[Solved] Cant disable Block DNS

[kiromn]

Hi,
I have Openvpn server on a linux VPS, which i use for connection between several devices.
I don't want to route internet traffic through the tunel.
It was working fine with openvpn v. 2.2.2, but now i need to connect Windows 10 machine and i have installed the latest version.
Even i dont have "block-outside-dns" option enabled anywhere, the freaking thing enables dns blocking and stops dns on the windows 10 machine.
I have searched all arround the internet for soluton without success.
Of course if i set the server to redirect the gateway, internet goes through it without issues, but this is not my intention.
Can please someone help me

[TinCanTech]

So you are claiming that --block-outside-dns is enabled by default and that when you connect to your VPN, which does not push --block-outside-dns or --dhcp-option DNS x.x.x.x , you can no longer use any DNS server ?

If so .. please posy your complete (sanitised) client log at verb 4.

[kiromn]

Tue Feb 13 22:33:37 2018 MANAGEMENT: >STATE:1518554017,WAIT,,,
Tue Feb 13 22:33:37 2018 MANAGEMENT: >STATE:1518554017,AUTH,,,
Tue Feb 13 22:33:37 2018 TLS: Initial packet from [AF_INET]
Tue Feb 13 22:33:37 2018 VERIFY OK: depth=1, CN=ChangeMe
Tue Feb 13 22:33:37 2018 Validating certificate key usage
Tue Feb 13 22:33:37 2018 ++ Certificate has key usage 00a0, expects 00a0
Tue Feb 13 22:33:37 2018 VERIFY KU OK
Tue Feb 13 22:33:37 2018 Validating certificate extended key usage
Tue Feb 13 22:33:37 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 13 22:33:37 2018 VERIFY EKU OK
Tue Feb 13 22:33:37 2018 VERIFY OK: depth=0, CN=server
Tue Feb 13 22:33:37 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb 13 22:33:37 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 13 22:33:37 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb 13 22:33:37 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 13 22:33:37 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Feb 13 22:33:37 2018 [server] Peer Connection Initiated with [AF_INET]xxxxxxxxxxxxxxxx
Tue Feb 13 22:33:38 2018 MANAGEMENT: >STATE:1518554018,GET_CONFIG,,,
Tue Feb 13 22:33:39 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Feb 13 22:33:39 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
Tue Feb 13 22:33:39 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 13 22:33:39 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 13 22:33:39 2018 OPTIONS IMPORT: route-related options modified
Tue Feb 13 22:33:39 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Feb 13 22:33:39 2018 MANAGEMENT: >STATE:1518554019,ASSIGN_IP,,10.8.0.3,
Tue Feb 13 22:33:39 2018 open_tun, tt->ipv6=0
Tue Feb 13 22:33:39 2018 TAP-WIN32 device [Ethernet 26] opened: \\.\Global\{BD744CD0-CE48-438C-B47D-86FF6DA3A14B}.tap
Tue Feb 13 22:33:39 2018 TAP-Windows Driver Version 9.21
Tue Feb 13 22:33:39 2018 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.3/255.255.255.0 [SUCCEEDED]
Tue Feb 13 22:33:39 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.3/255.255.255.0 on interface {BD744CD0-CE48-438C-B47D-86FF6DA3A14B} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Tue Feb 13 22:33:39 2018 Successful ARP Flush on interface [79] {BD744CD0-CE48-438C-B47D-86FF6DA3A14B}
Tue Feb 13 22:33:39 2018 Blocking DNS using WFP
Tue Feb 13 22:33:44 2018 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Tue Feb 13 22:33:44 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 13 22:33:44 2018 Initialization Sequence Completed
Tue Feb 13 22:33:44 2018 MANAGEMENT: >STATE:1518554024,CONNECTED,SUCCESS,10.8.0.3

[TinCanTech]

Now please post your client config file.

[kiromn]

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote .........
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1

<CA>
.....

[kiromn]

Oh, i saw it when i have posted it.
You can delete the topic )