Hi,
When I connect to my AWS OpenVPN Server using OpenVPN GUI I am able to resolve domain names and get a ping response.
When I connect to the same AWS OpenVPN Server using OpenVPN Connect, I am unable to resolve domain names. I can however directly ping ips and get a response.
This is both on Windows 11, exactly the same configuration on both clients and connecting to the same server. The OpenVPN server is configured with a split tunnel for only one unrelated ip address, I'm using Google DNS to resolve ips (8.8.8.8, 8.8.4.4).
When I route the Google DNS ips over the VPN rather than using the default local gateway then I'm able to resolve domain names and get a ping response. Any idea why I need to route the Google DNS ips over the VPN to resolve domain names for the OpenVPN Connect client and not the OpenVPN GUI?
Would really appreciate any ideas on how to debug and move forward.
Many thanks
Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Apr 19, 2022 2:31 am
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect
Hello Lach,
OpenVPN GUI uses OpenVPN2. OpenVPN Connect uses OpenVPN3. Split-DNS is not supported by OpenVPN2. But is implemented in OpenVPN3. Simply put there are differences in how DNS works in the two programs. Use the one that matches your needs.
In the meantime, we are working on expanding DNS handling and unifying it in OpenVPN2 and OpenVPN3.
I suggest you use tcpdump to diagnose the DNS queries and responses to see what the difference is. This can give a clue as to what to change to make things work as you expect.
Kind regards,
Johan
OpenVPN GUI uses OpenVPN2. OpenVPN Connect uses OpenVPN3. Split-DNS is not supported by OpenVPN2. But is implemented in OpenVPN3. Simply put there are differences in how DNS works in the two programs. Use the one that matches your needs.
In the meantime, we are working on expanding DNS handling and unifying it in OpenVPN2 and OpenVPN3.
I suggest you use tcpdump to diagnose the DNS queries and responses to see what the difference is. This can give a clue as to what to change to make things work as you expect.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri May 20, 2022 7:19 pm
Re: Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect
Wanted to put an update on this one since I just figured out what was causing this same issue on my particular setup (pfSense OpenVPN Server).
My DNS configuration on the server was using my primary internal network range as the DNS addresses listed in the OpenVPN server settings, and that's worked for a long time using the OpenVPN V2 clients across many different devices. In this case - when DNS was not working on the new OpenVPN Connect windows client - I decided to try using the VPN network's gateway address in the same range as the VPN network as the DNS resolver address since I have the DNS Resolver running on all interfaces. That solved the issue and immediately my windows machine could resolve addresses while on OpenVPN Connect.
It seems as part of the OpenVPN Connect client V3, DNS requests are being blocked to IPs outside of the VPN assigned range. This can be worked around when using pfSense specifically with the DNS Resolver taking care of it for you, but in cases where that isn't available, it's going to make DNS requests to internal DNS servers living in a different subnet a real challenge.
My DNS configuration on the server was using my primary internal network range as the DNS addresses listed in the OpenVPN server settings, and that's worked for a long time using the OpenVPN V2 clients across many different devices. In this case - when DNS was not working on the new OpenVPN Connect windows client - I decided to try using the VPN network's gateway address in the same range as the VPN network as the DNS resolver address since I have the DNS Resolver running on all interfaces. That solved the issue and immediately my windows machine could resolve addresses while on OpenVPN Connect.
It seems as part of the OpenVPN Connect client V3, DNS requests are being blocked to IPs outside of the VPN assigned range. This can be worked around when using pfSense specifically with the DNS Resolver taking care of it for you, but in cases where that isn't available, it's going to make DNS requests to internal DNS servers living in a different subnet a real challenge.