I am trying to make a private VPN network. I installed dnsmasq (2.80-1.1ubuntu1.4) and OpenVPN server (2.4.7-1ubuntu2.20.04.3) on a cloud server.
I currently have only two clients to connect to the VPN network (One is Linux-based while the other is Windows OpenVPN connect client). I gave DNS server IP to Linux client and it started reading all addresses in /etc/hosts file. I then proceeded to connect to the OpenVPN server from the Linux client and it still could read all addresses in /etc/hosts file. On Windows client, when VPN is not connected I went into my network settings and clicked on my Wifi Adapter and gave the DNS ip to Windows client; it immediately started reading all addresses in /etc/hosts file but when I connect the VPN, it stops reading anything from /etc/hosts file. I have disabled firewall both from server and client but still, I couldn't read any addresses from the DNS server. I even tried to go into Network settings and manually clear and enter DNS ip to Wifi adapter and VPN adapter both but it still couldn't read any addresses. I also tried to only give DNS server IP to VPN Adapter in Network settings but it wouldn't work. I can ping the Linux client from the Windows client while connected to VPN.
/etc/dnsmasq.conf:The IP address of the Cloud server is redacted.
Code: Select all
domain-needed
bogus-priv
expand-hosts
domain=me.local
local=/.me.local/
listen-address=147.xx.xx.xx,127.0.0.1
cache-size=1000Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 147.xx.xx.xx"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1Code: Select all
client
dev tun
proto udp
remote 147.xx.xx.xx 1194
resolv-retry infinite
nobind
ca ca.crt
cert file.crt
key file.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
verb 3Code: Select all
[Feb 4, 2022, 13:14:47] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Dec 8 2021 12:04:20
⏎[Feb 4, 2022, 13:14:47] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Feb 4, 2022, 13:14:47] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
7 [cert] [Certificate: Data: Version: 3 (0x2) Serial N...]
8 [key] [-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkw...]
11 [tls-auth] [# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key ...]
14 [verb] [3]
⏎[Feb 4, 2022, 13:14:47] EVENT: RESOLVE ⏎[Feb 4, 2022, 13:14:47] Contacting 147.xx.xx.xx:1194 via UDP
⏎[Feb 4, 2022, 13:14:47] EVENT: WAIT ⏎[Feb 4, 2022, 13:14:47] WinCommandAgent: transmitting bypass route to 147.xx.xx.xx
{
"host" : "147.xx.xx.xx",
"ipv6" : false
}
⏎[Feb 4, 2022, 13:14:47] Connecting to [147.xx.xx.xx]:1194 (147.xx.xx.xx) via UDPv4
⏎[Feb 4, 2022, 13:14:48] EVENT: CONNECTING ⏎[Feb 4, 2022, 13:14:48] Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client
⏎[Feb 4, 2022, 13:14:48] Creds: UsernameEmpty/PasswordEmpty
⏎[Feb 4, 2022, 13:14:48] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.3.4-2600
IV_SSO=webauth,openurl,crtext
⏎[Feb 4, 2022, 13:14:48] SSL Handshake: peer certificate: CN=server, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
⏎[Feb 4, 2022, 13:14:48] Session is ACTIVE
⏎[Feb 4, 2022, 13:14:48] EVENT: GET_CONFIG ⏎[Feb 4, 2022, 13:14:48] Sending PUSH_REQUEST to server...
⏎[Feb 4, 2022, 13:14:49] OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [147.xx.xx.xx]
2 [route] [10.8.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.8.0.10] [10.8.0.9]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
⏎[Feb 4, 2022, 13:14:49] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0
control channel: tls-auth enabled
⏎[Feb 4, 2022, 13:14:49] EVENT: ASSIGN_IP ⏎[Feb 4, 2022, 13:14:49] CAPTURED OPTIONS:
Session Name: 147.xx.xx.xx
Layer: OSI_LAYER_3
Remote Address: 147.xx.xx.xx
Tunnel Addresses:
10.8.0.10/30 -> 10.8.0.9 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 BYPASS_DHCP IPv4 ]
Block IPv6: no
Add Routes:
10.8.0.1/32
Exclude Routes:
DNS Servers:
147.xx.xx.xx
Search Domains:
⏎[Feb 4, 2022, 13:14:51] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "180f000000000000",
"destroy_event" : "5c0f000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.8.0.1",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 32
}
],
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "147.xx.xx.xx",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "147.xx.xx.xx",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 307,
"ipv4" : true,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "147.xx.xx.xx",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.8.0.10",
"gateway" : "10.8.0.9",
"ipv6" : false,
"metric" : -1,
"net30" : true,
"prefix_length" : 30
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{F97DC98F-4050-45EB-A4D7-1E4C062214DC}' index=3 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{F97DC98F-4050-45EB-A4D7-1E4C062214DC}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=3
netsh interface ip set interface 3 metric=1
Ok.
netsh interface ip set address 3 static 10.8.0.10 255.255.255.252 gateway=10.8.0.9 store=active
IPHelper: add route 10.8.0.1/32 3 10.8.0.9 metric=-1
netsh interface ip add route 147.xx.xx.xx/32 25 192.168.10.1 store=active
The object already exists.
netsh interface ip add route 0.0.0.0/1 3 10.8.0.9 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 3 10.8.0.9 store=active
Ok.
netsh interface ip set dnsservers 3 static 147.xx.xx.xx register=primary validate=no
NRPT::ActionCreate names=[.] dns_servers=[147.xx.xx.xx]
ActionWFP openvpn_app_path=C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe tap_index=3 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 5c10000000000000
⏎[Feb 4, 2022, 13:14:51] Connected via TUN_WIN
⏎[Feb 4, 2022, 13:14:51] EVENT: CONNECTED 147.xx.xx.xx:1194 (147.xx.xx.xx) via /UDPv4 on TUN_WIN/10.8.0.10/ gw=[10.8.0.9/]⏎