Trouble pushing DNS to clients

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
chubb
OpenVpn Newbie
Posts: 3
Joined: Mon Mar 21, 2022 12:31 am

Trouble pushing DNS to clients

Post by chubb » Mon Mar 21, 2022 12:59 am

I have set up a OpenVPN server with the Synology plugin running on DSM. The iOS/iPad clients has no problem connecting to the internet via the server.

However, the DNS setting does not work as the local domains cannot be found. Strangely the external domains work even while I disabled the DNS backup option in the client.

Here is my setup:

Server:
Local IP of the OpenVPN Server: 10.27.0.40
Synology DSM version: DSM 7.0.1-42218 Update 3

Clients:
iOS version: 15.4

openvpn.conf
push "route 10.27.0.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun

management /var/run/openvpn.sock unix

server 10.8.0.0 255.255.255.0


dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh3072.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key

max-clients 10

comp-lzo

persist-tun
persist-key

verb 3

#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn

status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 1194
cipher AES-256-CBC
auth SHA512
mssfix 1450

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.27.0.40"

client log:
2022-03-21 00:37:18 1

2022-03-21 00:37:18 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit

2022-03-21 00:37:18 OpenVPN core 3.git::58b92569 ios arm64 64-bit

2022-03-21 00:37:18 Frame=512/2048/512 mssfix-ctrl=1250

2022-03-21 00:37:18 UNUSED OPTIONS
1 [tls-client]
4 [register-dns]
5 [block-outside-dns]
6 [pull]
8 [script-security] [2]

2022-03-21 00:37:18 EVENT: RESOLVE

2022-03-21 00:37:18 Contacting [[IP omitted for privacy]]:1194/UDP via UDP

2022-03-21 00:37:18 EVENT: WAIT

2022-03-21 00:37:18 Connecting to [[Domain omitted for privacy]]:1194 ([IP omitted for privacy]) via UDPv4

2022-03-21 00:37:18 EVENT: CONNECTING

2022-03-21 00:37:18 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client

2022-03-21 00:37:18 Creds: Username/Password

2022-03-21 00:37:18 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl


2022-03-21 00:37:18 VERIFY OK: depth=2, /C=US/O=Internet Security Research Group/CN=ISRG Root X1

2022-03-21 00:37:18 VERIFY OK: depth=1, /C=US/O=Let's Encrypt/CN=R3

2022-03-21 00:37:18 VERIFY OK: depth=0, /CN=<Domain omitted for privacy>

2022-03-21 00:37:18 SSL Handshake: CN=<Domain omitted for privacy>, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

2022-03-21 00:37:18 Session is ACTIVE

2022-03-21 00:37:18 EVENT: GET_CONFIG

2022-03-21 00:37:18 Sending PUSH_REQUEST to server...

2022-03-21 00:37:18 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.27.0.0] [255.255.255.0]
2 [route] [10.8.0.0] [255.255.255.0]
3 [redirect-gateway] [def1] [bypass-dhcp]
4 [dhcp-option] [DNS] [10.27.0.40]
5 [route] [10.8.0.1]
6 [topology] [net30]
7 [ping] [10]
8 [ping-restart] [60]
9 [ifconfig] [10.8.0.6] [10.8.0.5]


2022-03-21 00:37:18 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA512
compress: LZO_STUB
peer ID: -1

2022-03-21 00:37:18 EVENT: ASSIGN_IP

2022-03-21 00:37:18 NIP: preparing TUN network settings

2022-03-21 00:37:18 NIP: init TUN network settings with endpoint: <IP omitted for privacy>

2022-03-21 00:37:18 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252

2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.4/30

2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.27.0.0/24

2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.0/24

2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.1/32

2022-03-21 00:37:18 NIP: redirecting all IPv4 traffic to TUN interface

2022-03-21 00:37:18 NIP: adding DNS 10.27.0.40

2022-03-21 00:37:18 Connected via NetworkExtensionTUN

2022-03-21 00:37:18 LZO-ASYM init swap=0 asym=1

2022-03-21 00:37:18 Comp-stub init swap=0

2022-03-21 00:37:18 EVENT: CONNECTED <user@domain omitted for privacy>:1194 (<IP omitted for privacy>) via /UDPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]
Sorry that I can't get oconf and olog tags work. :oops:

Post Reply