Hi Gang,
I need help. I'm pulling my hair out trying to get this to work. I'm pretty sure it's a DNS resolution issue but I don't know where to resolve. I set the OpenVPN server to push DNS servers to clients and it works fine on my older Android 9 phone...
See the full context below:
Server
pfSense firewall, Open VPN version 2.6.7_1
OpenVPN Configuration
Nothing fancy, using the defaults
- UDP on IPv4 only, port 1194
- Tunnel settings, force all client-generated IPv4 traffic through the tunnel (IPv6 unchecked)
- Compression, refuse any non-stub compression
- DNS, provide a default domain = internal.local
- DNS Server 1 = 192.168.1.200
- DNS Server 2 = 1.1.1.1
- Gateway creation, both IPv4 and IPv6
Temporary troubleshooting I've tried and failed
- Changing compression (Decompress incoming, do not compress outgoing = Asymmetric)
- Changed Gateway creation to only IPv4.
- On the Android 13, disabled Private DNS mode.
- On the Android 13, disabled Random MAC address in WiFi (not that it's relevant if I'm not mistaken because I'm using Data mode with the VPN when testing).
How I'm testing
1. Turn off WiFi so the phone is using Data.
2. Establish the OpenVPN connection.
3. Try to access internal sites (jellyfin.internal.local, mealie.internal.local etc...)
Other Facts
- Using the same OpenVPN profile, no issues with the Android 9. Works like a charm.
- When the VPN is connected on the Android 13, accessing my internal sites by IP and port work just fine. DNS do your job!!!!!!
The Phones
Sony Xperia XZ1, Android 9
Samsung Galaxy S21 FE 5G, Android 13
NOTE: Actual IPs and domain have been substituted.
Only discrepancy I noticed
After typing this whole post I realized that the logs below (Android 13) the last line, is connecting via UDPv6. My phone, (the Android 9) is connecting via UDPv4. How is that possible when my server is setup for UDP on IPv4 only? Seems like a newer phone thing...
OpenVPN Logs
[Nov 26, 2023, 14:18:38] ----- OpenVPN Start -----
[Nov 26, 2023, 14:18:38] EVENT: CORE_THREAD_ACTIVE
[Nov 26, 2023, 14:18:38] OpenVPN core 3.git::081bfebe:RelWithDebInfo android arm64 64-bit PT_PROXY
[Nov 26, 2023, 14:18:38] Frame=512/2048/512 mssfix-ctrl=1250
[Nov 26, 2023, 14:18:38] UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
2 [data-ciphers] [AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC]
3 [data-ciphers-fallback] [AES-256-CBC]
5 [tls-client]
8 [nobind]
12 [explicit-exit-notify]
[Nov 26, 2023, 14:18:38] EVENT: RESOLVE
[Nov 26, 2023, 14:18:38] Contacting [64:ff9c::b9af:3491]:1194 via UDP
[Nov 26, 2023, 14:18:38] EVENT: WAIT
[Nov 26, 2023, 14:18:38] Connecting to [vpn.externaldomain.ca]:1194 (64:ff9c::b9af:3491) via UDPv6
[Nov 26, 2023, 14:18:38] EVENT: CONNECTING
[Nov 26, 2023, 14:18:38] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
[Nov 26, 2023, 14:18:38] Creds: Username/Password
[Nov 26, 2023, 14:18:38] Peer Info:
IV_VER=3.git::081bfebe:RelWithDebInfo
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=net.openvpn.connect.android_3.3.4-9290
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
[Nov 26, 2023, 14:18:38] VERIFY OK: depth=1, /CN=OpenVPN_CA/C=CA/ST=State/L=City, signature: RSA-SHA256
[Nov 26, 2023, 14:18:38] VERIFY OK: depth=0, /CN=OpenVPN_Server_Certificate/C=CA/ST=State/L=City, signature: RSA-SHA256
[Nov 26, 2023, 14:18:38] SSL Handshake: peer certificate: CN=OpenVPN_Server_Certificate, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
[Nov 26, 2023, 14:18:38] Session is ACTIVE
[Nov 26, 2023, 14:18:38] EVENT: GET_CONFIG
[Nov 26, 2023, 14:18:38] Sending PUSH_REQUEST to server...
[Nov 26, 2023, 14:18:39] Sending PUSH_REQUEST to server...
[Nov 26, 2023, 14:18:40] OPTIONS:
0 [dhcp-option] [DOMAIN] [internal.local]
1 [dhcp-option] [DNS] [192.168.1.200]
2 [dhcp-option] [DNS] [1.1.1.1]
3 [redirect-gateway] [def1]
4 [route-gateway] [192.168.50.1]
5 [topology] [subnet]
6 [ping] [10]
7 [ping-restart] [60]
8 [ifconfig] [192.168.50.3] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]
11 [key-derivation] [tls-ekm]
[Nov 26, 2023, 14:18:40] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: TLS Keying Material Exporter [RFC5705]
compress: NONE
peer ID: 0
control channel: tls-auth enabled
[Nov 26, 2023, 14:18:40] EVENT: ASSIGN_IP
[Nov 26, 2023, 14:18:40] Connected via tun
[Nov 26, 2023, 14:18:40] EVENT: CONNECTED info='jess@vpn.externaldomain.ca:1194 (64:ff9c::b9af:3491) via /UDPv6 on tun/192.168.50.3/ gw=[192.168.50.1/]'
DNS: Android 9 works, Android 13 does not
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Nov 26, 2023 7:23 pm
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Nov 26, 2023 7:23 pm
Re: DNS: Android 9 works, Android 13 does not
Can't say I fixed the problem but it's "working" on other networks. Seems to me like the Android 13 phone provider (Koodo) is causing some kind of issue. Soon as I tried WiFi at my workplace, DNS servers are being used and it's working.
I decided to test another network after reading a thread having a similar issue.
https://www.reddit.com/r/tmobile/commen ... ?rdt=56524
I decided to test another network after reading a thread having a similar issue.
https://www.reddit.com/r/tmobile/commen ... ?rdt=56524