DNS requests on wrong interface...

[nicovpn]

Hello,

I am working in IT and we manage a lot of company.
For one of those company, we have a server Ovpn, and users can connect on the Exchange Server or the shares from outside the network.

But for 5-6 users (Win XP or 7), I have got the following problem :

-Ovpn Log = Perfect, Dns are pushed and routes are rights. The remote Domain is binded too on the ovpn interface. Ipconfig /all, and everything is correct.

But it can't resolves hostnames on the remote domain.
I have made a capture of packets and i saw that the DNS Requests are goint out on the REAL interface, and not the OVPN one...
The Weirdest thing is that after 15 mins...it starts resolving...and DNS request are going out on the OVPN interface.

I have checked the connection priorities for DNS on windows for these users, and it is correct vpn is prioritary.

Anyone has got an idea about this ?

[gladiatr72]

control panel -> network and sharing -> change adapter settings -> <ALT>-n -> advanced settings

Make sure that your tap adapter is at the top of your connections list.

If this is already the case, you can create a .bat file (let's call it clearcache.bat) and put it in your openvpn directory. The only thing in this .bat file is "net stop dnscache"

add the line

up clearcache.bat

to your client configuration.

This will shutdown the dns client service and allow it to restart as you're bringing up your connection. This clears the dns cache allowing all new dns queries to flow to the dns server(s) on the remote end.

I fought with this for weeks. I hope this solves your problem.

-S

[nicovpn]

I am going to try this, but i am not sure that it will works...

Because, i made a lot of tries after a reboot...and the cache should be clean so ?

Thanks

[janjust]

if you're using openvpn 2.1.3+ then try adding

Code: Select all

register-dns

to the client config ; names that don't resolve for about 15 minutes are a clear symptom of the dnscache issue. The "register-dns" option is supposed to fix this.

[nicovpn]

register-dns = i get an unrecognized option

[nicovpn]

gladiatr72, i am trying your method...I made the .bat etc...
Finally, i ve discovered that you don't need to modify the client config.

You name your .bat this way "samenameasconfigfile_up.bat" ...so for user toto, it gives "toto_up.bat"

So i used this to call the script...

Now OpenVPN launches perfectly, until the end of the connection process...A windows pops with the following error :

openvpn connect script failed exit code=2


Any ideas ?

[nicovpn]

Hello,

It works now...

In fact the dns cache was already stopped, thts why it returned an error.

I modifier the script this way.

net stop dnscache
net start dnscache


PROBLEM SOLVED

Thanks for your help

[gladiatr72]

if you're using openvpn 2.1.3+ then try adding

Code: Select all

register-dns

to the client config ; names that don't resolve for about 15 minutes are a clear symptom of the dnscache issue. The "register-dns" option is supposed to fix this.

Stellar. I hadn't run across this option. Thanks for the info!

-S

[Douglas]

if you're using openvpn 2.1.3+ then try adding

Code: Select all

register-dns

to the client config ; names that don't resolve for about 15 minutes are a clear symptom of the dnscache issue. The "register-dns" option is supposed to fix this.

Stellar. I hadn't run across this option. Thanks for the info!

-S

I learned something new too!