OpenVPN Support Forum

I'm a noob, so please forgive my lack of expertise.

I recently tested 5 Australian ISPs and found that all of them appear to be routing all DNS traffic to 89.187.162.162 and 89.187.162.215. From the reading I've done on several websites including ipleak.net, ipleak.org, dnsleaktest.com and several others this seems to be a Transparent DNS Proxy.

I have 10 PCs here. I've added block-outside-dns to the .ovpn files. This seems to plug the leak when I'm using a VPN, but I can't find a way t stop the leak when not connected to a VPN. I never use the ISP DNS. I [try to] use my VPN providers DNS servers on and off VPN, but the traffic is being hijacked.

I run a Windows 2012 R2 server (I would run Server 2019 but WSUS is broken on that platform). I have IIS running and have a couple of personal websites

With block-outside-dns in place I'm finding that my internal websites are not accessible by name. For example http://server/website1 or http://server/website2

Assume I'm using 192.168.1.0/24 and the server is on .1. If I use 192.168.1.1/website1 I can access the site. Removing the block-outside-dns restores access by name.

Is this fixable or am I going to have to use the IP address for all internal access?

See --pull-filter

viewtopic.php?f=1&t=28306

TinCanTech wrote: ↑

Fri Dec 25, 2020 3:07 am

See --pull-filter

viewtopic.php?f=1&t=28306

I'm sorry, that thread is a series of digs at Australia. There is nothing about --pull-filter in there.
Or is that the whole point? As the ladies on Juice Media say... We're F.....d
and you're saying there is no way to configure OpenVPN or IIS to work around the issue created by using block-outside-dns?

yanta wrote: ↑

Wed Jan 06, 2021 8:27 am

that thread is a series of digs at Australia

Digs at the Australian Government in fact. Who are IMHO a disgusting bunch of criminals.

yanta wrote: ↑

Wed Jan 06, 2021 8:27 am

There is nothing about --pull-filter in there

SO, did you look any further, like the manual ?

yanta wrote: ↑

Wed Jan 06, 2021 8:27 am

Or is that the whole point? As the ladies on Juice Media say... We're F.....d

That is more or less the point ..

yanta wrote: ↑

Wed Jan 06, 2021 8:27 am

you're saying there is no way to configure OpenVPN or IIS to work around the issue created by using block-outside-dns?

That is not even what your question is about.

From your original question:

yanta wrote: ↑

Fri Dec 25, 2020 2:39 am

I have 10 PCs here. I've added block-outside-dns to the .ovpn files. This seems to plug the leak when I'm using a VPN

OpenVPN --block-outside-dns is working as expected.

yanta wrote: ↑

Fri Dec 25, 2020 2:39 am

but I can't find a way t stop the leak when not connected to a VPN

SO ... what has that got to do with openvpn ?

yanta wrote: ↑

Fri Dec 25, 2020 2:39 am

I never use the ISP DNS. I [try to] use my VPN providers DNS servers on and off VPN, but the traffic is being hijacked.

Which is exactly why you should use a VPN. This is also why your Government has all but banned VPN use in Australia. No doubt the VPN Provider you use has a deal going with your corrupt Government to share your data. Even if they say they don't, there is no way for you to prove otherwise, outside a court of law. And if you did try to take someone to court over it, your case would be thrown out as "Anti-Austalian" or some other such Bull-squirt.

BTW, the British Government are even more disgusting than yours, Julian Assange *cough cough* but we can use VPNs .. for the time being (but GCHQ really don't like it and they want them banned here too).

<sigh> ok. I'm a noob. That was my opening statement. I would rather stay away from political discussions as someone either gets offended or angry, and I just want to resolve a technical problem (which is clearly beyond my expertise), with guidance from experts. The whole point of asking questions is to learn. Sure, I read the documentation at https://openvpn.net/community-resources ... envpn-2-4/, but I didn't understand it.

Please, the OP is exactly about IIS problems. The last two paragraphs state exactly that. Since making that post I've also found that using block-outside-DNS also creates other issues. Sure, it's working as intended - it's blocking the DNS proxy. I don't believe I suggested for one second that the directive wasn't working.

So, to be specific, on PCs using block-outside-dns I observe the following issues.
1. I cannot access my intranet websites by name, only by IP address.
2. In online games I experience hanging for 15-20 seconds (example: hearthstone), or erratic behavior such as overlays not working (example: Hearthstone Deck Tracker, or frequent in game hangs that result in the game disconnecting (Eg Hearthstone, Dota2, Runescape)

Yes, I tried adding --pull-filter accept in the config file. That didn't help.

Fine, I will concede that off VPN OpenVPN has nothing to do with the issue. I was hoping that a kindly expert might share some of their expertise and point me to something that might help. Ok, a stupid question. I'm sorry.

I didn't choose to be born in Australia, and yes, the government may be corrupt, but be that as it may, it doesn't help me fix these issues.

I'm not sure why you're so angry with me. Because I live in Australia? Because I have very little knowledge of OpenVPN? Whatever I said or did that upset you, I apologize. All I'm asking for is a little patience and guidance.

yanta wrote: ↑

Fri Dec 25, 2020 2:39 am

but I can't find a way t stop the leak when not connected to a VPN

SO ... what has that got to do with openvpn ?

Your entire country is subject to Government spying .. what the hell do you expect us to do ?

TinCanTech wrote: ↑

Wed Jan 13, 2021 2:21 pm

yanta wrote: ↑

Fri Dec 25, 2020 2:39 am

but I can't find a way t stop the leak when not connected to a VPN

SO ... what has that got to do with openvpn ?

you can run openvpn only for dns server and the rest on local network so your GOV cant find out what do you want to do . it is very easy to make it works like that if you concern . in the end your dns server provider can spy what you are using for and they can bring you to your GOV . there are a lot vpn provider give free vpn to customer and sell data to GOV for money so it is bester dont use it at all .