Hi,
The official OpenVPN Connect client (V3.3.6 4368) for MacOS (Monterey 12.5) isn't setting the server defined DNS servers.
If I use Tunnelblick the DNS servers are set correctly. Without the local DNS servers set on the client, it means I can't resolve any servers or clients on the remote network.
Tried adding:
dhcp-option DNS 10.11.12.1
dhcp-option DOMAIN local
to the client file but it makes no difference.
After connecting to the VPN server, running cat /etc/resolv.conf shows the DNS servers set by the local DHCP server.
OpenVPN Connect for MacOS doesn't change/set DNS servers
-
gyrex
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jan 13, 2021 4:40 am
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1246
- Joined: Tue Feb 16, 2021 10:41 am
Re: OpenVPN Connect for MacOS doesn't change/set DNS servers
Hi gyrex,
Thank you for bringing this to the correct forum. I was just looking at your post in Server Administration and was going to move it here.
We have had some reports of this, and a bug ticket was opened. I do not know the status of that ticket, however.
Often this issue can be caused outside of OpenVPN, such as by various "security" software products who know your needs better than you do. Cisco Umbrella is a common example.
However since Tunnelblick works, that would seem unlikely to be the cause for you. I would suggest since you're using the community version server, you might be best off just staying with a fine open source client.
If you're interested in pursuing this, the results of this command could be useful:
regards, rob0
Thank you for bringing this to the correct forum. I was just looking at your post in Server Administration and was going to move it here.
We have had some reports of this, and a bug ticket was opened. I do not know the status of that ticket, however.
Often this issue can be caused outside of OpenVPN, such as by various "security" software products who know your needs better than you do. Cisco Umbrella is a common example.
However since Tunnelblick works, that would seem unlikely to be the cause for you. I would suggest since you're using the community version server, you might be best off just staying with a fine open source client.
If you're interested in pursuing this, the results of this command could be useful:
Code: Select all
scutil --dns
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
sbakhtiar
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jul 25, 2023 2:07 pm
Re: OpenVPN Connect for MacOS doesn't change/set DNS servers
@openvpn_inc
I'm having a similar issue. I use to push the dns server from the server to the clients. I have included a dump of first of the error condition, in which, even though the client is connected, DNS is resolving using the assigned DNS, and after disconnecting, then reconnecting, at which point the private DNS queries start working, as they are using the correct resolver (the one pushed by the server).
I have a feeling something is reseting the my Mac's DNS settings?
[VPN CONNECTED BUT CAN NOT RESOLVE PRIVATE DOMAIN]
sbakhtiar@Shawn-Mac-mini-AZ ~ % scutil --dns
DNS configuration
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 10.0.1.1
if_index : 12 (en1)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 10.0.1.1
if_index : 12 (en1)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
[RECONNECTED VPN, PRIVATE DOMAIN RESOLVING]
sbakhtiar@Shawn-Mac-mini-AZ ~ % scutil --dns
DNS configuration
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 172.31.0.2
flags : Request A records
reach : 0x00000002 (Reachable)
order : 5000
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 172.31.0.2
if_index : 12 (en1)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
order : 5000
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
I'm having a similar issue. I use
Code: Select all
push "dhcp-option DNS 172.31.0.2"Code: Select all
scutil --dnsI have a feeling something is reseting the my Mac's DNS settings?
[VPN CONNECTED BUT CAN NOT RESOLVE PRIVATE DOMAIN]
sbakhtiar@Shawn-Mac-mini-AZ ~ % scutil --dns
DNS configuration
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 10.0.1.1
if_index : 12 (en1)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 10.0.1.1
if_index : 12 (en1)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
[RECONNECTED VPN, PRIVATE DOMAIN RESOLVING]
sbakhtiar@Shawn-Mac-mini-AZ ~ % scutil --dns
DNS configuration
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 172.31.0.2
flags : Request A records
reach : 0x00000002 (Reachable)
order : 5000
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mtecom.net
nameserver[0] : 172.31.0.2
if_index : 12 (en1)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
order : 5000
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %