Hi guys
I've noticed an unpleasant issue which is caused by block-outside-dns and realy need advice how to overcome it.
The issue occurs on the latest 2.3.11 daemon on windows OS when block-outside-dns is used in server config
and remote dns name (not IP address) is used in client config.
As it write in documentation --block-outside-dns prevents Windows from accessing TCP or UDP port 53 except one inside the tunnel. However, when the reconnection occurs (because of bad link or --resolv-retry 3600) the windows client software fails to resolve the hostname of vpn server obviously because of --block-outside-dns.
I can not to disable --block-outside-dns cause want to have a protection against DNS-leak.
The only "solution" I found is --resolv-retry 0 which unfortunatly force user to initiate connection from scrach and to provide it's credentials again.
Might be someone can give a good recomendation how to fix this behaviour?
Thanks in advanced
[Solved] block-outside-dns and cannot resolve host address issue
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
SGWW
- OpenVpn Newbie
- Posts: 7
- Joined: Tue May 20, 2014 11:17 am
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: block-outside-dns and cannot resolve host address issue
If the host has a static IP then you can use that instead ..
-
SGWW
- OpenVpn Newbie
- Posts: 7
- Joined: Tue May 20, 2014 11:17 am
Re: block-outside-dns and cannot resolve host address issue
Hi Traffic!
Thank you for the reply.
Sure, static IP is a fix, however we need DNS round-robin and the ability to change servers's IPs (don't want to resend client's configs every time this happen).
Other suggestions?
PS I am not a professional developer but this issue looks like a software feature or bug. The simple solution is just to keep the remote IP (after the first success dns query) in some variable and then uses it when need to reconnect. Is it worth to create a bug/feature request?
Thank you for the reply.
Sure, static IP is a fix, however we need DNS round-robin and the ability to change servers's IPs (don't want to resend client's configs every time this happen).
Other suggestions?
PS I am not a professional developer but this issue looks like a software feature or bug. The simple solution is just to keep the remote IP (after the first success dns query) in some variable and then uses it when need to reconnect. Is it worth to create a bug/feature request?
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: block-outside-dns and cannot resolve host address issue
I suggest you post your server and client configs and logs. (--verb 4)The filters that block external dns are removed at reconnect, so this
should not happen --- provided the client detects the connection drop and
restarts (by say ping-restart).
Need to look at the logs to see what the real issue is.
Selva
-
SGWW
- OpenVpn Newbie
- Posts: 7
- Joined: Tue May 20, 2014 11:17 am
Re: block-outside-dns and cannot resolve host address issue
OpenVPN server version is
OpenVpn client version is
I connect to VPN, then restart Wi-Fi and when OpenVpn client tries to reconnect the error "Cannot resolv host address" occures.
System DNS does not work too until the current openvpn connection manyally close.
Code: Select all
root@debian:/# openvpn --version
OpenVPN 2.3.11 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 26 2016
library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=noThe server config is
1
local *.*.*.*
2
port 443
3
proto tcp
4
dev tun0
5
ca ca.crt
6
cert server1.crt
7
key server1.key
8
dh dh2048.pem
9
server 10.8.0.0 255.255.255.0
10
push "route 10.8.0.0 255.255.255.0"
11
push "redirect-gateway def1"
12
push "dhcp-option DNS 8.8.8.8"
13
push "dhcp-option DNS 8.8.4.4"
14
tcp-queue-limit 256
15
tun-mtu 1400
16
ping 10
17
ping-exit 60
18
comp-lzo
19
user nobody
20
group nogroup
21
persist-key
22
persist-tun
23
status /etc/openvpn/openvpn-status.log
24
log /etc/openvpn/openvpn.log
25
verb 4
26
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
Code: Select all
C:\>openvpn --version
OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on
May 10 2016
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Windows version 6.2 (Windows 8 or greater) 64bit
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=y
es enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_d
lopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enabl
e_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enabl
e_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable
_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_
auth_pam=no enable_plugin_down_root=no enable_plugins=yes enable_port_share=yes
enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_
runtimes=yes enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes e
nable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes
enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with
_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sp
ecial_build= with_sysroot=noOpenVpn client config
1
client
2
dev tun
3
proto tcp
4
remote server1.ourvpn.domain 443
5
nobind
6
persist-key
7
persist-tun
8
auth-user-pass
9
comp-lzo
10
reneg-sec 0
11
tun-mtu 1400
12
verb 4
13
<ca>
14
--STRIPPED INLINE CA CERT--
15
</ca>
16
<cert>
17
--STRIPPED INLINE CERT--
18
</cert>
19
<key>
20
--STRIPPED INLINE KEY--
The client connection log
1
Sun May 29 12:02:50 2016 us=329970 Current Parameter Settings:
2
Sun May 29 12:02:50 2016 us=329970 config = 'server1.ourvpn.domain.ovpn'
3
Sun May 29 12:02:50 2016 us=329970 mode = 0
4
Sun May 29 12:02:50 2016 us=329970 show_ciphers = DISABLED
5
Sun May 29 12:02:50 2016 us=329970 show_digests = DISABLED
6
Sun May 29 12:02:50 2016 us=329970 show_engines = DISABLED
7
Sun May 29 12:02:50 2016 us=329970 genkey = DISABLED
8
Sun May 29 12:02:50 2016 us=329970 key_pass_file = '[UNDEF]'
9
Sun May 29 12:02:50 2016 us=329970 show_tls_ciphers = DISABLED
10
Sun May 29 12:02:50 2016 us=329970 Connection profiles [default]:
11
Sun May 29 12:02:50 2016 us=329970 proto = tcp-client
12
Sun May 29 12:02:50 2016 us=329970 local = '[UNDEF]'
13
Sun May 29 12:02:50 2016 us=329970 local_port = 0
14
Sun May 29 12:02:50 2016 us=329970 remote = 'server1.ourvpn.domain'
15
Sun May 29 12:02:50 2016 us=329970 remote_port = 443
16
Sun May 29 12:02:50 2016 us=329970 remote_float = DISABLED
17
Sun May 29 12:02:50 2016 us=329970 bind_defined = DISABLED
18
Sun May 29 12:02:50 2016 us=329970 bind_local = DISABLED
19
Sun May 29 12:02:50 2016 us=329970 connect_retry_seconds = 5
20
Sun May 29 12:02:50 2016 us=329970 connect_timeout = 10
21
Sun May 29 12:02:50 2016 us=329970 connect_retry_max = 0
22
Sun May 29 12:02:50 2016 us=329970 socks_proxy_server = '[UNDEF]'
23
Sun May 29 12:02:50 2016 us=329970 socks_proxy_port = 0
24
Sun May 29 12:02:50 2016 us=329970 socks_proxy_retry = DISABLED
25
Sun May 29 12:02:50 2016 us=329970 tun_mtu = 1400
26
Sun May 29 12:02:50 2016 us=329970 tun_mtu_defined = ENABLED
27
Sun May 29 12:02:50 2016 us=329970 link_mtu = 1500
28
Sun May 29 12:02:50 2016 us=329970 link_mtu_defined = DISABLED
29
Sun May 29 12:02:50 2016 us=329970 tun_mtu_extra = 0
30
Sun May 29 12:02:50 2016 us=329970 tun_mtu_extra_defined = DISABLED
31
Sun May 29 12:02:50 2016 us=329970 mtu_discover_type = -1
32
Sun May 29 12:02:50 2016 us=329970 fragment = 0
33
Sun May 29 12:02:50 2016 us=329970 mssfix = 1450
34
Sun May 29 12:02:50 2016 us=329970 explicit_exit_notification = 0
35
Sun May 29 12:02:50 2016 us=329970 Connection profiles END
36
Sun May 29 12:02:50 2016 us=329970 remote_random = DISABLED
37
Sun May 29 12:02:50 2016 us=329970 ipchange = '[UNDEF]'
38
Sun May 29 12:02:50 2016 us=329970 dev = 'tun'
39
Sun May 29 12:02:50 2016 us=329970 dev_type = '[UNDEF]'
40
Sun May 29 12:02:50 2016 us=329970 dev_node = '[UNDEF]'
41
Sun May 29 12:02:50 2016 us=329970 lladdr = '[UNDEF]'
42
Sun May 29 12:02:50 2016 us=329970 topology = 1
43
Sun May 29 12:02:50 2016 us=329970 tun_ipv6 = DISABLED
44
Sun May 29 12:02:50 2016 us=329970 ifconfig_local = '[UNDEF]'
45
Sun May 29 12:02:50 2016 us=329970 ifconfig_remote_netmask = '[UNDEF]'
46
Sun May 29 12:02:50 2016 us=329970 ifconfig_noexec = DISABLED
47
Sun May 29 12:02:50 2016 us=329970 ifconfig_nowarn = DISABLED
48
Sun May 29 12:02:50 2016 us=329970 ifconfig_ipv6_local = '[UNDEF]'
49
Sun May 29 12:02:50 2016 us=329970 ifconfig_ipv6_netbits = 0
50
Sun May 29 12:02:50 2016 us=329970 ifconfig_ipv6_remote = '[UNDEF]'
51
Sun May 29 12:02:50 2016 us=329970 shaper = 0
52
Sun May 29 12:02:50 2016 us=329970 mtu_test = 0
53
Sun May 29 12:02:50 2016 us=329970 mlock = DISABLED
54
Sun May 29 12:02:50 2016 us=329970 keepalive_ping = 0
55
Sun May 29 12:02:50 2016 us=329970 keepalive_timeout = 0
56
Sun May 29 12:02:50 2016 us=329970 inactivity_timeout = 0
57
Sun May 29 12:02:50 2016 us=329970 ping_send_timeout = 0
58
Sun May 29 12:02:50 2016 us=329970 ping_rec_timeout = 0
59
Sun May 29 12:02:50 2016 us=329970 ping_rec_timeout_action = 0
60
Sun May 29 12:02:50 2016 us=329970 ping_timer_remote = DISABLED
61
Sun May 29 12:02:50 2016 us=329970 remap_sigusr1 = 0
62
Sun May 29 12:02:50 2016 us=329970 persist_tun = ENABLED
63
Sun May 29 12:02:50 2016 us=329970 persist_local_ip = DISABLED
64
Sun May 29 12:02:50 2016 us=329970 persist_remote_ip = DISABLED
65
Sun May 29 12:02:50 2016 us=329970 persist_key = ENABLED
66
Sun May 29 12:02:50 2016 us=329970 passtos = DISABLED
67
Sun May 29 12:02:50 2016 us=329970 resolve_retry_seconds = 1000000000
68
Sun May 29 12:02:50 2016 us=329970 username = '[UNDEF]'
69
Sun May 29 12:02:50 2016 us=329970 groupname = '[UNDEF]'
70
Sun May 29 12:02:50 2016 us=329970 chroot_dir = '[UNDEF]'
71
Sun May 29 12:02:50 2016 us=329970 cd_dir = '[UNDEF]'
72
Sun May 29 12:02:50 2016 us=329970 writepid = '[UNDEF]'
73
Sun May 29 12:02:50 2016 us=329970 up_script = '[UNDEF]'
74
Sun May 29 12:02:50 2016 us=329970 down_script = '[UNDEF]'
75
Sun May 29 12:02:50 2016 us=329970 down_pre = DISABLED
76
Sun May 29 12:02:50 2016 us=329970 up_restart = DISABLED
77
Sun May 29 12:02:50 2016 us=329970 up_delay = DISABLED
78
Sun May 29 12:02:50 2016 us=329970 daemon = DISABLED
79
Sun May 29 12:02:50 2016 us=329970 inetd = 0
80
Sun May 29 12:02:50 2016 us=329970 log = ENABLED
81
Sun May 29 12:02:50 2016 us=329970 suppress_timestamps = DISABLED
82
Sun May 29 12:02:50 2016 us=329970 nice = 0
83
Sun May 29 12:02:50 2016 us=329970 verbosity = 4
84
Sun May 29 12:02:50 2016 us=329970 mute = 0
85
Sun May 29 12:02:50 2016 us=329970 gremlin = 0
86
Sun May 29 12:02:50 2016 us=329970 status_file = '[UNDEF]'
87
Sun May 29 12:02:50 2016 us=329970 status_file_version = 1
88
Sun May 29 12:02:50 2016 us=329970 status_file_update_freq = 60
89
Sun May 29 12:02:50 2016 us=329970 occ = ENABLED
90
Sun May 29 12:02:50 2016 us=329970 rcvbuf = 0
91
Sun May 29 12:02:50 2016 us=329970 sndbuf = 0
92
Sun May 29 12:02:50 2016 us=329970 sockflags = 0
93
Sun May 29 12:02:50 2016 us=329970 fast_io = DISABLED
94
Sun May 29 12:02:50 2016 us=329970 lzo = 7
95
Sun May 29 12:02:50 2016 us=329970 route_script = '[UNDEF]'
96
Sun May 29 12:02:50 2016 us=329970 route_default_gateway = '[UNDEF]'
97
Sun May 29 12:02:50 2016 us=329970 route_default_metric = 0
98
Sun May 29 12:02:50 2016 us=329970 route_noexec = DISABLED
99
Sun May 29 12:02:50 2016 us=329970 route_delay = 5
100
Sun May 29 12:02:50 2016 us=329970 route_delay_window = 30
101
Sun May 29 12:02:50 2016 us=329970 route_delay_defined = ENABLED
102
Sun May 29 12:02:50 2016 us=329970 route_nopull = DISABLED
103
Sun May 29 12:02:50 2016 us=329970 route_gateway_via_dhcp = DISABLED
104
Sun May 29 12:02:50 2016 us=329970 max_routes = 100
105
Sun May 29 12:02:50 2016 us=329970 allow_pull_fqdn = DISABLED
106
Sun May 29 12:02:50 2016 us=329970 management_addr = '127.0.0.1'
107
Sun May 29 12:02:50 2016 us=329970 management_port = 25341
108
Sun May 29 12:02:50 2016 us=329970 management_user_pass = 'stdin'
109
Sun May 29 12:02:50 2016 us=329970 management_log_history_cache = 250
110
Sun May 29 12:02:50 2016 us=329970 management_echo_buffer_size = 100
111
Sun May 29 12:02:50 2016 us=329970 management_write_peer_info_file = '[UNDEF]'
112
Sun May 29 12:02:50 2016 us=329970 management_client_user = '[UNDEF]'
113
Sun May 29 12:02:50 2016 us=329970 management_client_group = '[UNDEF]'
114
Sun May 29 12:02:50 2016 us=329970 management_flags = 6
115
Sun May 29 12:02:50 2016 us=329970 shared_secret_file = '[UNDEF]'
116
Sun May 29 12:02:50 2016 us=329970 key_direction = 0
117
Sun May 29 12:02:50 2016 us=329970 ciphername_defined = ENABLED
118
Sun May 29 12:02:50 2016 us=329970 ciphername = 'BF-CBC'
119
Sun May 29 12:02:50 2016 us=329970 authname_defined = ENABLED
120
Sun May 29 12:02:50 2016 us=329970 authname = 'SHA1'
121
Sun May 29 12:02:50 2016 us=329970 prng_hash = 'SHA1'
122
Sun May 29 12:02:50 2016 us=329970 prng_nonce_secret_len = 16
123
Sun May 29 12:02:50 2016 us=329970 keysize = 0
124
Sun May 29 12:02:50 2016 us=329970 engine = DISABLED
125
Sun May 29 12:02:50 2016 us=329970 replay = ENABLED
126
Sun May 29 12:02:50 2016 us=329970 mute_replay_warnings = DISABLED
127
Sun May 29 12:02:50 2016 us=329970 replay_window = 64
128
Sun May 29 12:02:50 2016 us=329970 replay_time = 15
129
Sun May 29 12:02:50 2016 us=329970 packet_id_file = '[UNDEF]'
130
Sun May 29 12:02:50 2016 us=329970 use_iv = ENABLED
131
Sun May 29 12:02:50 2016 us=329970 test_crypto = DISABLED
132
Sun May 29 12:02:50 2016 us=329970 tls_server = DISABLED
133
Sun May 29 12:02:50 2016 us=329970 tls_client = ENABLED
134
Sun May 29 12:02:50 2016 us=329970 key_method = 2
135
Sun May 29 12:02:50 2016 us=329970 ca_file = '[[INLINE]]'
136
Sun May 29 12:02:50 2016 us=329970 ca_path = '[UNDEF]'
137
Sun May 29 12:02:50 2016 us=329970 dh_file = '[UNDEF]'
138
Sun May 29 12:02:50 2016 us=329970 cert_file = '[[INLINE]]'
139
Sun May 29 12:02:50 2016 us=329970 extra_certs_file = '[UNDEF]'
140
Sun May 29 12:02:50 2016 us=329970 priv_key_file = '[[INLINE]]'
141
Sun May 29 12:02:50 2016 us=329970 pkcs12_file = '[UNDEF]'
142
Sun May 29 12:02:50 2016 us=329970 cryptoapi_cert = '[UNDEF]'
143
Sun May 29 12:02:50 2016 us=329970 cipher_list = '[UNDEF]'
144
Sun May 29 12:02:50 2016 us=329970 tls_verify = '[UNDEF]'
145
Sun May 29 12:02:50 2016 us=329970 tls_export_cert = '[UNDEF]'
146
Sun May 29 12:02:50 2016 us=329970 verify_x509_type = 0
147
Sun May 29 12:02:50 2016 us=329970 verify_x509_name = '[UNDEF]'
148
Sun May 29 12:02:50 2016 us=329970 crl_file = '[UNDEF]'
149
Sun May 29 12:02:50 2016 us=329970 ns_cert_type = 0
150
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
151
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
152
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
153
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
154
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
155
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
156
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
157
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
158
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
159
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku = 0
160
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku[i] = 0
161
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku[i] = 0
162
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku[i] = 0
163
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku[i] = 0
164
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku[i] = 0
165
Sun May 29 12:02:50 2016 us=329970 remote_cert_ku[i] = 0
166
Sun May 29 12:02:50 2016 us=329970 remote_cert_eku = '[UNDEF]'
167
Sun May 29 12:02:50 2016 us=329970 ssl_flags = 0
168
Sun May 29 12:02:50 2016 us=329970 tls_timeout = 2
169
Sun May 29 12:02:50 2016 us=329970 renegotiate_bytes = 0
170
Sun May 29 12:02:50 2016 us=329970 renegotiate_packets = 0
171
Sun May 29 12:02:50 2016 us=329970 renegotiate_seconds = 0
172
Sun May 29 12:02:50 2016 us=329970 handshake_window = 60
173
Sun May 29 12:02:50 2016 us=329970 transition_window = 3600
174
Sun May 29 12:02:50 2016 us=329970 single_session = DISABLED
175
Sun May 29 12:02:50 2016 us=329970 push_peer_info = DISABLED
176
Sun May 29 12:02:50 2016 us=329970 tls_exit = DISABLED
177
Sun May 29 12:02:50 2016 us=329970 tls_auth_file = '[UNDEF]'
178
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
179
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
180
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
181
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
182
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
183
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
184
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
185
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
186
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
187
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
188
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
189
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
190
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
191
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
192
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
193
Sun May 29 12:02:50 2016 us=329970 pkcs11_protected_authentication = DISABLED
194
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
195
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
196
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
197
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
198
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
199
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
200
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
201
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
202
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
203
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
204
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
205
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
206
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
207
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
208
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
209
Sun May 29 12:02:50 2016 us=329970 pkcs11_private_mode = 00000000
210
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
211
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
212
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
213
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
214
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
215
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
216
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
217
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
218
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
219
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
220
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
221
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
222
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
223
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
224
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
225
Sun May 29 12:02:50 2016 us=329970 pkcs11_cert_private = DISABLED
226
Sun May 29 12:02:50 2016 us=329970 pkcs11_pin_cache_period = -1
227
Sun May 29 12:02:50 2016 us=329970 pkcs11_id = '[UNDEF]'
228
Sun May 29 12:02:50 2016 us=329970 pkcs11_id_management = DISABLED
229
Sun May 29 12:02:50 2016 us=329970 server_network = 0.0.0.0
230
Sun May 29 12:02:50 2016 us=329970 server_netmask = 0.0.0.0
231
Sun May 29 12:02:50 2016 us=329970 server_network_ipv6 = ::
232
Sun May 29 12:02:50 2016 us=329970 server_netbits_ipv6 = 0
233
Sun May 29 12:02:50 2016 us=329970 server_bridge_ip = 0.0.0.0
234
Sun May 29 12:02:50 2016 us=329970 server_bridge_netmask = 0.0.0.0
235
Sun May 29 12:02:50 2016 us=329970 server_bridge_pool_start = 0.0.0.0
236
Sun May 29 12:02:50 2016 us=329970 server_bridge_pool_end = 0.0.0.0
237
Sun May 29 12:02:50 2016 us=329970 ifconfig_pool_defined = DISABLED
238
Sun May 29 12:02:50 2016 us=329970 ifconfig_pool_start = 0.0.0.0
239
Sun May 29 12:02:50 2016 us=329970 ifconfig_pool_end = 0.0.0.0
240
Sun May 29 12:02:50 2016 us=329970 ifconfig_pool_netmask = 0.0.0.0
241
Sun May 29 12:02:50 2016 us=329970 ifconfig_pool_persist_filename = '[UNDEF]'
242
Sun May 29 12:02:50 2016 us=329970 ifconfig_pool_persist_refresh_freq = 600
243
Sun May 29 12:02:50 2016 us=329970 ifconfig_ipv6_pool_defined = DISABLED
244
Sun May 29 12:02:50 2016 us=329970 ifconfig_ipv6_pool_base = ::
245
Sun May 29 12:02:50 2016 us=329970 ifconfig_ipv6_pool_netbits = 0
246
Sun May 29 12:02:50 2016 us=329970 n_bcast_buf = 256
247
Sun May 29 12:02:50 2016 us=329970 tcp_queue_limit = 64
248
Sun May 29 12:02:50 2016 us=329970 real_hash_size = 256
249
Sun May 29 12:02:50 2016 us=329970 virtual_hash_size = 256
250
Sun May 29 12:02:50 2016 us=329970 client_connect_script = '[UNDEF]'
251
Sun May 29 12:02:50 2016 us=329970 learn_address_script = '[UNDEF]'
252
Sun May 29 12:02:50 2016 us=329970 client_disconnect_script = '[UNDEF]'
253
Sun May 29 12:02:50 2016 us=329970 client_config_dir = '[UNDEF]'
254
Sun May 29 12:02:50 2016 us=329970 ccd_exclusive = DISABLED
255
Sun May 29 12:02:50 2016 us=329970 tmp_dir = 'C:\Users\sgww\AppData\Local\Temp\'
256
Sun May 29 12:02:50 2016 us=329970 push_ifconfig_defined = DISABLED
257
Sun May 29 12:02:50 2016 us=329970 push_ifconfig_local = 0.0.0.0
258
Sun May 29 12:02:50 2016 us=329970 push_ifconfig_remote_netmask = 0.0.0.0
259
Sun May 29 12:02:50 2016 us=329970 push_ifconfig_ipv6_defined = DISABLED
260
Sun May 29 12:02:50 2016 us=329970 push_ifconfig_ipv6_local = ::/0
261
Sun May 29 12:02:50 2016 us=329970 push_ifconfig_ipv6_remote = ::
262
Sun May 29 12:02:50 2016 us=329970 enable_c2c = DISABLED
263
Sun May 29 12:02:50 2016 us=329970 duplicate_cn = DISABLED
264
Sun May 29 12:02:50 2016 us=329970 cf_max = 0
265
Sun May 29 12:02:50 2016 us=329970 cf_per = 0
266
Sun May 29 12:02:50 2016 us=329970 max_clients = 1024
267
Sun May 29 12:02:50 2016 us=329970 max_routes_per_client = 256
268
Sun May 29 12:02:50 2016 us=329970 auth_user_pass_verify_script = '[UNDEF]'
269
Sun May 29 12:02:50 2016 us=329970 auth_user_pass_verify_script_via_file = DISABLED
270
Sun May 29 12:02:50 2016 us=329970 client = ENABLED
271
Sun May 29 12:02:50 2016 us=329970 pull = ENABLED
272
Sun May 29 12:02:50 2016 us=329970 auth_user_pass_file = 'stdin'
273
Sun May 29 12:02:50 2016 us=329970 show_net_up = DISABLED
274
Sun May 29 12:02:50 2016 us=329970 route_method = 0
275
Sun May 29 12:02:50 2016 us=329970 block_outside_dns = DISABLED
276
Sun May 29 12:02:50 2016 us=329970 ip_win32_defined = DISABLED
277
Sun May 29 12:02:50 2016 us=329970 ip_win32_type = 3
278
Sun May 29 12:02:50 2016 us=329970 dhcp_masq_offset = 0
279
Sun May 29 12:02:50 2016 us=329970 dhcp_lease_time = 31536000
280
Sun May 29 12:02:50 2016 us=329970 tap_sleep = 0
281
Sun May 29 12:02:50 2016 us=329970 dhcp_options = DISABLED
282
Sun May 29 12:02:50 2016 us=329970 dhcp_renew = DISABLED
283
Sun May 29 12:02:50 2016 us=329970 dhcp_pre_release = DISABLED
284
Sun May 29 12:02:50 2016 us=329970 dhcp_release = DISABLED
285
Sun May 29 12:02:50 2016 us=329970 domain = '[UNDEF]'
286
Sun May 29 12:02:50 2016 us=329970 netbios_scope = '[UNDEF]'
287
Sun May 29 12:02:50 2016 us=329970 netbios_node_type = 0
288
Sun May 29 12:02:50 2016 us=329970 disable_nbt = DISABLED
289
Sun May 29 12:02:50 2016 us=329970 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
290
Sun May 29 12:02:50 2016 us=329970 Windows version 6.2 (Windows 8 or greater) 64bit
291
Sun May 29 12:02:50 2016 us=329970 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
292
Enter Management Password:
293
Sun May 29 12:02:50 2016 us=329970 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
294
Sun May 29 12:02:50 2016 us=329970 Need hold release from management interface, waiting...
295
Sun May 29 12:02:50 2016 us=830025 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
296
Sun May 29 12:02:50 2016 us=939407 MANAGEMENT: CMD 'state on'
297
Sun May 29 12:02:50 2016 us=939407 MANAGEMENT: CMD 'log all on'
298
Sun May 29 12:02:51 2016 us=64383 MANAGEMENT: CMD 'hold off'
299
Sun May 29 12:02:51 2016 us=64383 MANAGEMENT: CMD 'hold release'
300
Sun May 29 12:03:05 2016 us=48659 MANAGEMENT: CMD 'username "Auth" "svpn149"'
301
Sun May 29 12:03:05 2016 us=48659 MANAGEMENT: CMD 'password [...]'
302
Sun May 29 12:03:05 2016 us=48659 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html
303
Sun May 29 12:03:05 2016 us=158011 LZO compression initialized
304
Sun May 29 12:03:05 2016 us=173636 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
305
Sun May 29 12:03:05 2016 us=173636 Control Channel MTU parms [ L:1444 D:1210 EF:40 EB:0 ET:0 EL:3 ]
306
Sun May 29 12:03:05 2016 us=173636 Socket Buffers: R=[65536->65536] S=[65536->65536]
307
Sun May 29 12:03:05 2016 us=173636 MANAGEMENT: >STATE:1464512585,RESOLVE,,,
308
Sun May 29 12:03:05 2016 us=345550 Data Channel MTU parms [ L:1444 D:1444 EF:44 EB:143 ET:0 EL:3 AF:3/1 ]
309
Sun May 29 12:03:05 2016 us=345550 Local Options String: 'V4,dev-type tun,link-mtu 1444,tun-mtu 1400,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
310
Sun May 29 12:03:05 2016 us=345550 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1444,tun-mtu 1400,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
311
Sun May 29 12:03:05 2016 us=345550 Local Options hash (VER=V4): '7dfc3732'
312
Sun May 29 12:03:05 2016 us=345550 Expected Remote Options hash (VER=V4): '347277f0'
313
Sun May 29 12:03:05 2016 us=345550 Attempting to establish TCP connection with [AF_INET]*.*.*.*:443 [nonblock]
314
Sun May 29 12:03:05 2016 us=345550 MANAGEMENT: >STATE:1464512585,TCP_CONNECT,,,
315
Sun May 29 12:03:06 2016 us=345579 TCP connection established with [AF_INET]*.*.*.*:443
316
Sun May 29 12:03:06 2016 us=345579 TCPv4_CLIENT link local: [undef]
317
Sun May 29 12:03:06 2016 us=345579 TCPv4_CLIENT link remote: [AF_INET]*.*.*.*:443
318
Sun May 29 12:03:06 2016 us=345579 MANAGEMENT: >STATE:1464512586,WAIT,,,
319
Sun May 29 12:03:06 2016 us=423730 MANAGEMENT: >STATE:1464512586,AUTH,,,
320
Sun May 29 12:03:06 2016 us=423730 TLS: Initial packet from [AF_INET]*.*.*.*:443, sid=f00e72e7 96cfdb5e
321
Sun May 29 12:03:06 2016 us=423730 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
322
Sun May 29 12:03:06 2016 us=736247 VERIFY OK: depth=1, C=HK, ST=HK, L=Hong Kong, O=IT Privacy limited, OU=secretvpn, CN=IT Privacy limited CA, name=EasyRSA, emailAddress=support@secretvpn.net
323
Sun May 29 12:03:06 2016 us=736247 VERIFY OK: depth=0, C=HK, ST=HK, L=Hong Kong, O=IT Privacy limited, OU=secretvpn, CN=server1, name=EasyRSA, emailAddress=support@secretvpn.net
324
Sun May 29 12:03:07 2016 us=79994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
325
Sun May 29 12:03:07 2016 us=79994 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
326
Sun May 29 12:03:07 2016 us=79994 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
327
Sun May 29 12:03:07 2016 us=79994 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
328
Sun May 29 12:03:07 2016 us=79994 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
329
Sun May 29 12:03:07 2016 us=79994 [server1] Peer Connection Initiated with [AF_INET]*.*.*.*:443
330
Sun May 29 12:03:08 2016 us=113413 MANAGEMENT: >STATE:1464512588,GET_CONFIG,,,
331
Sun May 29 12:03:09 2016 us=149752 SENT CONTROL [server1]: 'PUSH_REQUEST' (status=1)
332
Sun May 29 12:03:09 2016 us=290389 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,block-outside-dns,route 10.8.0.1,topology net30,ifconfig 10.8.0.6 10.8.0.5'
333
Sun May 29 12:03:09 2016 us=290389 OPTIONS IMPORT: --ifconfig/up options modified
334
Sun May 29 12:03:09 2016 us=290389 OPTIONS IMPORT: route options modified
335
Sun May 29 12:03:09 2016 us=290389 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
336
Sun May 29 12:03:09 2016 us=321637 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 I=12 HWADDR=c4:85:08:97:45:1e
337
Sun May 29 12:03:09 2016 us=368514 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
338
Sun May 29 12:03:09 2016 us=368514 MANAGEMENT: >STATE:1464512589,ASSIGN_IP,,10.8.0.6,
339
Sun May 29 12:03:09 2016 us=368514 open_tun, tt->ipv6=0
340
Sun May 29 12:03:09 2016 us=368514 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{8373657A-5DAE-449A-B7D7-4D5261EB0E84}.tap
341
Sun May 29 12:03:09 2016 us=368514 TAP-Windows Driver Version 9.21
342
Sun May 29 12:03:09 2016 us=368514 TAP-Windows MTU=1500
343
Sun May 29 12:03:09 2016 us=384150 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {8373657A-5DAE-449A-B7D7-4D5261EB0E84} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
344
Sun May 29 12:03:09 2016 us=384150 DHCP option string: 06080808 08080808 0404
345
Sun May 29 12:03:09 2016 us=384150 Successful ARP Flush on interface [59] {8373657A-5DAE-449A-B7D7-4D5261EB0E84}
346
Sun May 29 12:03:09 2016 us=446636 Blocking outside DNS
347
Sun May 29 12:03:09 2016 us=446636 Opening WFP engine
348
Sun May 29 12:03:09 2016 us=446636 Adding WFP sublayer
349
Sun May 29 12:03:09 2016 us=462263 Blocking DNS using WFP
350
Sun May 29 12:03:09 2016 us=462263 Tap Luid: 1688850011258880
351
Sun May 29 12:03:09 2016 us=462263 Filter (Permit OpenVPN IPv4 DNS) added with ID=1384084
352
Sun May 29 12:03:09 2016 us=462263 Filter (Permit OpenVPN IPv6 DNS) added with ID=1384085
353
Sun May 29 12:03:09 2016 us=462263 Filter (Block IPv4 DNS) added with ID=1384086
354
Sun May 29 12:03:09 2016 us=462263 Filter (Block IPv6 DNS) added with ID=1384087
355
Sun May 29 12:03:09 2016 us=462263 Filter (Permit IPv4 DNS queries from TAP) added with ID=1384088
356
Sun May 29 12:03:09 2016 us=462263 Filter (Permit IPv6 DNS queries from TAP) added with ID=1384089
357
Sun May 29 12:03:14 2016 us=451554 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
358
Sun May 29 12:03:14 2016 us=451554 C:\Windows\system32\route.exe ADD *.*.*.* MASK 255.255.255.255 192.168.43.1
359
Sun May 29 12:03:14 2016 us=467178 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
360
Sun May 29 12:03:14 2016 us=467178 Route addition via IPAPI succeeded [adaptive]
361
Sun May 29 12:03:14 2016 us=467178 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
362
Sun May 29 12:03:14 2016 us=482801 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
363
Sun May 29 12:03:14 2016 us=482801 Route addition via IPAPI succeeded [adaptive]
364
Sun May 29 12:03:14 2016 us=482801 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
365
Sun May 29 12:03:14 2016 us=498426 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
366
Sun May 29 12:03:14 2016 us=498426 Route addition via IPAPI succeeded [adaptive]
367
Sun May 29 12:03:14 2016 us=498426 MANAGEMENT: >STATE:1464512594,ADD_ROUTES,,,
368
Sun May 29 12:03:14 2016 us=498426 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
369
Sun May 29 12:03:14 2016 us=514052 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
370
Sun May 29 12:03:14 2016 us=514052 Route addition via IPAPI succeeded [adaptive]
371
Sun May 29 12:03:14 2016 us=514052 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
372
Sun May 29 12:03:14 2016 us=514052 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
373
Sun May 29 12:03:14 2016 us=514052 Route addition via IPAPI succeeded [adaptive]
374
Sun May 29 12:03:14 2016 us=514052 Initialization Sequence Completed
375
Sun May 29 12:03:14 2016 us=514052 MANAGEMENT: >STATE:1464512594,CONNECTED,SUCCESS,10.8.0.6,*.*.*.*
376
Sun May 29 12:06:44 2016 us=255537 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
377
Sun May 29 12:06:44 2016 us=255537 Connection reset, restarting [-1]
378
Sun May 29 12:06:44 2016 us=255537 TCP/UDP: Closing socket
379
Sun May 29 12:06:44 2016 us=255537 SIGUSR1[soft,connection-reset] received, process restarting
380
Sun May 29 12:06:44 2016 us=255537 MANAGEMENT: >STATE:1464512804,RECONNECTING,connection-reset,,
381
Sun May 29 12:06:44 2016 us=255537 Restart pause, 5 second(s)
382
Sun May 29 12:06:49 2016 us=256842 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html
383
Sun May 29 12:06:49 2016 us=256842 Re-using SSL/TLS context
384
Sun May 29 12:06:49 2016 us=256842 LZO compression initialized
385
Sun May 29 12:06:49 2016 us=256842 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
386
Sun May 29 12:06:49 2016 us=256842 Control Channel MTU parms [ L:1444 D:1210 EF:40 EB:0 ET:0 EL:3 ]
387
Sun May 29 12:06:49 2016 us=256842 Socket Buffers: R=[65536->65536] S=[65536->65536]
388
Sun May 29 12:06:49 2016 us=256842 MANAGEMENT: >STATE:1464512809,RESOLVE,,,
389
Sun May 29 12:07:01 2016 us=273773 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
390
Sun May 29 12:07:01 2016 us=273773 Data Channel MTU parms [ L:1444 D:1444 EF:44 EB:143 ET:0 EL:3 AF:3/1 ]
391
Sun May 29 12:07:01 2016 us=273773 Local Options String: 'V4,dev-type tun,link-mtu 1444,tun-mtu 1400,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
392
Sun May 29 12:07:01 2016 us=273773 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1444,tun-mtu 1400,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
393
Sun May 29 12:07:01 2016 us=273773 Local Options hash (VER=V4): '7dfc3732'
394
Sun May 29 12:07:01 2016 us=273773 Expected Remote Options hash (VER=V4): '347277f0'
395
Sun May 29 12:07:01 2016 us=273773 MANAGEMENT: >STATE:1464512821,RESOLVE,,,
396
Sun May 29 12:07:13 2016 us=302359 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
397
Sun May 29 12:07:30 2016 us=346983 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
398
Sun May 29 12:07:47 2016 us=390154 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
399
Sun May 29 12:08:04 2016 us=421238 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
400
Sun May 29 12:08:21 2016 us=460368 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
401
Sun May 29 12:08:38 2016 us=498007 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
402
Sun May 29 12:08:55 2016 us=550962 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
403
Sun May 29 12:09:12 2016 us=615410 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
404
Sun May 29 12:09:29 2016 us=672182 RESOLVE: Cannot resolve host address: server1.ourvpn.domain: Этот хост неизвестен.
System DNS does not work too until the current openvpn connection manyally close.
Code: Select all
C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 8.8.8.8
> openvpn.net
Server: UnKnown
Address: 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
>-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: block-outside-dns and cannot resolve host address issue
Try addingSGWW wrote:Sun May 29 12:03:14 2016 us=514052 MANAGEMENT: STATE:1464512594,CONNECTED,SUCCESS,10.8.0.6,*.*.*.*
Sun May 29 12:06:44 2016 us=255537 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Sun May 29 12:06:44 2016 us=255537 Connection reset, restarting [-1]
Sun May 29 12:06:44 2016 us=255537 TCP/UDP: Closing socket
Code: Select all
keepalive 10 60-
SGWW
- OpenVpn Newbie
- Posts: 7
- Joined: Tue May 20, 2014 11:17 am
Re: block-outside-dns and cannot resolve host address issue
I've tried, nothing has changed
-
FalconTent
- OpenVpn Newbie
- Posts: 18
- Joined: Fri Sep 12, 2014 3:29 pm
Re: block-outside-dns and cannot resolve host address issue
Try removing this:
from your client config.
Code: Select all
persist-key
persist-tun-
SGWW
- OpenVpn Newbie
- Posts: 7
- Joined: Tue May 20, 2014 11:17 am
Re: block-outside-dns and cannot resolve host address issue
Wow, Windowsectomy, thank you so much!
Remove persist-tun fixes this issue.
Remove persist-tun fixes this issue.