DNS push works on OpenVPN Connect windows client but not Ubuntu

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
doman
OpenVpn Newbie
Posts: 18
Joined: Mon Mar 20, 2017 2:51 pm

DNS push works on OpenVPN Connect windows client but not Ubuntu

Post by doman » Wed Jul 06, 2022 1:36 pm

As title says.
Windows with Openvpn Connect - can open links like https://cms.prod.int
Windows with Community openvpn - site not found
Ubuntu 20.04 + openvpn - site not found

server.conf

server 10.1.1.0 255.255.255.0
verb 3

crl-verify /etc/openvpn/certs/crl.pem

key /etc/openvpn/certs/pki/private/server.key
ca /etc/openvpn/certs/pki/ca.crt
cert /etc/openvpn/certs/pki/issued/server.crt
dh /etc/openvpn/certs/pki/dh.pem
cipher AES-256-CBC

key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
port 443
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup

push "route 10.1.16.0 255.255.240.0"
push "route 10.1.16.0 255.255.240.0"
push "route 10.1.32.0 255.255.240.0"

push "dhcp-option DNS 10.1.32.10"
push "route 10.1.0.0 255.255.255.0"
push "route 1.2.3.4 255.255.255.255"


client.conf

client
nobind
dev tun
remote vpn.mysite.com 443 udp

cipher AES-256-CBC

script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre

...(keys and certs)

Code: Select all

$ ls -la /etc/openvpn
drwxr-xr-x   2 root root  4096 lip 19  2021 client
-rw-r--r--   1 root root  7432 lip  1 10:49 client.conf
drwxr-xr-x   2 root root  4096 lip 19  2021 server
-rwxr-xr-x   1 root root  1468 lip 19  2021 update-resolv-conf
-rwxr-xr-x   1 root root 12009 maj 19  2019 update-systemd-resolved
To show you the logs i stop openvpn@client service and run the file manually ....

Code: Select all

$ sudo openvpn Insync/dominik.panda@mycompany.com/ENVs/prod/vpn/client.ovpn
Wed Jul  6 15:28:52 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Jul  6 15:28:52 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Jul  6 15:28:52 2022 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul  6 15:28:52 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jul  6 15:28:52 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]vpn.mysite.com:443
Wed Jul  6 15:28:52 2022 UDP link local: (not bound)
Wed Jul  6 15:28:52 2022 UDP link remote: [AF_INET]vpn.mysite.com:443
Wed Jul  6 15:28:53 2022 [server] Peer Connection Initiated with [AF_INET]vpn.mysite.com:443
Wed Jul  6 15:28:54 2022 TUN/TAP device tun0 opened
Wed Jul  6 15:28:54 2022 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul  6 15:28:54 2022 /sbin/ip addr add dev tun0 local 10.1.1.26 peer 10.1.1.25
Wed Jul  6 15:28:54 2022 /etc/openvpn/update-systemd-resolved tun0 1500 1557 10.1.1.26 10.1.1.25 init
<14>Jul  6 15:28:54 update-systemd-resolved: Link 'tun0' coming up
<14>Jul  6 15:28:54 update-systemd-resolved: Adding IPv4 DNS Server 10.1.32.10
<14>Jul  6 15:28:54 update-systemd-resolved: SetLinkDNS(102 1 2 4 10 1 32 10)
RTNETLINK answers: File exists
Wed Jul  6 15:28:54 2022 ERROR: Linux route add command failed: external program exited with error status: 2
Wed Jul  6 15:28:54 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS push works on OpenVPN Connect windows client but not Ubuntu

Post by TinCanTech » Thu Jul 07, 2022 1:50 am

Please use --topology subnet in your server config.

For debugging, use --verb 4

doman
OpenVpn Newbie
Posts: 18
Joined: Mon Mar 20, 2017 2:51 pm

Re: DNS push works on OpenVPN Connect windows client but not Ubuntu

Post by doman » Thu Jul 07, 2022 12:47 pm

My supervisor disagreed to change topology. It claims thats my problem only (because others dont have this problem).

As workarround for now i used scripts like this

/etc/systemd/resolved.conf.d/myproject_qa.conf

Code: Select all

\[Resolve\]
DNS=10.3.32.10
Domains=qa.int
But anyway i paste the full connection log with --verb 4 parameter

Code: Select all

hu Jul  7 14:37:47 2022 us=422080 Current Parameter Settings:
Thu Jul  7 14:37:47 2022 us=422113   config = 'Insync/dominik.panda@mycompany/myproject/ENVs/prod/vpn/myproject-prod-panda.ovpn'
Thu Jul  7 14:37:47 2022 us=422117   mode = 0
Thu Jul  7 14:37:47 2022 us=422121   persist_config = DISABLED
Thu Jul  7 14:37:47 2022 us=422124   persist_mode = 1
Thu Jul  7 14:37:47 2022 us=422127   show_ciphers = DISABLED
Thu Jul  7 14:37:47 2022 us=422131   show_digests = DISABLED
Thu Jul  7 14:37:47 2022 us=422134   show_engines = DISABLED
Thu Jul  7 14:37:47 2022 us=422137   genkey = DISABLED
Thu Jul  7 14:37:47 2022 us=422140   key_pass_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422143   show_tls_ciphers = DISABLED
Thu Jul  7 14:37:47 2022 us=422146   connect_retry_max = 0
Thu Jul  7 14:37:47 2022 us=422149 Connection profiles [0]:
Thu Jul  7 14:37:47 2022 us=422153   proto = udp
Thu Jul  7 14:37:47 2022 us=422156   local = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422159   local_port = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422162   remote = 'vpn.meine-myproject.de'
Thu Jul  7 14:37:47 2022 us=422165   remote_port = '443'
Thu Jul  7 14:37:47 2022 us=422169   remote_float = DISABLED
Thu Jul  7 14:37:47 2022 us=422172   bind_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422175   bind_local = DISABLED
Thu Jul  7 14:37:47 2022 us=422178   bind_ipv6_only = DISABLED
Thu Jul  7 14:37:47 2022 us=422181   connect_retry_seconds = 5
Thu Jul  7 14:37:47 2022 us=422184   connect_timeout = 120
Thu Jul  7 14:37:47 2022 us=422188   socks_proxy_server = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422191   socks_proxy_port = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422194   tun_mtu = 1500
Thu Jul  7 14:37:47 2022 us=422197   tun_mtu_defined = ENABLED
Thu Jul  7 14:37:47 2022 us=422200   link_mtu = 1500
Thu Jul  7 14:37:47 2022 us=422203   link_mtu_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422207   tun_mtu_extra = 0
Thu Jul  7 14:37:47 2022 us=422210   tun_mtu_extra_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422213   mtu_discover_type = -1
Thu Jul  7 14:37:47 2022 us=422216   fragment = 0
Thu Jul  7 14:37:47 2022 us=422219   mssfix = 1450
Thu Jul  7 14:37:47 2022 us=422222   explicit_exit_notification = 0
Thu Jul  7 14:37:47 2022 us=422226 Connection profiles END
Thu Jul  7 14:37:47 2022 us=422229   remote_random = DISABLED
Thu Jul  7 14:37:47 2022 us=422232   ipchange = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422235   dev = 'tun'
Thu Jul  7 14:37:47 2022 us=422238   dev_type = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422241   dev_node = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422244   lladdr = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422248   topology = 1
Thu Jul  7 14:37:47 2022 us=422251   ifconfig_local = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422254   ifconfig_remote_netmask = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422257   ifconfig_noexec = DISABLED
Thu Jul  7 14:37:47 2022 us=422260   ifconfig_nowarn = DISABLED
Thu Jul  7 14:37:47 2022 us=422263   ifconfig_ipv6_local = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422266   ifconfig_ipv6_netbits = 0
Thu Jul  7 14:37:47 2022 us=422270   ifconfig_ipv6_remote = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422273   shaper = 0
Thu Jul  7 14:37:47 2022 us=422276   mtu_test = 0
Thu Jul  7 14:37:47 2022 us=422279   mlock = DISABLED
Thu Jul  7 14:37:47 2022 us=422282   keepalive_ping = 0
Thu Jul  7 14:37:47 2022 us=422285   keepalive_timeout = 0
Thu Jul  7 14:37:47 2022 us=422288   inactivity_timeout = 0
Thu Jul  7 14:37:47 2022 us=422291   ping_send_timeout = 0
Thu Jul  7 14:37:47 2022 us=422294   ping_rec_timeout = 0
Thu Jul  7 14:37:47 2022 us=422298   ping_rec_timeout_action = 0
Thu Jul  7 14:37:47 2022 us=422301   ping_timer_remote = DISABLED
Thu Jul  7 14:37:47 2022 us=422304   remap_sigusr1 = 0
Thu Jul  7 14:37:47 2022 us=422307   persist_tun = DISABLED
Thu Jul  7 14:37:47 2022 us=422310   persist_local_ip = DISABLED
Thu Jul  7 14:37:47 2022 us=422313   persist_remote_ip = DISABLED
Thu Jul  7 14:37:47 2022 us=422316   persist_key = DISABLED
Thu Jul  7 14:37:47 2022 us=422320   passtos = DISABLED
Thu Jul  7 14:37:47 2022 us=422323   resolve_retry_seconds = 1000000000
Thu Jul  7 14:37:47 2022 us=422326   resolve_in_advance = DISABLED
Thu Jul  7 14:37:47 2022 us=422329   username = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422332   groupname = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422335   chroot_dir = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422338   cd_dir = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422341   writepid = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422345   up_script = '/etc/openvpn/update-systemd-resolved'
Thu Jul  7 14:37:47 2022 us=422348   down_script = '/etc/openvpn/update-systemd-resolved'
Thu Jul  7 14:37:47 2022 us=422351   down_pre = ENABLED
Thu Jul  7 14:37:47 2022 us=422354   up_restart = ENABLED
Thu Jul  7 14:37:47 2022 us=422357   up_delay = DISABLED
Thu Jul  7 14:37:47 2022 us=422360   daemon = DISABLED
Thu Jul  7 14:37:47 2022 us=422363   inetd = 0
Thu Jul  7 14:37:47 2022 us=422366   log = DISABLED
Thu Jul  7 14:37:47 2022 us=422370   suppress_timestamps = DISABLED
Thu Jul  7 14:37:47 2022 us=422373   machine_readable_output = DISABLED
Thu Jul  7 14:37:47 2022 us=422376   nice = 0
Thu Jul  7 14:37:47 2022 us=422379   verbosity = 4
Thu Jul  7 14:37:47 2022 us=422382   mute = 0
Thu Jul  7 14:37:47 2022 us=422385   gremlin = 0
Thu Jul  7 14:37:47 2022 us=422388   status_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422391   status_file_version = 1
Thu Jul  7 14:37:47 2022 us=422394   status_file_update_freq = 60
Thu Jul  7 14:37:47 2022 us=422398   occ = ENABLED
Thu Jul  7 14:37:47 2022 us=422401   rcvbuf = 0
Thu Jul  7 14:37:47 2022 us=422404   sndbuf = 0
Thu Jul  7 14:37:47 2022 us=422407   mark = 0
Thu Jul  7 14:37:47 2022 us=422410   sockflags = 0
Thu Jul  7 14:37:47 2022 us=422413   fast_io = DISABLED
Thu Jul  7 14:37:47 2022 us=422416   comp.alg = 0
Thu Jul  7 14:37:47 2022 us=422419   comp.flags = 0
Thu Jul  7 14:37:47 2022 us=422422   route_script = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422426   route_default_gateway = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422429   route_default_metric = 0
Thu Jul  7 14:37:47 2022 us=422432   route_noexec = DISABLED
Thu Jul  7 14:37:47 2022 us=422435   route_delay = 0
Thu Jul  7 14:37:47 2022 us=422438   route_delay_window = 30
Thu Jul  7 14:37:47 2022 us=422442   route_delay_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422445   route_nopull = DISABLED
Thu Jul  7 14:37:47 2022 us=422448   route_gateway_via_dhcp = DISABLED
Thu Jul  7 14:37:47 2022 us=422451   allow_pull_fqdn = DISABLED
Thu Jul  7 14:37:47 2022 us=422454   management_addr = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422457   management_port = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422460   management_user_pass = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422464   management_log_history_cache = 250
Thu Jul  7 14:37:47 2022 us=422467   management_echo_buffer_size = 100
Thu Jul  7 14:37:47 2022 us=422470   management_write_peer_info_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422473   management_client_user = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422476   management_client_group = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422479   management_flags = 0
Thu Jul  7 14:37:47 2022 us=422482   shared_secret_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422486   key_direction = not set
Thu Jul  7 14:37:47 2022 us=422489   ciphername = 'AES-256-CBC'
Thu Jul  7 14:37:47 2022 us=422492   ncp_enabled = ENABLED
Thu Jul  7 14:37:47 2022 us=422495   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Jul  7 14:37:47 2022 us=422499   authname = 'SHA1'
Thu Jul  7 14:37:47 2022 us=422502   prng_hash = 'SHA1'
Thu Jul  7 14:37:47 2022 us=422505   prng_nonce_secret_len = 16
Thu Jul  7 14:37:47 2022 us=422508   keysize = 0
Thu Jul  7 14:37:47 2022 us=422511   engine = DISABLED
Thu Jul  7 14:37:47 2022 us=422514   replay = ENABLED
Thu Jul  7 14:37:47 2022 us=422517   mute_replay_warnings = DISABLED
Thu Jul  7 14:37:47 2022 us=422521   replay_window = 64
Thu Jul  7 14:37:47 2022 us=422524   replay_time = 15
Thu Jul  7 14:37:47 2022 us=422527   packet_id_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422530   use_iv = ENABLED
Thu Jul  7 14:37:47 2022 us=422533   test_crypto = DISABLED
Thu Jul  7 14:37:47 2022 us=422536   tls_server = DISABLED
Thu Jul  7 14:37:47 2022 us=422540   tls_client = ENABLED
Thu Jul  7 14:37:47 2022 us=422543   key_method = 2
Thu Jul  7 14:37:47 2022 us=422546   ca_file = '[[INLINE]]'
Thu Jul  7 14:37:47 2022 us=422549   ca_path = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422552   dh_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422555   cert_file = '[[INLINE]]'
Thu Jul  7 14:37:47 2022 us=422559   extra_certs_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422562   priv_key_file = '[[INLINE]]'
Thu Jul  7 14:37:47 2022 us=422565   pkcs12_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422568   cipher_list = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422571   cipher_list_tls13 = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422575   tls_cert_profile = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422578   tls_verify = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422581   tls_export_cert = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422584   verify_x509_type = 0
Thu Jul  7 14:37:47 2022 us=422587   verify_x509_name = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422590   crl_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422593   ns_cert_type = 0
Thu Jul  7 14:37:47 2022 us=422597   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422600   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422603   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422606   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422609   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422612   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422615   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422618   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422622   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422625   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422628   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422631   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422634   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422637   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422640   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422643   remote_cert_ku[i] = 0
Thu Jul  7 14:37:47 2022 us=422646   remote_cert_eku = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422649   ssl_flags = 0
Thu Jul  7 14:37:47 2022 us=422653   tls_timeout = 2
Thu Jul  7 14:37:47 2022 us=422656   renegotiate_bytes = -1
Thu Jul  7 14:37:47 2022 us=422659   renegotiate_packets = 0
Thu Jul  7 14:37:47 2022 us=422662   renegotiate_seconds = 3600
Thu Jul  7 14:37:47 2022 us=422665   handshake_window = 60
Thu Jul  7 14:37:47 2022 us=422668   transition_window = 3600
Thu Jul  7 14:37:47 2022 us=422671   single_session = DISABLED
Thu Jul  7 14:37:47 2022 us=422675   push_peer_info = DISABLED
Thu Jul  7 14:37:47 2022 us=422678   tls_exit = DISABLED
Thu Jul  7 14:37:47 2022 us=422681   tls_auth_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422684   tls_crypt_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422687   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422690   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422693   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422696   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422700   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422703   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422706   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422709   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422712   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422715   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422718   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422721   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422724   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422727   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422730   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422734   pkcs11_protected_authentication = DISABLED
Thu Jul  7 14:37:47 2022 us=422737   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422740   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422743   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422746   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422749   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422753   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422756   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422759   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422762   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422765   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422768   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422771   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422774   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422777   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422780   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422783   pkcs11_private_mode = 00000000
Thu Jul  7 14:37:47 2022 us=422786   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422789   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422792   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422795   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422798   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422801   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422804   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422807   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422811   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422814   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422817   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422820   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422823   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422826   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422829   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422832   pkcs11_cert_private = DISABLED
Thu Jul  7 14:37:47 2022 us=422835   pkcs11_pin_cache_period = -1
Thu Jul  7 14:37:47 2022 us=422838   pkcs11_id = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422841   pkcs11_id_management = DISABLED
Thu Jul  7 14:37:47 2022 us=422845   server_network = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422848   server_netmask = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422854   server_network_ipv6 = ::
Thu Jul  7 14:37:47 2022 us=422857   server_netbits_ipv6 = 0
Thu Jul  7 14:37:47 2022 us=422861   server_bridge_ip = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422864   server_bridge_netmask = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422868   server_bridge_pool_start = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422871   server_bridge_pool_end = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422874   ifconfig_pool_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422878   ifconfig_pool_start = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422881   ifconfig_pool_end = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422885   ifconfig_pool_netmask = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422888   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422891   ifconfig_pool_persist_refresh_freq = 600
Thu Jul  7 14:37:47 2022 us=422894   ifconfig_ipv6_pool_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422898   ifconfig_ipv6_pool_base = ::
Thu Jul  7 14:37:47 2022 us=422901   ifconfig_ipv6_pool_netbits = 0
Thu Jul  7 14:37:47 2022 us=422904   n_bcast_buf = 256
Thu Jul  7 14:37:47 2022 us=422907   tcp_queue_limit = 64
Thu Jul  7 14:37:47 2022 us=422911   real_hash_size = 256
Thu Jul  7 14:37:47 2022 us=422914   virtual_hash_size = 256
Thu Jul  7 14:37:47 2022 us=422917   client_connect_script = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422920   learn_address_script = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422923   client_disconnect_script = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422926   client_config_dir = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422930   ccd_exclusive = DISABLED
Thu Jul  7 14:37:47 2022 us=422933   tmp_dir = '/tmp'
Thu Jul  7 14:37:47 2022 us=422936   push_ifconfig_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422940   push_ifconfig_local = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422943   push_ifconfig_remote_netmask = 0.0.0.0
Thu Jul  7 14:37:47 2022 us=422946   push_ifconfig_ipv6_defined = DISABLED
Thu Jul  7 14:37:47 2022 us=422950   push_ifconfig_ipv6_local = ::/0
Thu Jul  7 14:37:47 2022 us=422953   push_ifconfig_ipv6_remote = ::
Thu Jul  7 14:37:47 2022 us=422956   enable_c2c = DISABLED
Thu Jul  7 14:37:47 2022 us=422959   duplicate_cn = DISABLED
Thu Jul  7 14:37:47 2022 us=422963   cf_max = 0
Thu Jul  7 14:37:47 2022 us=422966   cf_per = 0
Thu Jul  7 14:37:47 2022 us=422969   max_clients = 1024
Thu Jul  7 14:37:47 2022 us=422972   max_routes_per_client = 256
Thu Jul  7 14:37:47 2022 us=422975   auth_user_pass_verify_script = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422979   auth_user_pass_verify_script_via_file = DISABLED
Thu Jul  7 14:37:47 2022 us=422982   auth_token_generate = DISABLED
Thu Jul  7 14:37:47 2022 us=422985   auth_token_lifetime = 0
Thu Jul  7 14:37:47 2022 us=422988   port_share_host = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422991   port_share_port = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=422994   client = ENABLED
Thu Jul  7 14:37:47 2022 us=422997   pull = ENABLED
Thu Jul  7 14:37:47 2022 us=423001   auth_user_pass_file = '[UNDEF]'
Thu Jul  7 14:37:47 2022 us=423004 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Thu Jul  7 14:37:47 2022 us=423010 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Thu Jul  7 14:37:47 2022 us=423056 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jul  7 14:37:47 2022 us=423060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul  7 14:37:47 2022 us=423282 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Jul  7 14:37:48 2022 us=91042 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Thu Jul  7 14:37:48 2022 us=91137 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Jul  7 14:37:48 2022 us=91157 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Jul  7 14:37:48 2022 us=91179 TCP/UDP: Preserving recently used remote address: [AF_INET]vpn.mysite.com:443
Thu Jul  7 14:37:48 2022 us=91267 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Jul  7 14:37:48 2022 us=91285 UDP link local: (not bound)
Thu Jul  7 14:37:48 2022 us=91297 UDP link remote: [AF_INET]vpn.mysite.com:443
Thu Jul  7 14:37:48 2022 us=137508 TLS: Initial packet from [AF_INET]vpn.mysite.com:443, sid=426e223b bf851a1e
Thu Jul  7 14:37:48 2022 us=245162 VERIFY OK: depth=1, CN=ca\\n
Thu Jul  7 14:37:48 2022 us=245431 VERIFY OK: depth=0, CN=server
Thu Jul  7 14:37:48 2022 us=354893 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jul  7 14:37:48 2022 us=354970 [server] Peer Connection Initiated with [AF_INET]vpn.mysite.com:443
Thu Jul  7 14:37:49 2022 us=384070 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jul  7 14:37:49 2022 us=436175 PUSH: Received control message: 'PUSH_REPLY,route 10.1.16.0 255.255.240.0,route 10.1.16.0 255.255.240.0,route 10.1.32.0 255.255.240.0,dhcp-option DNS 10.1.32.10,route 10.1.0.0 255.255.255.0,route 1.2.3.4 255.255.255.255,route 10.1.1.1,topology net30,ping 10,ping-restart 60,ifconfig 10.1.1.26 10.1.1.25'
Thu Jul  7 14:37:49 2022 us=436350 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jul  7 14:37:49 2022 us=436370 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jul  7 14:37:49 2022 us=436389 OPTIONS IMPORT: route options modified
Thu Jul  7 14:37:49 2022 us=436402 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jul  7 14:37:49 2022 us=436428 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:406 ET:0 EL:3 ]
Thu Jul  7 14:37:49 2022 us=436528 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jul  7 14:37:49 2022 us=436546 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul  7 14:37:49 2022 us=436568 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jul  7 14:37:49 2022 us=436583 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul  7 14:37:49 2022 us=436832 ROUTE_GATEWAY 192.168.5.1/255.255.255.0 IFACE=wlp0s20f3 HWADDR=2c:6d:c1:a6:88:f3
Thu Jul  7 14:37:49 2022 us=437806 TUN/TAP device tun0 opened
Thu Jul  7 14:37:49 2022 us=438446 TUN/TAP TX queue length set to 100
Thu Jul  7 14:37:49 2022 us=438495 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jul  7 14:37:49 2022 us=438528 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul  7 14:37:49 2022 us=444946 /sbin/ip addr add dev tun0 local 10.1.1.26 peer 10.1.1.25
Thu Jul  7 14:37:49 2022 us=448055 /etc/openvpn/update-systemd-resolved tun0 1500 1557 10.1.1.26 10.1.1.25 init
<14>Jul  7 14:37:49 update-systemd-resolved: Link 'tun0' coming up
<14>Jul  7 14:37:49 update-systemd-resolved: Adding IPv4 DNS Server 10.1.32.10
<14>Jul  7 14:37:49 update-systemd-resolved: SetLinkDNS(38 1 2 4 10 1 32 10)
Thu Jul  7 14:37:49 2022 us=470787 /sbin/ip route add 10.1.16.0/20 via 10.1.1.25
Thu Jul  7 14:37:49 2022 us=472132 /sbin/ip route add 10.1.16.0/20 via 10.1.1.25
RTNETLINK answers: File exists
Thu Jul  7 14:37:49 2022 us=473499 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Jul  7 14:37:49 2022 us=473531 /sbin/ip route add 10.1.32.0/20 via 10.1.1.25
Thu Jul  7 14:37:49 2022 us=475209 /sbin/ip route add 10.1.0.0/24 via 10.1.1.25
Thu Jul  7 14:37:49 2022 us=477279 /sbin/ip route add 1.2.3.4/32 via 10.1.1.25
Thu Jul  7 14:37:49 2022 us=479859 /sbin/ip route add 10.1.1.1/32 via 10.1.1.25
Thu Jul  7 14:37:49 2022 us=482535 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul  7 14:37:49 2022 us=482565 Initialization Sequence Completed

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS push works on OpenVPN Connect windows client but not Ubuntu

Post by TinCanTech » Thu Jul 07, 2022 7:56 pm

doman wrote:
Thu Jul 07, 2022 12:47 pm
My supervisor disagreed to change topology
NET30 topology is deprecated and will soon be removed.

doman
OpenVpn Newbie
Posts: 18
Joined: Mon Mar 20, 2017 2:51 pm

Re: DNS push works on OpenVPN Connect windows client but not Ubuntu

Post by doman » Fri Jul 08, 2022 6:42 am

Ok i will tell him. But is this directly releated to my problem? And what topology will be used (after dropping NET30) by default, when no topology setting is set as in my case?

doman
OpenVpn Newbie
Posts: 18
Joined: Mon Mar 20, 2017 2:51 pm

Re: DNS push works on OpenVPN Connect windows client but not Ubuntu

Post by doman » Mon Jul 11, 2022 7:21 am

Ok i will tell him. But is this directly releated to my problem? And what topology will be used (after dropping NET30) by default, when no topology setting is set as in my case?

EDIT
As workarround for now i used scripts like this
/etc/systemd/resolved.conf.d/myproject_qa.conf
Well this seems to not work with all connections on (when i throw all configs to /etc/openvpn/ directory). I have switch between them to make it work.

Post Reply