OpenVPN Connect DNS issues

[stargazer]

I'm trying to connect from an android phone using OpenVPN Connect to openvpn running on Centos 5. My DNS works just fine on the phone until I establish the VPN. I can hit external websites by IP, so the tunnel, nat and the routing appears to be ok. I've tried putting my Centos DNS entries from resolv.conf into 'push "dhcp-option DNS x.x.x.x"' entries, and I've tried removing the entries entirely and either way I get DNS resolution failures when I try to hit sites by name.

You can say DNS has nothing to do with OpenVPN, but when you start routing all your traffic down the tunnel, your client DNS settings have to change somehow, don't they? Is dhcp-option from the server supposed to work on the android client? If not, how do you set up DNS in the OpenVPN android client for the tunnel? The only thing I see is the 'DNS Fallback' setting (which I have turned on). I see the "dhcp-option DNS" lines showing up in the client log file.

I see the packet counts going up on the tunnel interface while it is trying to resolve, but I've not figured out how to sniff the traffic yet to determine which DNS server it is actually trying to find.

I'm running OpenVPN connect 1.1.14 build 56 on the phone, and openvpn 2.2.2-1.el5.rf on Centos 5.10. The phone is a stock Samsung Galaxy S4 running Android 4.4.2

Not being able to search for "DNS" in the forum search is unhelpful.

Thanks.

[stargazer]

Update: tcpdump is showing DNS reguests aimed at google's dns servers coming from the client, so apparently the server's push command for DNS is ignored. The google DNS requests aren't making it out the internet side though, and I'm seeing "ICMP unreachable - admin prohibited" going back down the tunnel to the client.

It would appear iptables is not passing the DNS requests for some reason, though http (by ip address) is working fine.