Push DNS not working with OpenVPN Connect Client 3.4.x

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
OpenVpn Newbie
Posts: 2
Joined: Fri Feb 02, 2024 1:47 pm

Push DNS not working with OpenVPN Connect Client 3.4.x

Post by AdminHarald » Fri Feb 02, 2024 2:48 pm

Hi everybody,
I am running OpenVPN server on Ubuntu. Since using OpenVPN Connect Client 3.4.x the push dns directive does not work. With Connect Clients 3.3.x I can see my Domain-DNS servers configured at the TAP-NT-Adapter when connection is established. When using V. 3.4.x, DNS-Server are not set and therefore address resolution to domain sources is not possible.

This user seem to have similar problem: viewtopic.php?t=36869
But in my case I am using internal DNS servers and I am pushing also the route to that servers subnet.

This is my server config:

Code: Select all

port 1194
proto udp
dev tun
user nobody
group nogroup
keepalive 10 120
topology subnet
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS"
push "dhcp-option DNS"
dhcp-option DOMAIN my.domain.com
dhcp-option ADAPTER_DOMAIN_SUFFIX my.domain.com
push "route"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_xxxxxxxxxxxxxxx.crt
key server_xxxxxxxxxxxxxxxxx.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-version-min 1.2
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf
script-security 2
log-append /var/log/openvpn/openvpn.log
reneg-sec 43400
and this is the V. 3.4.3 Client Log:

Code: Select all

[Feb 1, 2024, 15:35:53] OpenVPN core 3.8.2connect3 win x86_64 64-bit OVPN-DCO built on Dec  1 2023 16:39:43
⏎[Feb 1, 2024, 15:35:53] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Feb 1, 2024, 15:35:53] EVENT: RESOLVE ⏎[Feb 1, 2024, 15:35:53] Contacting xxx.xxx.xx.xx:1194 via UDP
⏎[Feb 1, 2024, 15:35:53] EVENT: WAIT ⏎[Feb 1, 2024, 15:35:53] WinCommandAgent: transmitting bypass route to xxx.xxx.xx.xx
	"host" : "xxx.xxx.xx.xx",
	"ipv6" : false

⏎[Feb 1, 2024, 15:35:53] Connecting to [vpn.my.domain.com]:1194 (xxx.xxx.xx.xx) via UDP
⏎[Feb 1, 2024, 15:35:53] EVENT: CONNECTING ⏎[Feb 1, 2024, 15:35:53] Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client
⏎[Feb 1, 2024, 15:35:53] Creds: Username/Password
⏎[Feb 1, 2024, 15:35:53] Sending Peer Info:

⏎[Feb 1, 2024, 15:35:53] SSL Handshake: peer certificate: CN=server_xxxxxxxxxxxxxxx, 256 bit EC, group:prime256v1, cipher: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD

⏎[Feb 1, 2024, 15:35:53] Session is ACTIVE
⏎[Feb 1, 2024, 15:35:53] EVENT: GET_CONFIG ⏎[Feb 1, 2024, 15:35:53] Sending PUSH_REQUEST to server...
⏎[Feb 1, 2024, 15:35:54] Options continuation...
⏎[Feb 1, 2024, 15:35:54] OPTIONS:
0 [dhcp-option] [DOMAIN-SEARCH] [my.domain.com]
1 [route] [] []
2 [route] x
3 [route] x
4 [route] x
5 [route] x
6 [route] x
7 [route] x
8 [route] x
9 [route] x
10 [route] x
11 [route] x
12 [route] x
13 [route] x
14 [route] x
15 [route] x
16 [route] x
17 [route] x
18 [route] x
19 [route] x
20 [route] x
21 [route] x
22 [route] x
23 [route] x
24 [route] x
25 [route] x
26 [route] x
27 [dhcp-option] [DNS] []
28 [push-continuation] [2]
29 [dhcp-option] [DNS] []
30 [route-gateway] []
31 [topology] [subnet]
32 [ping] [10]
33 [ping-restart] [120]
34 [route] x
35 [ifconfig] [] []
36 [peer-id] [1]
37 [cipher] [AES-128-GCM]
38 [push-continuation] [1]

⏎[Feb 1, 2024, 15:35:54] PROTOCOL OPTIONS:
  cipher: AES-128-GCM
  digest: NONE
  key-derivation: OpenVPN PRF
  compress: NONE
  peer ID: 1
  control channel: tls-crypt enabled
⏎[Feb 1, 2024, 15:35:54] EVENT: ASSIGN_IP ⏎[Feb 1, 2024, 15:35:54] CAPTURED OPTIONS:
Session Name: vpn.my.domain.com
Layer: OSI_LAYER_3
Remote Address: xxx.xxx.xx.xx
Tunnel Addresses: ->
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
Search Domains:

⏎[Feb 1, 2024, 15:35:54] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
	"allow_local_dns_resolvers" : false,
	"confirm_event" : "1c0e000000000000",
	"destroy_event" : "3c0e000000000000",
	"tun" : 
		"adapter_domain_suffix" : "",
		"add_routes" : 
				"address" : "",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
		"block_ipv6" : false,
		"dns_servers" : 
				"address" : "",
				"ipv6" : false
				"address" : "",
				"ipv6" : false
		"layer" : 3,
		"mtu" : 0,
		"remote_address" : 
			"address" : "xxx.xxx.xx.xx",
			"ipv6" : false
		"reroute_gw" : 
			"flags" : 256,
			"ipv4" : false,
			"ipv6" : false
		"route_metric_default" : -1,
		"search_domains" : 
				"domain" : "my.domain.com"
		"session_name" : "vpn.my.domain.com",
		"tunnel_address_index_ipv4" : 0,
		"tunnel_address_index_ipv6" : -1,
		"tunnel_addresses" : 
				"address" : "",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
	"tun_type" : 0
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
guid='{xxxx}' index=36 name='LAN-Verbindung 2'
Open TAP device "LAN-Verbindung 2" PATH="\\.\Global\{xxxx}.tap" SUCCEEDED
TAP-Windows Driver Version 9.26
ActionDeleteAllRoutesOnInterface iface_index=36
netsh interface ip set interface 36 metric=9000
netsh interface ip set address 36 static gateway= store=active
IPHelper: add route 36 metric=-1
NRPT::ActionCreate names=[.my.domain.com] dns_servers=[,]
ipconfig /flushdns
Der DNS-Auflösungscache wurde geleert.
TAP: ARP flush succeeded
TAP handle: 600d000000000000
⏎[Feb 1, 2024, 15:35:54] Connected via TUN_WIN
⏎[Feb 1, 2024, 15:35:54] EVENT: CONNECTED user1@vpn.my.domain.com:1194 (xxx.xxx.xx.xx) via /UDP on TUN_WIN/ gw=[] mtu=(default)⏎
I would be grateful for any help.
Regards, Harald

OpenVpn Newbie
Posts: 2
Joined: Wed Feb 07, 2024 7:05 pm

Re: Push DNS not working with OpenVPN Connect Client 3.4.x

Post by fernando.sanz@sanzconsultoria.com.br » Wed Feb 07, 2024 7:17 pm

We had similar problems when we updated the client to version 3.4.x, even version 3.3.7 worked without problems. We used SoftEther VPN 4.42 Build 9798 RTM as a server, and we identified that the client only resolved names from the domain that was registered in the SecureNAT DHCP settings through the internal DNS, we resolved the problem by leaving the domain name field blank in the SecureNat DHCP settings in the server. After that, the client returned to resolving all domains using the internal DNS.

Best Regards,

Fernando Sanz

OpenVpn Newbie
Posts: 1
Joined: Tue Feb 13, 2024 8:50 am

Re: Push DNS not working with OpenVPN Connect Client 3.4.x

Post by arest » Tue Feb 20, 2024 7:55 am

we had similiar problems when using the client to version 3.4.x,
its can't resolve dns.

OpenVpn Newbie
Posts: 1
Joined: Fri Apr 05, 2024 12:26 pm

Re: Push DNS not working with OpenVPN Connect Client 3.4.x

Post by ozy » Fri Apr 05, 2024 12:27 pm

To whom it might concern.
Got exactly the same problem with OpenVPN 3.4.2 win client and Opensense 24.1.

Once I removed the default domain, dns servers were pushed correctly (verified via ipconfig /all).

OpenVpn Newbie
Posts: 2
Joined: Fri Feb 02, 2024 1:47 pm

Re: Push DNS not working with OpenVPN Connect Client 3.4.x

Post by AdminHarald » Thu Apr 18, 2024 9:44 am

Thanks for your help!
I can confirm: After removing the following "DOMAIN" entries in server.conf all works as expected with the new client versions:

dhcp-option DOMAIN my.domain.com
dhcp-option ADAPTER_DOMAIN_SUFFIX my.domain.com
push "dhcp-option DOMAIN-SEARCH my.domain.com"

Best Regards,

OpenVpn Newbie
Posts: 2
Joined: Thu Aug 29, 2024 9:51 am

Re: Push DNS not working with OpenVPN Connect Client 3.4.x

Post by trixter » Thu Aug 29, 2024 10:05 am

Same issue here:

DNS was sent to client, but clinet did not modify windows-dns entry:

⏎[Aug 28, 2024, 14:22:25] Session is ACTIVE
⏎[Aug 28, 2024, 14:22:25] EVENT: GET_CONFIG ⏎[Aug 28, 2024, 14:22:25] Sending PUSH_REQUEST to server...
⏎[Aug 28, 2024, 14:22:26] Sending PUSH_REQUEST to server...
⏎[Aug 28, 2024, 14:22:26] OPTIONS:
0 [register-dns]
1 [dhcp-option] [DOMAIN] [vpn.xxx.de]
2 [dhcp-option] [DNS] []
3 [dhcp-option] [NTP] []
4 [register-dns]
5 [route] [] []
6 [route] [19x.x.x.x []
7 [route-gateway] []
8 [topology] [subnet]
9 [ping] [60]
10 [ping-restart] [300]
11 [ifconfig] [] []
12 [peer-id] [1]
13 [auth-token] ...
14 [cipher] [AES-256-GCM]
15 [protocol-flags] [cc-exit] [tls-ekm] [dyn-tls-crypt]
16 [tun-mtu] [1500]

Windows-entry :

Unbekannter Adapter LAN-Verbindung:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physische Adresse . . . . . . . . : xxxxxxxxxxxxx
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . :
Subnetzmaske . . . . . . . . . . :
Standardgateway . . . . . . . . . :
NetBIOS über TCP/IP . . . . . . . : Aktiviert

No DNS-Server entry to be found

Sorry, but im not english native ;)

OpenVpn Newbie
Posts: 2
Joined: Thu Aug 29, 2024 9:51 am

Re: Push DNS not working with OpenVPN Connect Client 3.4.x

Post by trixter » Thu Aug 29, 2024 10:12 am

ozy wrote:
Fri Apr 05, 2024 12:27 pm
To whom it might concern.
Got exactly the same problem with OpenVPN 3.4.2 win client and Opensense 24.1.

Once I removed the default domain, dns servers were pushed correctly (verified via ipconfig /all).
Im using OpnSense 24.7.2 with Client 3.4.4 (last version today)

If you leave " DNS Default Domain" blank, DNS gets modified correctly !!

Post Reply