OpenVPN DNS resolution not working

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
butterslax
OpenVpn Newbie
Posts: 2
Joined: Tue May 03, 2016 5:13 pm

OpenVPN DNS resolution not working

Post by butterslax » Tue May 03, 2016 5:16 pm

I'm currently trying to get a simple OpenVPN setup working and I'm almost there, except for a DNS (or routing) issue I seem to be having.

The client connects to the server just fine, and I can ping both the server (10.8.0.1) and internet IPs (8.8.8.8). The issue comes when I try to resolve any domain names. Here's what happens when the VPN connection is up:

Code: Select all

[test@localhost etc]$ dig www.google.ca

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> www.google.ca
;; global options: +cmd
;; connection timed out; no servers could be reached
[test@localhost etc]$ dig @<client network DNS server> www.google.ca

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @<client network DNS server> www.google.ca
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
[test@localhost etc]$ dig @8.8.8.8 www.google.ca

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @8.8.8.8 www.google.ca
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6453
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.ca.         IN  A

;; ANSWER SECTION:
www.google.ca.      299 IN  A   172.217.1.3

;; Query time: 32 msec
;; SERVER: 8.8.8.8
As far as I know I'm pushing DNS to my client from my server:

Code: Select all

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
And I've also established routes to the client:

Code: Select all

client-config-dir ccd
route <client subnet IP> 255.255.255.0
And in my client file:

Code: Select all

iroute <client subnet IP> 255.255.255.0
My iptables rules on the server:

Code: Select all

*nat
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s <client subnet IP>/24 -o tun0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT

COMMIT
I've enabled ip forwarding in sysctl. Not really sure where to look from here, so any insight would be greatly appreciated.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN DNS resolution not working

Post by Traffic » Tue May 03, 2016 5:38 pm

Please see the Forum rules (top of this page)

These options do not work for Linux without a client --up script:

Code: Select all

push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

butterslax
OpenVpn Newbie
Posts: 2
Joined: Tue May 03, 2016 5:13 pm

Re: OpenVPN DNS resolution not working

Post by butterslax » Tue May 03, 2016 5:40 pm

Traffic wrote:Please see the Forum rules (top of this page)

These options do not work for Linux without a client --up script:

Code: Select all

push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

Awesome -- would you be able to point me in the direction of some documentation on this? My client is Centos 7...

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN DNS resolution not working

Post by Traffic » Tue May 03, 2016 5:58 pm

If you have installed from a decent repo you should find a script called /etc/openvpn/update-resolv-conf ..

Use it like so:
  • Client config:

    Code: Select all

    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

midnight
OpenVpn Newbie
Posts: 2
Joined: Tue Jun 14, 2016 7:23 am

Re: OpenVPN DNS resolution not working

Post by midnight » Wed Aug 24, 2016 9:35 am

Traffic wrote:If you have installed from a decent repo you should find a script called /etc/openvpn/update-resolv-conf ..

Use it like so:
  • Client config:

    Code: Select all

    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
Thanks! Your post has solved my problem.

blueguse
OpenVpn Newbie
Posts: 2
Joined: Thu Aug 31, 2017 11:13 am

Re: OpenVPN DNS resolution not working

Post by blueguse » Thu Aug 31, 2017 11:14 am

I am finding that the dns push works only with the tunnelblick software, but isn't working with other clients. Any thoughts?

IcedZ
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 28, 2018 4:20 pm

Re: OpenVPN DNS resolution not working

Post by IcedZ » Fri Dec 28, 2018 4:21 pm

I edited /etc/resolv.conf and added "nameserver 8.8.8.8" - that seemed to fix my issue.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN DNS resolution not working

Post by TinCanTech » Fri Dec 28, 2018 6:12 pm

IcedZ wrote:
Fri Dec 28, 2018 4:21 pm
I edited /etc/resolv.conf and added "nameserver 8.8.8.8" - that seemed to fix my issue.
This is not a fix as you will see in /etrc/resolv.conf:

Code: Select all

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

Post Reply