Is the DNS getting flushed after receiving it?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
YeongMin
OpenVpn Newbie
Posts: 5
Joined: Fri May 06, 2022 6:55 pm

Is the DNS getting flushed after receiving it?

Post by YeongMin » Mon May 09, 2022 6:06 pm

Clients have no name resolution. Is the DNS getting flushed after receiving it?

OpenVPN via pfSense
Tested on multiple Windows 10 and 8.1 clients w/ same result.

After Connecting, client can access network share using IP; but not hostname. Same for ping.

I've tried Enabling/Disabling [Block Outside DNS], [force DNS cache update] on the server with no change. I've also tried adding the DNS info manually on the client OVPN file; but that just resulted listing the DNS info twice at the same line in the log.

Thank you for any assistance.

Server Config

server config file - public ip names and addresses removed

dev ovpns3
verb 1
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local
tls-server
server 10.0.10.0 255.255.255.0
client-config-dir /var/etc/openvpn/server3/csc
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user RGVmLUxvZ2l4IEF1dGhlbnRpY2F0aW9uIC0gV2lkZS1PcGVuIFZQTiBFeGVjICYgU3lzYWRtaW4gT05MWQ== false server3 1195
tls-verify "/usr/local/sbin/ovpn_auth_verify tls '' 1"
lport 1195
management /var/etc/openvpn/server3/sock unix
max-clients 100
push "route 192.168.200.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"
push "route 172.16.101.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.30.0 255.255.255.0"
push "route 172.16.0.0 255.255.255.0"
push "route 10.10.0.0 255.255.255.0"
push "route 10.20.0.0 255.255.255.0"
push "route 172.16.2.0 255.255.255.0"
push "dhcp-option DOMAIN def-logix.local"
push "dhcp-option DNS 192.168.200.4"
push "dhcp-option DNS 192.168.200.5"
push "block-outside-dns"
push "dhcp-option NTP 216.239.35.12"
push "dhcp-option NTP 50.205.244.107"
remote-cert-tls client
capath /var/etc/openvpn/server3/ca
cert /var/etc/openvpn/server3/cert
key /var/etc/openvpn/server3/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server3/tls-auth 0
ncp-disable
cipher AES-128-CBC
allow-compression no
persist-remote-ip
float
topology subnet
inactive 900
inactive 3600


Client log

client config file - public ip names and addresses removed
⏎5/10/2022, 12:20:50 PM OpenVPN core 3.git::662eae9a win x86_64 64-bit built on Oct 27 2020 12:49:07
⏎5/10/2022, 12:20:50 PM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/10/2022, 12:20:50 PM UNUSED OPTIONS
1 [persist-key]
2 [ncp-disable]
5 [tls-client]
7 [resolv-retry] [infinite]
9 [nobind]
10 [verify-x509-name] [] [name]
13 [explicit-exit-notify]
⏎5/10/2022, 12:20:50 PM Contacting :1195 via UDP
⏎5/10/2022, 12:20:50 PM WinCommandAgent: transmitting bypass route to
{
"host" : "",
"ipv6" : false
}

⏎5/10/2022, 12:20:50 PM EVENT: RESOLVE ⏎5/10/2022, 12:20:50 PM EVENT: WAIT ⏎5/10/2022, 12:20:50 PM Connecting to []:1195 () via UDPv4
⏎5/10/2022, 12:20:50 PM EVENT: CONNECTING ⏎5/10/2022, 12:20:50 PM Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎5/10/2022, 12:20:50 PM Creds: Username/Password
⏎5/10/2022, 12:20:50 PM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_GUI_VER=OCWindows_3.2.2-1455
IV_SSO=openurl

⏎5/10/2022, 12:20:51 PM SSL Handshake: CN=, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
⏎5/10/2022, 12:20:51 PM Session is ACTIVE
⏎5/10/2022, 12:20:51 PM Sending PUSH_REQUEST to server...
⏎5/10/2022, 12:20:51 PM EVENT: GET_CONFIG ⏎5/10/2022, 12:20:51 PM OPTIONS:
0 [route] [192.168.200.0] [255.255.255.0]
1 [route] [192.168.100.0] [255.255.255.0]
2 [route] [172.16.101.0] [255.255.255.0]
3 [route] [192.168.1.0] [255.255.255.0]
4 [route] [172.16.30.0] [255.255.255.0]
5 [route] [172.16.0.0] [255.255.255.0]
6 [route] [10.10.0.0] [255.255.255.0]
7 [route] [10.20.0.0] [255.255.255.0]
8 [route] [172.16.2.0] [255.255.255.0]
9 [dhcp-option] [DOMAIN] [def-logix.local]
10 [dhcp-option] [DNS] [192.168.200.4]
11 [dhcp-option] [DNS] [192.168.200.5]
12 [block-outside-dns]
13 [dhcp-option] [NTP] [216.239.35.12]
14 [dhcp-option] [NTP] [50.205.244.107]
15 [route-gateway] [10.0.10.1]
16 [topology] [subnet]
17 [ping] [10]
18 [ping-restart] [60]
19 [ifconfig] [10.0.10.2] [255.255.255.0]
20 [peer-id] [0]
21 [cipher] [AES-128-CBC]

⏎5/10/2022, 12:20:51 PM PROTOCOL OPTIONS:
cipher: AES-128-CBC
digest: SHA256
compress: NONE
peer ID: 0
⏎5/10/2022, 12:20:51 PM Unknown pushed DHCP option: [dhcp-option] [NTP] [216.239.35.12]
⏎5/10/2022, 12:20:51 PM Unknown pushed DHCP option: [dhcp-option] [NTP] [50.205.244.107]
⏎5/10/2022, 12:20:51 PM CAPTURED OPTIONS:
Session Name:
Layer: OSI_LAYER_3
Remote Address:
Tunnel Addresses:
10.0.10.2/24 -> 10.0.10.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
192.168.200.0/24
192.168.100.0/24
172.16.101.0/24
192.168.1.0/24
172.16.30.0/24
172.16.0.0/24
10.10.0.0/24
10.20.0.0/24
172.16.2.0/24
Exclude Routes:
DNS Servers:
192.168.200.4
192.168.200.5
Search Domains:
def-logix.local

⏎5/10/2022, 12:20:51 PM EVENT: ASSIGN_IP ⏎5/10/2022, 12:20:52 PM SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"confirm_event" : "b005000000000000",
"destroy_event" : "6c11000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "192.168.200.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "192.168.100.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.101.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "192.168.1.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.30.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.10.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.20.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.2.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "192.168.200.4",
"ipv6" : false
},
{
"address" : "192.168.200.5",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "###.###.###.###",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"search_domains" :
[
{
"domain" : "def-logix.local"
}
],
"session_name" : "",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.0.10.2",
"gateway" : "10.0.10.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{926D4931-E217-4D2C-B5C9-28F8B3C0B7DE}' index=9 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{926D4931-E217-4D2C-B5C9-28F8B3C0B7DE}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=9
netsh interface ip set interface 9 metric=1
Ok.
netsh interface ip set address 9 static 10.0.10.2 255.255.255.0 gateway=10.0.10.1 store=active
IPHelper: add route 192.168.200.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 192.168.100.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.101.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 192.168.1.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.30.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.0.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 10.10.0.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 10.20.0.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.2.0/24 9 10.0.10.1 metric=-1
NRPT::ActionCreate names=[.def-logix.local] dns_servers=[192.168.200.4,192.168.200.5]
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 8c12000000000000
⏎5/10/2022, 12:20:52 PM Connected via TUN_WIN
⏎5/10/2022, 12:20:52 PM EVENT: CONNECTED @:1195 () via /UDPv4 on TUN_WIN/10.0.10.2/ gw=[10.0.10.1/]⏎5/10/2022, 12:21:30 PM SetupClient: signaling tun destroy event
⏎5/10/2022, 12:21:30 PM EVENT: DISCONNECTED ⏎
Last edited by YeongMin on Tue May 10, 2022 5:56 pm, edited 7 times in total.

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is the DNS getting flushed after receiving it?

Post by TinCanTech » Mon May 09, 2022 7:18 pm


YeongMin
OpenVpn Newbie
Posts: 5
Joined: Fri May 06, 2022 6:55 pm

Re: Is the DNS getting flushed after receiving it?

Post by YeongMin » Tue May 10, 2022 7:03 pm

updated using oconf

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is the DNS getting flushed after receiving it?

Post by TinCanTech » Sat May 14, 2022 12:03 am

Openvpn version ?

YeongMin
OpenVpn Newbie
Posts: 5
Joined: Fri May 06, 2022 6:55 pm

Re: Is the DNS getting flushed after receiving it?

Post by YeongMin » Mon May 16, 2022 1:44 pm

Client 3.3.4
Server 2.5.4

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is the DNS getting flushed after receiving it?

Post by TinCanTech » Mon May 16, 2022 1:54 pm

Can you ping your DNS server from the client via the tunnel ?

YeongMin
OpenVpn Newbie
Posts: 5
Joined: Fri May 06, 2022 6:55 pm

Re: Is the DNS getting flushed after receiving it?

Post by YeongMin » Mon May 16, 2022 2:31 pm

ping using IP, yes

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is the DNS getting flushed after receiving it?

Post by TinCanTech » Mon May 16, 2022 2:52 pm

Then it sounds like your DNS server is incorrectly configured.

YeongMin
OpenVpn Newbie
Posts: 5
Joined: Fri May 06, 2022 6:55 pm

Re: Is the DNS getting flushed after receiving it?

Post by YeongMin » Mon May 16, 2022 3:25 pm

hmmm....ok. it was configured before me. so it's quite possible. i'll go through it. thanks for your replies.

Post Reply