kind regards,
Johan
I think I should inform you that net30 is deprecated and really should not be used anymore.
But anyway, that was not your question. You want to know the IP of the DNS server in net30. You can either take the IP that the server itself gets in this range, which you can find by for example looking at your route table on the client side, to see where traffic is routed to, and use that to implement parameters for having the client implement a DNS server on the client side with that IP. Or you can just take an IP that the server itself has on its main ethernet interface for example and push that as DNS server to the VPN clients. Packet forwarding will need to be enabled for that but I figure that's already enabled if it's serving as a VPN server.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Dec 17, 2021 1:34 am
Re: How to push DNS servers to the Windows client with net30 on the server?
Jacob,
How do I push the DNS server IP address to the clients?
I’ve already got
push “dhcp-option DNS X.X.X.X”
set on the server, where X.X.X.X is the WAN address of the router, but the DNS server address isn’t showing up in the OpenVPN adapter on windows clients. I’m guessing this is because net30 isn’t using DHCP.
Thank you,
James Pedersen
How do I push the DNS server IP address to the clients?
I’ve already got
push “dhcp-option DNS X.X.X.X”
set on the server, where X.X.X.X is the WAN address of the router, but the DNS server address isn’t showing up in the OpenVPN adapter on windows clients. I’m guessing this is because net30 isn’t using DHCP.
Thank you,
James Pedersen
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: How to push DNS servers to the Windows client with net30 on the server?
Hi James,
I of course agree with Johan (I have to! He hired me! ) about letting --net 30 die in peace. It was an ugly kludge to work with Windows in the early days of openvpn Windows support.
Anyway, that said, yes, --dhcp-option is a Windows thing, because Windows thinks a layer-3 tun adapter is DHCP. And yes, that's how you would push it from a server to clients. As for why it's not being pushed, there could be any number of reasons for that. Show the logging, which should tell us what is being pushed.
regards, rob0
I of course agree with Johan (I have to! He hired me! ) about letting --net 30 die in peace. It was an ugly kludge to work with Windows in the early days of openvpn Windows support.
Anyway, that said, yes, --dhcp-option is a Windows thing, because Windows thinks a layer-3 tun adapter is DHCP. And yes, that's how you would push it from a server to clients. As for why it's not being pushed, there could be any number of reasons for that. Show the logging, which should tell us what is being pushed.
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Dec 17, 2021 1:34 am
Re: How to push DNS servers to the Windows client with net30 on the server?
Ok.
My server config and my client logs are given below.
I'm using OpenVPN Connect 3.3.3 on Windows 11 for the client. Please note that I have the DNS cache (the DNS client service) disabled on the client machine.
Server config:
Client logs:
Images:
https://ibb.co/pKJcT2B
https://ibb.co/w6ynRW1
Thank you,
James Pedersen
My server config and my client logs are given below.
I'm using OpenVPN Connect 3.3.3 on Windows 11 for the client. Please note that I have the DNS cache (the DNS client service) disabled on the client machine.
Server config:
Code: Select all
dev ovpns1
verb 4
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
learn-address "/usr/local/sbin/openvpn.learn-address.sh pl.acme.com"
local <ROUTER_PUBLIC_IP>
tls-server
server 172.16.122.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user <REDACTED> false server1 1194
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'router.pl.acme.com' 1"
lport 1194
management /var/etc/openvpn/b/sock unix
push "route 10.0.0.0 255.255.0.0"
push "route 10.1.0.0 255.255.0.0"
push "route 10.10.0.0 255.255.255.0"
...
<PUSH_ROUTES_DIRECTIVES_REDACTED>
...
push "dhcp-option DOMAIN pl.acme.com"
push "dhcp-option DNS 10.1.0.1"
push "dhcp-option NTP 10.1.0.1"
duplicate-cn
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert
key /var/etc/openvpn/server1/key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:AES-128-CBC:AES-256-CBC
data-ciphers-fallback AES-128-CBC
allow-compression asym
persist-remote-ip
float
topology net30
reneg-sec 36000
Code: Select all
[Jan 20, 2022, 19:58:35] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Nov 12 2021 10:45:12
⏎[Jan 20, 2022, 19:58:35] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Jan 20, 2022, 19:58:35] UNUSED OPTIONS
1 [persist-tun]
2 [persist-key]
3 [data-ciphers] [AES-256-GCM:AES-128-GCM:AES-128-CBC:AES-256-CBC]
4 [data-ciphers-fallback] [AES-128-CBC]
6 [tls-client]
8 [resolv-retry] [infinite]
13 [explicit-exit-notify]
⏎[Jan 20, 2022, 19:58:35] EVENT: RESOLVE ⏎[Jan 20, 2022, 19:58:35] Contacting <ROUTER_PUBLIC_IP>:1194 via UDP
⏎[Jan 20, 2022, 19:58:35] EVENT: WAIT ⏎[Jan 20, 2022, 19:58:35] WinCommandAgent: transmitting bypass route to <ROUTER_PUBLIC_IP>
{
"host" : "<ROUTER_PUBLIC_IP>",
"ipv6" : false
}
⏎[Jan 20, 2022, 19:58:35] Connecting to [<ROUTER_PUBLIC_IP>]:1194 (<ROUTER_PUBLIC_IP>) via UDPv4
⏎[Jan 20, 2022, 19:58:35] EVENT: CONNECTING ⏎[Jan 20, 2022, 19:58:35] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
⏎[Jan 20, 2022, 19:58:35] Creds: Username/Password
⏎[Jan 20, 2022, 19:58:35] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.3-2562
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
⏎[Jan 20, 2022, 19:58:36] SSL Handshake: peer certificate: CN=router.pl.acme.com, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
⏎[Jan 20, 2022, 19:58:36] Session is ACTIVE
⏎[Jan 20, 2022, 19:58:36] EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future⏎[Jan 20, 2022, 19:58:36] EVENT: GET_CONFIG ⏎[Jan 20, 2022, 19:58:36] Sending PUSH_REQUEST to server...
⏎[Jan 20, 2022, 19:58:36] Options continuation...
⏎[Jan 20, 2022, 19:58:36] Options continuation...
⏎[Jan 20, 2022, 19:58:36] OPTIONS:
0 [route] [10.0.0.0] [255.255.0.0]
1 [route] [10.1.0.0] [255.255.0.0]
2 [route] [10.10.0.0] [255.255.255.0]
....
<ROUTES_PUSHED_REDACTED>
....
49 [dhcp-option] [DOMAIN] [pl.acme.com]
50 [dhcp-option] [DNS] [10.1.0.1]
51 [dhcp-option] [NTP] [10.1.0.1]
52 [route] [172.16.122.1]
53 [topology] [net30]
54 [ping] [10]
55 [ping-restart] [60]
56 [push-continuation] [2]
57 [ifconfig] [172.16.122.42] [172.16.122.41]
58 [peer-id] [9]
59 [cipher] [AES-256-GCM]
60 [push-continuation] [1]
⏎[Jan 20, 2022, 19:58:36] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 9
control channel: tls-auth enabled
⏎[Jan 20, 2022, 19:58:36] EVENT: ASSIGN_IP ⏎[Jan 20, 2022, 19:58:36] Unknown pushed DHCP option: [dhcp-option] [NTP] [10.1.0.1]
⏎[Jan 20, 2022, 19:58:36] CAPTURED OPTIONS:
Session Name: <ROUTER_PUBLIC_IP>
Layer: OSI_LAYER_3
Remote Address: <ROUTER_PUBLIC_IP>
Tunnel Addresses:
172.16.122.42/30 -> 172.16.122.41 [net30]
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.0.0.0/16
10.1.0.0/16
10.10.0.0/24
....
ROUTES_REDACTED>
....
172.16.122.1/32
Exclude Routes:
DNS Servers:
10.1.0.1
Search Domains:
pl.acme.com
⏎[Jan 20, 2022, 19:58:37] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "4c12000000000000",
"destroy_event" : "6c0d000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.0.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 16
},
{
"address" : "10.1.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 16
},
{
"address" : "10.10.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
....
<ADDRESES_REDACTED>
....
],
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "10.1.0.1",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "<ROUTER_PUBLIC_IP>",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"search_domains" :
[
{
"domain" : "pl.acme.com"
}
],
"session_name" : "<ROUTER_PUBLIC_IP>",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.16.122.42",
"gateway" : "172.16.122.41",
"ipv6" : false,
"metric" : -1,
"net30" : true,
"prefix_length" : 30
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{92153C18-52CC-4B8D-B54E-A3738D97B3C6}' index=24 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{92153C18-52CC-4B8D-B54E-A3738D97B3C6}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=24
netsh interface ip set interface 24 metric=1
Ok.
netsh interface ip set address 24 static 172.16.122.42 255.255.255.252 gateway=172.16.122.41 store=active
IPHelper: add route 10.0.0.0/16 24 172.16.122.41 metric=-1
IPHelper: add route 10.1.0.0/16 24 172.16.122.41 metric=-1
IPHelper: add route 10.10.0.0/24 24 172.16.122.41 metric=-1
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
cannot modify route: error 5010
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
cannot modify route: error 5010
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: add route 172.16.122.1/32 24 172.16.122.41 metric=-1
NRPT::ActionCreate names=[.pl.acme.com] dns_servers=[10.1.0.1]
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 340f000000000000
⏎[Jan 20, 2022, 19:58:37] Connected via TUN_WIN
⏎[Jan 20, 2022, 19:58:37] EVENT: CONNECTED james.pedersen@<ROUTER_PUBLIC_IP>:1194 (<ROUTER_PUBLIC_IP>) via /UDPv4 on TUN_WIN/172.16.122.42/ gw=[172.16.122.41/]⏎
https://ibb.co/pKJcT2B
https://ibb.co/w6ynRW1
Thank you,
James Pedersen
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Dec 17, 2021 1:34 am
Re: How to push DNS servers to the Windows client with net30 on the server?
Hi guys,
Any ideas at to what could be going wrong here?
Thank you,
James Pedersen
Any ideas at to what could be going wrong here?
Thank you,
James Pedersen
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Jan 30, 2022 1:52 am
Re: How to push DNS servers to the Windows client with net30 on the server?
Hello!
I'm getting the same issue.
I'm getting the same issue.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Jan 30, 2022 1:52 am
Re: How to push DNS servers to the Windows client with net30 on the server?
I solved changing the linejamesp-brightpattern wrote: ↑Wed Jan 26, 2022 7:47 pmHi guys,
Any ideas at to what could be going wrong here?
Thank you,
James Pedersen
push "dhcp-option DNS x.x.x.x"
to
dhcp-option DNS x.x.x.x
And then execute ipconfig /all and you will see the DNS server ip in TAP interface.
-
- OpenVpn Newbie
- Posts: 16
- Joined: Fri Dec 17, 2021 1:34 am
Re: How to push DNS servers to the Windows client with net30 on the server?
bdsr,
Thank you for this suggestion.
I would like to understand your solution better.
Is dhcp-option a client side option or a server side option? Johan or someone else from OpenVPN, could you please weigh in here?
Thank you,
James Pedersen
Thank you for this suggestion.
I would like to understand your solution better.
Is dhcp-option a client side option or a server side option? Johan or someone else from OpenVPN, could you please weigh in here?
Thank you,
James Pedersen