push dns does not work

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
argyrg
OpenVpn Newbie
Posts: 16
Joined: Fri Mar 01, 2019 11:01 pm

push dns does not work

Post by argyrg » Tue Mar 05, 2019 12:48 pm

My setup:

openvpn 2.4.0.6 is the latest stable version in Debian Stretch and in Raspbian desktop and is installed on both a cloud VPS, acting as the server, and a raspberry pi acting, as the client

The server package was installed using the angristan installer on git-hub and the client side was a simple sudo apt-get install openvpn immediayely after an update. the same client.ovpn file was used and tested on multiple connections

The upshot is that the nameserver settings are dependent on the connection over which the vpn is made and are not related to the google dns servers that are configured on the server. Specifically, I have found that unless the nameserver settings in the interface configuration file are set to the google nameservers then the ability to get domain name resolution is lost.

The VPN works as expected if the interface is configured with Google nameservers but push "dhcp-option DNS 8.8.8.8" should do the job, shouldn't it?

How can I fix this so that it just works!!!??

Code: Select all

sudo cat /etc/openvpn/server.conf
[oconf=]
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_baOUcI0m0z2674zq.crt
key server_baOUcI0m0z2674zq.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3
[/oconf]

Regards
argyrg
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: push dns does not work

Post by TinCanTech » Tue Mar 05, 2019 1:56 pm

Because you have not posted the required details I will assume your configuration from this post.

A Linux client requires the use of an --up & --down script to import & reset DNS settings.

The script distributed with openvpn for Ubuntu is called /etc/openvpn/update-resolv-conf
Top
argyrg
OpenVpn Newbie
Posts: 16
Joined: Fri Mar 01, 2019 11:01 pm

Re: push dns does not work

Post by argyrg » Tue Mar 05, 2019 2:46 pm

Thanks for responding and for cross checking my other posts,

I was half way there and your shove helped me over the line...

I've reinstalled openvpn more than a dozen times on the same pi in an effort to resolve this. The last install was done through the Pi's 'Add / remove software' facility and on this occasion I also installed the package 'openvpn-systemd-resolved-1.2.3-1. So that was the half way bit.

Because that didn't automatically fix things I then went and configured static nameservers in the interface settings and then wrote this original post.

The second half, your helpful shove, was to add:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
to my *.ovpn file

And now I'm really happy to say that everything in the nameserver / DNS department works as expected.

I had previously tried different iterations of this without success. Sometimes it's difficult to put all of this together as a semi noob (As-in I think I know what I'm doing, but obviously don't). Hopefully others will stumble across this and get up and running much quicker.

My next support request is going to be about keepalive which I've also been struggling with. I'm going to read the documentation again and scour the internet first...

Thanks again

argyrg
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: push dns does not work

Post by TinCanTech » Tue Mar 05, 2019 2:54 pm

Thanks for updating this thread 8-)
Top
argyrg
OpenVpn Newbie
Posts: 16
Joined: Fri Mar 01, 2019 11:01 pm

Re: push dns does not work

Post by argyrg » Fri Mar 08, 2019 11:35 am

I'm coming back here for continuity.

After getting the nameservers to work I then looked into resolving an issue which I believed related to keepalive. That issue was resolved in viewtopic.php?f=4&t=28018 but it flagged another issue which seems to be specific to linux (debian. Raspbian, Ubuntu) distributions and which became highlighted after TinCanTech shoved me over the line as indicated in post #3

It seems that the linux client functionality has a few issues which hopefully I can shake out in this thread. First of all my config files.

server.conf

Code: Select all

port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_baOUcI0m0z2674zq.crt
key server_baOUcI0m0z2674zq.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 4
russell.ovpn

Code: Select all

client
proto udp
remote 159.69.7.156 1194
dev tun
resolv-retry infinite
nobind
persist-key
#persist-tun
remote-cert-tls server
verify-x509-name server_baOUcI0m0z2674zq name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

And the output of my client when set to verb 4 (It took 6 minutes to reconnect after briefly switching off the wifi...)

Code: Select all

Fri Mar  8 11:09:34 2019 us=407615 Current Parameter Settings:
Fri Mar  8 11:09:34 2019 us=408054   config = '/etc/openvpn/russell.ovpn'
Fri Mar  8 11:09:34 2019 us=408138   mode = 0
Fri Mar  8 11:09:34 2019 us=408313   persist_config = DISABLED
Fri Mar  8 11:09:34 2019 us=408379   persist_mode = 1
Fri Mar  8 11:09:34 2019 us=408441   show_ciphers = DISABLED
Fri Mar  8 11:09:34 2019 us=408542   show_digests = DISABLED
Fri Mar  8 11:09:34 2019 us=408605   show_engines = DISABLED
Fri Mar  8 11:09:34 2019 us=408668   genkey = DISABLED
Fri Mar  8 11:09:34 2019 us=408731   key_pass_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=408794   show_tls_ciphers = DISABLED
Fri Mar  8 11:09:34 2019 us=408859   connect_retry_max = 0
Fri Mar  8 11:09:34 2019 us=408923 Connection profiles [0]:
Fri Mar  8 11:09:34 2019 us=408988   proto = udp
Fri Mar  8 11:09:34 2019 us=409050   local = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=409113   local_port = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=409175   remote = '159.69.7.156'
Fri Mar  8 11:09:34 2019 us=409237   remote_port = '1194'
Fri Mar  8 11:09:34 2019 us=409299   remote_float = DISABLED
Fri Mar  8 11:09:34 2019 us=409362   bind_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=409424   bind_local = DISABLED
Fri Mar  8 11:09:34 2019 us=409486   bind_ipv6_only = DISABLED
Fri Mar  8 11:09:34 2019 us=409549   connect_retry_seconds = 5
Fri Mar  8 11:09:34 2019 us=409611   connect_timeout = 120
Fri Mar  8 11:09:34 2019 us=409673   socks_proxy_server = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=409736   socks_proxy_port = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=409799   tun_mtu = 1500
Fri Mar  8 11:09:34 2019 us=409861   tun_mtu_defined = ENABLED
Fri Mar  8 11:09:34 2019 us=409924   link_mtu = 1500
Fri Mar  8 11:09:34 2019 us=409985   link_mtu_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=410048   tun_mtu_extra = 0
Fri Mar  8 11:09:34 2019 us=410110   tun_mtu_extra_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=410173   mtu_discover_type = -1
Fri Mar  8 11:09:34 2019 us=410236   fragment = 0
Fri Mar  8 11:09:34 2019 us=410298   mssfix = 1450
Fri Mar  8 11:09:34 2019 us=410360   explicit_exit_notification = 0
Fri Mar  8 11:09:34 2019 us=410424 Connection profiles END
Fri Mar  8 11:09:34 2019 us=410486   remote_random = DISABLED
Fri Mar  8 11:09:34 2019 us=410548   ipchange = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=410609   dev = 'tun'
Fri Mar  8 11:09:34 2019 us=410673   dev_type = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=410736   dev_node = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=410798   lladdr = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=410862   topology = 1
Fri Mar  8 11:09:34 2019 us=410923   ifconfig_local = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=410990   ifconfig_remote_netmask = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=411053   ifconfig_noexec = DISABLED
Fri Mar  8 11:09:34 2019 us=411115   ifconfig_nowarn = DISABLED
Fri Mar  8 11:09:34 2019 us=411180   ifconfig_ipv6_local = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=411243   ifconfig_ipv6_netbits = 0
Fri Mar  8 11:09:34 2019 us=411307   ifconfig_ipv6_remote = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=411372   shaper = 0
Fri Mar  8 11:09:34 2019 us=411434   mtu_test = 0
Fri Mar  8 11:09:34 2019 us=411495   mlock = DISABLED
Fri Mar  8 11:09:34 2019 us=411558   keepalive_ping = 0
Fri Mar  8 11:09:34 2019 us=411620   keepalive_timeout = 0
Fri Mar  8 11:09:34 2019 us=411684   inactivity_timeout = 0
Fri Mar  8 11:09:34 2019 us=411746   ping_send_timeout = 0
Fri Mar  8 11:09:34 2019 us=411809   ping_rec_timeout = 0
Fri Mar  8 11:09:34 2019 us=411873   ping_rec_timeout_action = 0
Fri Mar  8 11:09:34 2019 us=411936   ping_timer_remote = DISABLED
Fri Mar  8 11:09:34 2019 us=412000   remap_sigusr1 = 0
Fri Mar  8 11:09:34 2019 us=412062   persist_tun = DISABLED
Fri Mar  8 11:09:34 2019 us=412124   persist_local_ip = DISABLED
Fri Mar  8 11:09:34 2019 us=412189   persist_remote_ip = DISABLED
Fri Mar  8 11:09:34 2019 us=412250   persist_key = ENABLED
Fri Mar  8 11:09:34 2019 us=412312   passtos = DISABLED
Fri Mar  8 11:09:34 2019 us=412376   resolve_retry_seconds = 1000000000
Fri Mar  8 11:09:34 2019 us=412439   resolve_in_advance = DISABLED
Fri Mar  8 11:09:34 2019 us=412502   username = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=412565   groupname = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=412626   chroot_dir = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=412687   cd_dir = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=412749   writepid = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=412810   up_script = '/etc/openvpn/update-resolv-conf'
Fri Mar  8 11:09:34 2019 us=412873   down_script = '/etc/openvpn/update-resolv-conf'
Fri Mar  8 11:09:34 2019 us=412935   down_pre = DISABLED
Fri Mar  8 11:09:34 2019 us=412996   up_restart = DISABLED
Fri Mar  8 11:09:34 2019 us=413056   up_delay = DISABLED
Fri Mar  8 11:09:34 2019 us=413116   daemon = DISABLED
Fri Mar  8 11:09:34 2019 us=413176   inetd = 0
Fri Mar  8 11:09:34 2019 us=413235   log = DISABLED
Fri Mar  8 11:09:34 2019 us=413296   suppress_timestamps = DISABLED
Fri Mar  8 11:09:34 2019 us=413403   machine_readable_output = DISABLED
Fri Mar  8 11:09:34 2019 us=413464   nice = 0
Fri Mar  8 11:09:34 2019 us=413525   verbosity = 4
Fri Mar  8 11:09:34 2019 us=413586   mute = 0
Fri Mar  8 11:09:34 2019 us=413646   gremlin = 0
Fri Mar  8 11:09:34 2019 us=413706   status_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=413768   status_file_version = 1
Fri Mar  8 11:09:34 2019 us=413830   status_file_update_freq = 60
Fri Mar  8 11:09:34 2019 us=413891   occ = ENABLED
Fri Mar  8 11:09:34 2019 us=413951   rcvbuf = 0
Fri Mar  8 11:09:34 2019 us=414010   sndbuf = 0
Fri Mar  8 11:09:34 2019 us=414070   mark = 0
Fri Mar  8 11:09:34 2019 us=414130   sockflags = 0
Fri Mar  8 11:09:34 2019 us=414189   fast_io = DISABLED
Fri Mar  8 11:09:34 2019 us=414249   comp.alg = 0
Fri Mar  8 11:09:34 2019 us=414310   comp.flags = 0
Fri Mar  8 11:09:34 2019 us=414370   route_script = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=414431   route_default_gateway = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=414495   route_default_metric = 0
Fri Mar  8 11:09:34 2019 us=414557   route_noexec = DISABLED
Fri Mar  8 11:09:34 2019 us=414619   route_delay = 0
Fri Mar  8 11:09:34 2019 us=414681   route_delay_window = 30
Fri Mar  8 11:09:34 2019 us=414742   route_delay_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=414806   route_nopull = DISABLED
Fri Mar  8 11:09:34 2019 us=414867   route_gateway_via_dhcp = DISABLED
Fri Mar  8 11:09:34 2019 us=414931   allow_pull_fqdn = DISABLED
Fri Mar  8 11:09:34 2019 us=414996   management_addr = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415059   management_port = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415123   management_user_pass = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415186   management_log_history_cache = 250
Fri Mar  8 11:09:34 2019 us=415248   management_echo_buffer_size = 100
Fri Mar  8 11:09:34 2019 us=415312   management_write_peer_info_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415377   management_client_user = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415470   management_client_group = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415563   management_flags = 0
Fri Mar  8 11:09:34 2019 us=415626   shared_secret_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=415688   key_direction = 0
Fri Mar  8 11:09:34 2019 us=415749   ciphername = 'AES-128-GCM'
Fri Mar  8 11:09:34 2019 us=415811   ncp_enabled = ENABLED
Fri Mar  8 11:09:34 2019 us=415873   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Mar  8 11:09:34 2019 us=415936   authname = 'SHA256'
Fri Mar  8 11:09:34 2019 us=415997   prng_hash = 'SHA1'
Fri Mar  8 11:09:34 2019 us=416059   prng_nonce_secret_len = 16
Fri Mar  8 11:09:34 2019 us=416121   keysize = 0
Fri Mar  8 11:09:34 2019 us=416182   engine = DISABLED
Fri Mar  8 11:09:34 2019 us=416247   replay = ENABLED
Fri Mar  8 11:09:34 2019 us=416309   mute_replay_warnings = DISABLED
Fri Mar  8 11:09:34 2019 us=416578   replay_window = 64
Fri Mar  8 11:09:34 2019 us=416655   replay_time = 15
Fri Mar  8 11:09:34 2019 us=416717   packet_id_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=416780   use_iv = ENABLED
Fri Mar  8 11:09:34 2019 us=416841   test_crypto = DISABLED
Fri Mar  8 11:09:34 2019 us=416902   tls_server = DISABLED
Fri Mar  8 11:09:34 2019 us=416963   tls_client = ENABLED
Fri Mar  8 11:09:34 2019 us=417026   key_method = 2
Fri Mar  8 11:09:34 2019 us=417086   ca_file = '[[INLINE]]'
Fri Mar  8 11:09:34 2019 us=417147   ca_path = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417207   dh_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417268   cert_file = '[[INLINE]]'
Fri Mar  8 11:09:34 2019 us=417330   extra_certs_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417393   priv_key_file = '[[INLINE]]'
Fri Mar  8 11:09:34 2019 us=417457   pkcs12_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417520   cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
Fri Mar  8 11:09:34 2019 us=417585   tls_verify = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417647   tls_export_cert = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417709   verify_x509_type = 2
Fri Mar  8 11:09:34 2019 us=417773   verify_x509_name = 'server_baOUcI0m0z2674zq'
Fri Mar  8 11:09:34 2019 us=417839   crl_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=417900   ns_cert_type = 0
Fri Mar  8 11:09:34 2019 us=417962   remote_cert_ku[i] = 160
Fri Mar  8 11:09:34 2019 us=418023   remote_cert_ku[i] = 136
Fri Mar  8 11:09:34 2019 us=418085   remote_cert_ku[i] = 0
<snip>
Fri Mar  8 11:09:34 2019 us=418876   remote_cert_ku[i] = 0
Fri Mar  8 11:09:34 2019 us=418938   remote_cert_eku = 'TLS Web Server Authentication'
Fri Mar  8 11:09:34 2019 us=419003   ssl_flags = 192
Fri Mar  8 11:09:34 2019 us=419064   tls_timeout = 2
Fri Mar  8 11:09:34 2019 us=419126   renegotiate_bytes = -1
Fri Mar  8 11:09:34 2019 us=419186   renegotiate_packets = 0
Fri Mar  8 11:09:34 2019 us=419248   renegotiate_seconds = 3600
Fri Mar  8 11:09:34 2019 us=419309   handshake_window = 60
Fri Mar  8 11:09:34 2019 us=419372   transition_window = 3600
Fri Mar  8 11:09:34 2019 us=419433   single_session = DISABLED
Fri Mar  8 11:09:34 2019 us=419493   push_peer_info = DISABLED
Fri Mar  8 11:09:34 2019 us=419554   tls_exit = DISABLED
Fri Mar  8 11:09:34 2019 us=419615   tls_auth_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=419677   tls_crypt_file = '[[INLINE]]'
Fri Mar  8 11:09:34 2019 us=419740   pkcs11_protected_authentication = DISABLED
<snip>
Fri Mar  8 11:09:34 2019 us=420686   pkcs11_protected_authentication = DISABLED
Fri Mar  8 11:09:34 2019 us=420751   pkcs11_private_mode = 00000000
<snip>
Fri Mar  8 11:09:34 2019 us=421691   pkcs11_private_mode = 00000000
Fri Mar  8 11:09:34 2019 us=421753   pkcs11_cert_private = DISABLED
Fri Mar  8 11:09:34 2019 us=421815   pkcs11_cert_private = DISABLED
<snip>
Fri Mar  8 11:09:34 2019 us=422679   pkcs11_cert_private = DISABLED
Fri Mar  8 11:09:34 2019 us=422740   pkcs11_pin_cache_period = -1
Fri Mar  8 11:09:34 2019 us=422802   pkcs11_id = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=422863   pkcs11_id_management = DISABLED
Fri Mar  8 11:09:34 2019 us=423032   server_network = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423156   server_netmask = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423229   server_network_ipv6 = ::
Fri Mar  8 11:09:34 2019 us=423293   server_netbits_ipv6 = 0
Fri Mar  8 11:09:34 2019 us=423361   server_bridge_ip = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423431   server_bridge_netmask = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423501   server_bridge_pool_start = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423570   server_bridge_pool_end = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423633   ifconfig_pool_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=423703   ifconfig_pool_start = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423771   ifconfig_pool_end = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423840   ifconfig_pool_netmask = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=423903   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=423967   ifconfig_pool_persist_refresh_freq = 600
Fri Mar  8 11:09:34 2019 us=424031   ifconfig_ipv6_pool_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=424098   ifconfig_ipv6_pool_base = ::
Fri Mar  8 11:09:34 2019 us=424161   ifconfig_ipv6_pool_netbits = 0
Fri Mar  8 11:09:34 2019 us=424224   n_bcast_buf = 256
Fri Mar  8 11:09:34 2019 us=424285   tcp_queue_limit = 64
Fri Mar  8 11:09:34 2019 us=424346   real_hash_size = 256
Fri Mar  8 11:09:34 2019 us=424408   virtual_hash_size = 256
Fri Mar  8 11:09:34 2019 us=424469   client_connect_script = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=424532   learn_address_script = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=424595   client_disconnect_script = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=424657   client_config_dir = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=424719   ccd_exclusive = DISABLED
Fri Mar  8 11:09:34 2019 us=424780   tmp_dir = '/tmp'
Fri Mar  8 11:09:34 2019 us=424844   push_ifconfig_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=424912   push_ifconfig_local = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=424981   push_ifconfig_remote_netmask = 0.0.0.0
Fri Mar  8 11:09:34 2019 us=425045   push_ifconfig_ipv6_defined = DISABLED
Fri Mar  8 11:09:34 2019 us=425113   push_ifconfig_ipv6_local = ::/0
Fri Mar  8 11:09:34 2019 us=425179   push_ifconfig_ipv6_remote = ::
Fri Mar  8 11:09:34 2019 us=425241   enable_c2c = DISABLED
Fri Mar  8 11:09:34 2019 us=425302   duplicate_cn = DISABLED
Fri Mar  8 11:09:34 2019 us=425363   cf_max = 0
Fri Mar  8 11:09:34 2019 us=425424   cf_per = 0
Fri Mar  8 11:09:34 2019 us=425484   max_clients = 1024
Fri Mar  8 11:09:34 2019 us=425545   max_routes_per_client = 256
Fri Mar  8 11:09:34 2019 us=425608   auth_user_pass_verify_script = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=425671   auth_user_pass_verify_script_via_file = DISABLED
Fri Mar  8 11:09:34 2019 us=425734   auth_token_generate = DISABLED
Fri Mar  8 11:09:34 2019 us=425798   auth_token_lifetime = 0
Fri Mar  8 11:09:34 2019 us=425859   port_share_host = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=425921   port_share_port = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=425982   client = ENABLED
Fri Mar  8 11:09:34 2019 us=426043   pull = ENABLED
Fri Mar  8 11:09:34 2019 us=426105   auth_user_pass_file = '[UNDEF]'
Fri Mar  8 11:09:34 2019 us=426175 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Fri Mar  8 11:09:34 2019 us=426278 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.08
Fri Mar  8 11:09:34 2019 us=427196 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar  8 11:09:34 2019 us=432201 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Mar  8 11:09:34 2019 us=432388 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Mar  8 11:09:34 2019 us=432476 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Mar  8 11:09:34 2019 us=432563 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Mar  8 11:09:34 2019 us=432932 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Mar  8 11:09:34 2019 us=433084 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Mar  8 11:09:34 2019 us=433236 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Fri Mar  8 11:09:34 2019 us=433304 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Fri Mar  8 11:09:34 2019 us=433399 TCP/UDP: Preserving recently used remote address: [AF_INET]159.69.7.156:1194
Fri Mar  8 11:09:34 2019 us=433521 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Mar  8 11:09:34 2019 us=433586 UDP link local: (not bound)
Fri Mar  8 11:09:34 2019 us=433656 UDP link remote: [AF_INET]159.69.7.156:1194
Fri Mar  8 11:09:34 2019 us=472458 TLS: Initial packet from [AF_INET]159.69.7.156:1194, sid=d25d54e6 6417c535
Fri Mar  8 11:09:34 2019 us=525092 VERIFY OK: depth=1, CN=cn_W0ulBoBQjyXgMUEw
Fri Mar  8 11:09:34 2019 us=530412 Validating certificate key usage
Fri Mar  8 11:09:34 2019 us=530554 ++ Certificate has key usage  00a0, expects 00a0
Fri Mar  8 11:09:34 2019 us=530592 VERIFY KU OK
Fri Mar  8 11:09:34 2019 us=530661 Validating certificate extended key usage
Fri Mar  8 11:09:34 2019 us=530772 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Mar  8 11:09:34 2019 us=530814 VERIFY EKU OK
Fri Mar  8 11:09:34 2019 us=530841 VERIFY X509NAME OK: CN=server_baOUcI0m0z2674zq
Fri Mar  8 11:09:34 2019 us=530869 VERIFY OK: depth=0, CN=server_baOUcI0m0z2674zq
Fri Mar  8 11:09:34 2019 us=660282 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256
Fri Mar  8 11:09:34 2019 us=660415 [server_baOUcI0m0z2674zq] Peer Connection Initiated with [AF_INET]159.69.7.156:1194
Fri Mar  8 11:09:35 2019 us=808767 SENT CONTROL [server_baOUcI0m0z2674zq]: 'PUSH_REQUEST' (status=1)
Fri Mar  8 11:09:35 2019 us=847910 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Fri Mar  8 11:09:35 2019 us=848677 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar  8 11:09:35 2019 us=848860 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar  8 11:09:35 2019 us=848936 OPTIONS IMPORT: route options modified
Fri Mar  8 11:09:35 2019 us=849005 OPTIONS IMPORT: route-related options modified
Fri Mar  8 11:09:35 2019 us=849073 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Mar  8 11:09:35 2019 us=849138 OPTIONS IMPORT: peer-id set
Fri Mar  8 11:09:35 2019 us=849201 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Mar  8 11:09:35 2019 us=849265 OPTIONS IMPORT: data channel crypto options modified
Fri Mar  8 11:09:35 2019 us=849393 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Mar  8 11:09:35 2019 us=850128 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar  8 11:09:35 2019 us=850331 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar  8 11:09:35 2019 us=851167 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:5c:71:46
Fri Mar  8 11:09:35 2019 us=853138 TUN/TAP device tun0 opened
Fri Mar  8 11:09:35 2019 us=853874 TUN/TAP TX queue length set to 100
Fri Mar  8 11:09:35 2019 us=854199 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Mar  8 11:09:35 2019 us=854396 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar  8 11:09:35 2019 us=869926 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Fri Mar  8 11:09:35 2019 us=883270 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.2 255.255.255.0 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Too few arguments.
Too few arguments.
Fri Mar  8 11:09:36 2019 us=30058 /sbin/ip route add 159.69.7.156/32 via 192.168.1.254
Fri Mar  8 11:09:36 2019 us=33171 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri Mar  8 11:09:36 2019 us=43506 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri Mar  8 11:09:36 2019 us=51810 Initialization Sequence Completed
Fri Mar  8 11:09:47 2019 us=219602 Recursive routing detected, drop tun packet to [AF_INET]159.69.7.156:1194
<snip>
Fri Mar  8 11:15:43 2019 us=995458 Recursive routing detected, drop tun packet to [AF_INET]159.69.7.156:1194
Fri Mar  8 11:15:44 2019 us=186497 [server_baOUcI0m0z2674zq] Inactivity timeout (--ping-restart), restarting
Fri Mar  8 11:15:44 2019 us=186937 TCP/UDP: Closing socket
Fri Mar  8 11:15:44 2019 us=187068 /sbin/ip route del 159.69.7.156/32
RTNETLINK answers: No such process
Fri Mar  8 11:15:44 2019 us=190059 ERROR: Linux route delete command failed: external program exited with error status: 2
Fri Mar  8 11:15:44 2019 us=190196 /sbin/ip route del 0.0.0.0/1
Fri Mar  8 11:15:44 2019 us=193257 /sbin/ip route del 128.0.0.0/1
Fri Mar  8 11:15:44 2019 us=196298 Closing TUN/TAP interface
Fri Mar  8 11:15:44 2019 us=196556 /sbin/ip addr del dev tun0 10.8.0.2/24
Fri Mar  8 11:15:44 2019 us=256649 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.2 255.255.255.0 init
Too few arguments.
Too few arguments.
Fri Mar  8 11:15:44 2019 us=367017 SIGUSR1[soft,ping-restart] received, process restarting
Fri Mar  8 11:15:44 2019 us=367166 Restart pause, 5 second(s)
Fri Mar  8 11:15:49 2019 us=367367 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar  8 11:15:49 2019 us=367552 Re-using SSL/TLS context
Fri Mar  8 11:15:49 2019 us=367970 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Mar  8 11:15:49 2019 us=368110 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Mar  8 11:15:49 2019 us=368310 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Fri Mar  8 11:15:49 2019 us=368384 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Fri Mar  8 11:15:49 2019 us=368484 TCP/UDP: Preserving recently used remote address: [AF_INET]159.69.7.156:1194
Fri Mar  8 11:15:49 2019 us=368608 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Mar  8 11:15:49 2019 us=368674 UDP link local: (not bound)
Fri Mar  8 11:15:49 2019 us=368747 UDP link remote: [AF_INET]159.69.7.156:1194
Fri Mar  8 11:15:49 2019 us=413864 TLS: Initial packet from [AF_INET]159.69.7.156:1194, sid=e10805d0 5c772b37
Fri Mar  8 11:15:49 2019 us=468788 VERIFY OK: depth=1, CN=cn_W0ulBoBQjyXgMUEw
Fri Mar  8 11:15:49 2019 us=474858 Validating certificate key usage
Fri Mar  8 11:15:49 2019 us=475067 ++ Certificate has key usage  00a0, expects 00a0
Fri Mar  8 11:15:49 2019 us=475175 VERIFY KU OK
Fri Mar  8 11:15:49 2019 us=475238 Validating certificate extended key usage
Fri Mar  8 11:15:49 2019 us=475278 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Mar  8 11:15:49 2019 us=475309 VERIFY EKU OK
Fri Mar  8 11:15:49 2019 us=475335 VERIFY X509NAME OK: CN=server_baOUcI0m0z2674zq
Fri Mar  8 11:15:49 2019 us=475363 VERIFY OK: depth=0, CN=server_baOUcI0m0z2674zq
Fri Mar  8 11:15:49 2019 us=592489 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256
Fri Mar  8 11:15:49 2019 us=592648 [server_baOUcI0m0z2674zq] Peer Connection Initiated with [AF_INET]159.69.7.156:1194
Fri Mar  8 11:15:50 2019 us=805082 SENT CONTROL [server_baOUcI0m0z2674zq]: 'PUSH_REQUEST' (status=1)
Fri Mar  8 11:15:50 2019 us=848456 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Fri Mar  8 11:15:50 2019 us=849237 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar  8 11:15:50 2019 us=849458 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar  8 11:15:50 2019 us=849537 OPTIONS IMPORT: route options modified
Fri Mar  8 11:15:50 2019 us=849595 OPTIONS IMPORT: route-related options modified
Fri Mar  8 11:15:50 2019 us=849684 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Mar  8 11:15:50 2019 us=849742 OPTIONS IMPORT: peer-id set
Fri Mar  8 11:15:50 2019 us=849798 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Mar  8 11:15:50 2019 us=849855 OPTIONS IMPORT: data channel crypto options modified
Fri Mar  8 11:15:50 2019 us=849973 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Mar  8 11:15:50 2019 us=850701 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar  8 11:15:50 2019 us=850846 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar  8 11:15:50 2019 us=851674 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:5c:71:46
Fri Mar  8 11:15:50 2019 us=853171 TUN/TAP device tun0 opened
Fri Mar  8 11:15:50 2019 us=853621 TUN/TAP TX queue length set to 100
Fri Mar  8 11:15:50 2019 us=853839 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Mar  8 11:15:50 2019 us=854014 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar  8 11:15:50 2019 us=869783 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Fri Mar  8 11:15:50 2019 us=882816 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.2 255.255.255.0 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Too few arguments.
Too few arguments.
Fri Mar  8 11:15:51 2019 us=47138 /sbin/ip route add 159.69.7.156/32 via 192.168.1.254
Fri Mar  8 11:15:51 2019 us=58299 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri Mar  8 11:15:51 2019 us=64184 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri Mar  8 11:15:51 2019 us=73179 Initialization Sequence Completed
I'm going to take a look at these links (which @Pippin pointed out) and will come back with any questions / test results
https://github.com/wknapik/vpnfailsafe/issues/23
https://forums.linuxmint.com/viewtopic.php?t=272446
https://github.com/angristan/openvpn-install/issues/149
https://bugs.debian.org/cgi-bin/bugrepo ... bug=881600

I'll be back...
Top
Sea Monkey
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 23, 2020 3:11 pm

Re: push dns does not work

Post by Sea Monkey » Wed Dec 23, 2020 3:13 pm

argyrg wrote:
Tue Mar 05, 2019 2:46 pm
 The second half, your helpful shove, was to add:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
to my *.ovpn file
I just registered to thank you for posting this. I was setting up OpenVPN access to my server from my friend's Raspberry Pi and this is the first time I've had to make modifications to the OpenVPN profile to get DNS working.
Top
Post Reply

Return to “Server Administration”