Windows 10 client fails to set DNS for adapter

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
tf_translate
OpenVpn Newbie
Posts: 4
Joined: Wed Apr 15, 2020 3:11 pm

Windows 10 client fails to set DNS for adapter

Post by tf_translate » Wed Apr 15, 2020 3:30 pm

Dear Community

I am having trouble with the Windows client of OpenVPN (version 3.1.3 (713), but occurs with older versions down to 2.x as well) on Windows 10.

Specifically, even though the OpenVPN server and client are configured correctly, the DNS settings get pushed from the server to the client and/or are configured locally in the .opvn profile usign dhcp-option DNS ..., yet still, on my particular Windows 10 machine, the DNS settings do not make it into the Windows adapter settings for some reason. It works with the same server and the same .ovpn configurations for other users on their computers, but it does not work on mine. This is not the standard case of wrong adapter priorities, of wrong openvpn configurations and the like. It really seems like a weired issue with my machine and/or a bug in the client that is triggered on my machine.

Here is an excerpt of the log file upon connecting (I "XXXX"ed out information that is sensitive):

Code: Select all

Open TAP device "Ethernet 3" PATH="\\.\Global\{736B960A-26A6-4C1E-A116-CD3528FA7EA1}.tap" SUCCEEDED
TAP-Windows Driver Version 9.23
ActionDeleteAllRoutesOnInterface iface_index=11
netsh interface ip set interface 11 metric=1
OK.
netsh interface ip set address 11 static 192.168.113.9 255.255.255.0 gateway=192.168.113.1 store=active
netsh interface ipv6 add route 2000::/4 interface=1 store=active
OK.
netsh interface ipv6 add route 3000::/4 interface=1 store=active
OK.
netsh interface ipv6 add route fc00::/7 interface=1 store=active
OK.
netsh interface ip add route 192.168.121.0/24 11 192.168.113.1 store=active
OK.
netsh interface ip add route 192.168.122.0/25 11 192.168.113.1 store=active
OK.
NRPT::ActionCreate names=[.XXXXX.local] dns_servers=[192.168.121.30,192.168.121.31]
ipconfig /flushdns
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
TAP handle: b413000000000000
ÔÅÄ15.4.2020, 16:55:27 Connected via TUN_WIN
ÔÅÄ15.4.2020, 16:55:27 EVENT: CONNECTED XXXXX@XXXXXXXXXXXXX:10443 (XXXXXXXXXXXXX) via /TCPv4 on TUN_WIN/192.168.113.9/ gw=[192.168.113.1/]
As can be seen, from the NRPT::ActionCreate line, it seems that the OpenVPN client is correctly aware of the DNS servers that should be used - 192.168.121.30 and 192.168.121.31. However, after the connection is established, no DNS servers are visible in ipconfig /all for the tunnel device (or, as a matter of fact, for any other device):

Code: Select all

Ethernet-Adapter Ethernet 3:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Physische Adresse . . . . . . . . : XXXXXXXXXXXXXXXXXXX
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv4-Adresse  . . . . . . . . . . : 192.168.113.9(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . :
   NetBIOS über TCP/IP . . . . . . . : Aktiviert
Consequently, nslookup continues to use the default DNS settings from the local ethernet adapter. I can use a proper netsh command to manually and statically set the above-mentioned DNS servers for the tunnel adapter and everything works, i.e. the tunnel adapter takes priority over the local ethernet adapter as soon as it is configured with some DNS. However, for some reason, OpenVPN fails to configure the tunnel adapter with the DNS settings which it is fully aware of, for some reason that I do not understand.

Any help will be greatly appreciated. If this is not the proper forum for this question please point me to the proper forum. Thanks!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7145
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows 10 client fails to set DNS for adapter

Post by TinCanTech » Wed Apr 15, 2020 6:02 pm

Enable the Windows DHCPCD service

tf_translate
OpenVpn Newbie
Posts: 4
Joined: Wed Apr 15, 2020 3:11 pm

Re: Windows 10 client fails to set DNS for adapter

Post by tf_translate » Wed Apr 15, 2020 11:28 pm

If you mean the Windows "DHCP client" service, then that one is enabled and running (when I go to This Computer>Manage>Services), and "net start dhcp" tells me that the service is already started. My local ethernet interface picks up its configuration via DHCP successfully. It is just hte tunnel interface that picks up the IP, but won't pick up the DNS from OpenVPN.

I see that in the above log file, "ipconfig /all" tells me that DHCP is disabled for the tunnel interface Ethernet 3. I can go to that interface in Control Panel while OpenVPN is disconnected and manually enable DHCP for the interface. However, as soon as OpenVPN connects, DHCP is again disabled for this interface. Which makes it look like it is OpenVPN that disables DHCP for the interface. In fact, OpenVPN seems to use "netsh" to set all IP options for the interface, except for the DNS servers. I might need some funny option in the .opvn profile to change this behavior and keep DHCP enabled?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7145
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows 10 client fails to set DNS for adapter

Post by TinCanTech » Thu Apr 16, 2020 12:44 am

tf_translate wrote:
Wed Apr 15, 2020 11:28 pm
I might need some funny option in the .opvn profile
All the options are detailed in the manual.

Please see: viewtopic.php?f=30&t=22603

tf_translate
OpenVpn Newbie
Posts: 4
Joined: Wed Apr 15, 2020 3:11 pm

Re: Windows 10 client fails to set DNS for adapter

Post by tf_translate » Thu Apr 16, 2020 8:33 am

Dear TinCanTech, we might be digging in the wrong direction. Let me detail - the VPN server is a WatchGuard FireBox SSL firewall appliance. All other users in my team just download the WatchGuard FireBox SSL client (which is internally based on OpenVPN, but does not allow the user to modify the configuration at all) from the firewall appliance, install it, and it works for them (and sets the DNS). It did not work for me. So I assume something is broken on my Windows end and not in the OpenVPN setup to begin with. I just installed OpenVPN (using the .opvn configuration file that can also be downloaded from the firewall appliance) to be able to find out what's going on.

I have studied the manual and tried various options, including "ip-win32 dynamic", "tap-sleep 1", "dhcp-renew", "register-dns" and so forth, but to no avail. I consistently see OpenVPN disabling DHCP on the interface, then setting ip addresses and routes using netsh, and finally setting the DNS via NRPT::ActionCreate, but the latter one does not come through.

What could it be in my Windows that causes this behavior? The dhcp client is running, I have no third party firewall/antivirus, I even disabled WindowsDefender for a test.

tf_translate
OpenVpn Newbie
Posts: 4
Joined: Wed Apr 15, 2020 3:11 pm

Re: Windows 10 client fails to set DNS for adapter

Post by tf_translate » Thu Apr 16, 2020 9:34 am

Problem solved. Sorry for bothering you. I solved it by completely uninstalling all versions of OpenVPN and WatchGuard SSL and removing the tunnel interface, then starting from scratch. (I had done the same before even posting here, but probably I missed something on the first attempt). This time, the DNS came through. I had to manually adjust interface metrics to prioritze the tunnel interface. But now I am all set. Thanks for your support, and sorry once more.

Post Reply