I am running OpenVPN server on Ubuntu. Since using OpenVPN Connect Client 3.4.x the push dns directive does not work. With Connect Clients 3.3.x I can see my Domain-DNS servers configured at the TAP-NT-Adapter when connection is established. When using V. 3.4.x, DNS-Server are not set and therefore address resolution to domain sources is not possible.
This user seem to have similar problem: viewtopic.php?t=36869
But in my case I am using internal DNS servers and I am pushing also the route to that servers subnet.
This is my server config:
Code: Select all
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.26.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.20.30.11"
push "dhcp-option DNS 10.20.30.12"
dhcp-option DOMAIN my.domain.com
dhcp-option ADAPTER_DOMAIN_SUFFIX my.domain.com
push "route 10.20.30.0 255.255.255.0"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_xxxxxxxxxxxxxxx.crt
key server_xxxxxxxxxxxxxxxxx.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf
script-security 2
log-append /var/log/openvpn/openvpn.log
username-as-common-name
reneg-sec 43400
Code: Select all
[Feb 1, 2024, 15:35:53] OpenVPN core 3.8.2connect3 win x86_64 64-bit OVPN-DCO built on Dec 1 2023 16:39:43
⏎[Feb 1, 2024, 15:35:53] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Feb 1, 2024, 15:35:53] EVENT: RESOLVE ⏎[Feb 1, 2024, 15:35:53] Contacting xxx.xxx.xx.xx:1194 via UDP
⏎[Feb 1, 2024, 15:35:53] EVENT: WAIT ⏎[Feb 1, 2024, 15:35:53] WinCommandAgent: transmitting bypass route to xxx.xxx.xx.xx
{
"host" : "xxx.xxx.xx.xx",
"ipv6" : false
}
⏎[Feb 1, 2024, 15:35:53] Connecting to [vpn.my.domain.com]:1194 (xxx.xxx.xx.xx) via UDP
⏎[Feb 1, 2024, 15:35:53] EVENT: CONNECTING ⏎[Feb 1, 2024, 15:35:53] Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client
⏎[Feb 1, 2024, 15:35:53] Creds: Username/Password
⏎[Feb 1, 2024, 15:35:53] Sending Peer Info:
IV_VER=3.8.2connect3
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=OCWindows_3.4.3-3337
IV_SSO=webauth,crtext
⏎[Feb 1, 2024, 15:35:53] SSL Handshake: peer certificate: CN=server_xxxxxxxxxxxxxxx, 256 bit EC, group:prime256v1, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
⏎[Feb 1, 2024, 15:35:53] Session is ACTIVE
⏎[Feb 1, 2024, 15:35:53] EVENT: GET_CONFIG ⏎[Feb 1, 2024, 15:35:53] Sending PUSH_REQUEST to server...
⏎[Feb 1, 2024, 15:35:54] Options continuation...
⏎[Feb 1, 2024, 15:35:54] OPTIONS:
0 [dhcp-option] [DOMAIN-SEARCH] [my.domain.com]
1 [route] [10.20.30.0] [255.255.255.0]
2 [route] x
3 [route] x
4 [route] x
5 [route] x
6 [route] x
7 [route] x
8 [route] x
9 [route] x
10 [route] x
11 [route] x
12 [route] x
13 [route] x
14 [route] x
15 [route] x
16 [route] x
17 [route] x
18 [route] x
19 [route] x
20 [route] x
21 [route] x
22 [route] x
23 [route] x
24 [route] x
25 [route] x
26 [route] x
27 [dhcp-option] [DNS] [10.20.30.11]
28 [push-continuation] [2]
29 [dhcp-option] [DNS] [10.20.30.12]
30 [route-gateway] [10.26.10.1]
31 [topology] [subnet]
32 [ping] [10]
33 [ping-restart] [120]
34 [route] x
35 [ifconfig] [10.26.10.5] [255.255.255.0]
36 [peer-id] [1]
37 [cipher] [AES-128-GCM]
38 [push-continuation] [1]
⏎[Feb 1, 2024, 15:35:54] PROTOCOL OPTIONS:
cipher: AES-128-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 1
control channel: tls-crypt enabled
⏎[Feb 1, 2024, 15:35:54] EVENT: ASSIGN_IP ⏎[Feb 1, 2024, 15:35:54] CAPTURED OPTIONS:
Session Name: vpn.my.domain.com
Layer: OSI_LAYER_3
Remote Address: xxx.xxx.xx.xx
Tunnel Addresses:
10.26.10.5/24 -> 10.26.10.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Add Routes:
10.20.30.0/24
x
x
x
Exclude Routes:
DNS Servers:
10.20.30.11
10.20.30.12
Search Domains:
my.domain.com
⏎[Feb 1, 2024, 15:35:54] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "1c0e000000000000",
"destroy_event" : "3c0e000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.20.30.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
x
x
x
],
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "10.20.30.11",
"ipv6" : false
},
{
"address" : "10.20.30.12",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "xxx.xxx.xx.xx",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"search_domains" :
[
{
"domain" : "my.domain.com"
}
],
"session_name" : "vpn.my.domain.com",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.26.10.5",
"gateway" : "10.26.10.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"tun_type" : 0
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{xxxx}' index=36 name='LAN-Verbindung 2'
Open TAP device "LAN-Verbindung 2" PATH="\\.\Global\{xxxx}.tap" SUCCEEDED
TAP-Windows Driver Version 9.26
ActionDeleteAllRoutesOnInterface iface_index=36
netsh interface ip set interface 36 metric=9000
OK.
netsh interface ip set address 36 static 10.26.10.5 255.255.255.0 gateway=10.26.10.1 store=active
IPHelper: add route 10.20.30.0/24 36 10.26.10.1 metric=-1
x
x
x
NRPT::ActionCreate names=[.my.domain.com] dns_servers=[10.20.30.11,10.20.30.12]
ipconfig /flushdns
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
TAP: ARP flush succeeded
TAP handle: 600d000000000000
⏎[Feb 1, 2024, 15:35:54] Connected via TUN_WIN
⏎[Feb 1, 2024, 15:35:54] EVENT: CONNECTED user1@vpn.my.domain.com:1194 (xxx.xxx.xx.xx) via /UDP on TUN_WIN/10.26.10.5/ gw=[10.26.10.1/] mtu=(default)⏎
Regards, Harald