block-outside-dns for linux

[TommyKL]

Wasn't sure how to ask my question in the subject but here I will explain.

In my client-template.txt file, I have
setenv opt block-outside-dns

The clients are only Linux however and I have read the man page which says this option is only for windows clients.
However, it then says
>You may want to use --setenv opt

The clients all get the error when connecting. It doesn't seem to affect anything but wanted to know what is the correct method of preventing Linux clients from using the vpn servers DNS. I want the clients to use their own local DNS server.

On the client, it is using the local DNS but the vpn server DNS show in the client vpn log.

Sun Nov 4 17:27:38 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS x.x.x.16,dhcp-option DNS x.x.x.15,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.3 255.255.248.0,peer-id 0,cipher AES-256-GCM'

In the server.conf I have
push "dhcp-option DNS x.x.x.16"
push "dhcp-option DNS x.x.x.15"
#push "redirect-gateway def1 bypass-dhcp"

[TinCanTech]

what is the correct method of preventing Linux clients from using the vpn servers DNS. I want the clients to use their own local DNS server

In the server.conf I have
push "dhcp-option DNS x.x.x.16"
push "dhcp-option DNS x.x.x.15"

Then do not push DNS servers to your clients.

[TommyKL]

As mentioned, they are in fact using the local DNS servers (I tested this) which is why I am asking the question.
I inherited the setup, don't know much about it and this seemed odd to me when looking at it.

[TinCanTech]

which is why I am asking the question

Which question ?

I inherited the setup

Then you will want to read the docs.

[TommyKL]

Read the doc is a childish response. I said I've been searching and reading. I also said I inherited this and am just learning as I go.
If you don't want to help, just move on, don't help.

[TinCanTech]

Read the doc is a childish response

OK .. so we will stop writing the manual and howto etc.

[TommyKL]

Again, a childish response. Why even bother?

As I clearly show in one of my responses, I have been reading manuals, docs, posts etc. Don't bother reading that I've done that and instead, keep wasting my post with your childish responses. As this gets indexed, others will find this and wonder why these forums aren't very friendly or useful to someone new. Only the elite helping the elite it seems.

[TinCanTech]

As I clearly show in one of my responses,

You do not clearly state anything in any of your posts, as per your claim of:

Wasn't sure how to ask my question

.. I will expand on this later.

I have been reading manuals, docs, posts etc.

Focus on the Howto and the manual for the best results. (In that order)


Expanding ..

Just a little from previously,

• which is why I am asking the question

  Which question ?
  

  I inherited the setup

  Then you will want to read the docs.

  Please, explain the question and read the docs.

• I inherited the setup, don't know much about it and this seemed odd to me when looking at it.

  It is your job, i presume, so you will need to read the docs,

• Wasn't sure how to ask my question in the subject but here I will explain.
  
  In my client-template.txt file, I have
  setenv opt block-outside-dns
  
  The clients are only Linux however and I have read the man page which says this option is only for windows clients.
  However, it then says
  >You may want to use --setenv opt
  
  The clients all get the error when connecting. It doesn't seem to affect anything but

  You have .. read the man page about this option and understand how it works,
  
  by now ?

• what is the correct method of preventing Linux clients from using the vpn servers DNS. I want the clients to use their own local DNS server

  Then do not push DNS servers to your clients

  You asked a direct question and got a direct answer.

Again, a childish response. Why even bother?

I have answered all the questions accurately ..

And, for the record, Openvpn does not have anything to do with DNS.
All Openvpn does is push a string to the client which the client can use or not.

And for posterity: viewtopic.php?f=30&t=22603


ciao

[TommyKL]

Sorry but you are just trying to pick on me for no good reason what so ever. Sorry that I am not as knowledgeable as you are. Maybe I will become more knowledgeable if you don't insult me to the pointy where I never want to post on this site again.

I'm not interested in arguing or breaking down comments so that we can nit pick.

I clearly said;

>In the server.conf I have
>push "dhcp-option DNS x.x.x.16"
>push "dhcp-option DNS x.x.x.15"
>#push "redirect-gateway def1 bypass-dhcp"

Your answer was that the config is pushing the DNS to the clients. Yet I also answered that by telling you that no, it's not working that way.

>As mentioned, they are in fact using the local DNS servers (I tested this) which is why I am asking the question.
>I inherited the setup, don't know much about it and this seemed odd to me when looking at it.

Pretty simple question. I'm not asking about DNS either, I'm asking very specifically about the configuration contents that I have read about but do not understand enough so thought I would ask here.

[TinCanTech]

you are just trying to pick on me for no good reason what so ever

* sigh *

No, I am not .. but this post is meant to help avoid this sort of confusion.

Please read it.

Pretty simple question

I do not understand what your question is ..

But ..... I'll give this a shot!

I clearly said;

>In the server.conf I have
>push "dhcp-option DNS x.x.x.16"
>push "dhcp-option DNS x.x.x.15"
>#push "redirect-gateway def1 bypass-dhcp"

Your answer was that the config is pushing the DNS to the clients.

Which it is, provided the client is configured correctly.

Yet I also answered that by telling you that no, it's not working that way.

Ok, then your client is probably not configured correctly.

>As mentioned, they are in fact using the local DNS servers (I tested this) which is why I am asking the question.

Did i answer your question ?

>I inherited the setup, don't know much about it and this seemed odd to me when looking at it.

Openvpn looks odd to everybody when they first see it which is why you have to read the docs.

If you really get stuck then you can contact me : tincanteksup <at> gmail

Addendum:

Following your second post, I said this:

which is why I am asking the question

Which question ?

Because I do not know what your question is ..

I inherited the setup

Then you will want to read the docs.

Because everybody has to read the docs.

And you jump to this:

Read the doc is a childish response

Being advised to read the docs is not childish ..

But calling other people names .. .. ..



FYI:
search.php?author_id=45096&sr=posts

[TinCanTech]

I believe you can request this entire thread be deleted -- By Order of: GDPR

It is an option which you can exercise.

[TommyKL]

Look, first, I appreciate any help that is offered in forums and fully understand that no one is being forced to respond.
Second, I've been around forums long enough to understand that you don't bother posting unless you've already done some research, already tried to understand but need more help. I understand that many people come to forums expecting help without bothering to read docs and information.

However, I've said in this thread that I HAVE searched, I have read and that I am now at the point where I cannot help myself since I simply do not yet have that knowledge and so need help. Hence, this is why I posted the question so to immediately get a RTM really really sucks, especially from what appears to be an elder on this site no less.

If I asked the question it is because I have to ask a human being at this point, docs are not helping me, a person that doesn't fully understand OVPN but certainly am trying to as I continue trying to solve some problems. I didn't post all of the things that I have no idea about yet, only this which is confusing me.

You finally answered after telling me I've not asked a question yet or at least have not clearly defined it yet I've posted all that I know at this time and happy to post more if someone that actually cares to help another human being comes along asking me to supply more information.

So no, I'm not here to play games, I'm not here to get into flame wars or any other nonsense, I am here because there are some things I have not been able to solve on my own. You finally said 'something is not configured right on the client', great, there's a lead now, something I can dig into it. Of course, since I don't yet know openvpn yet, I'm not even sure where to start since that is a very broad statement.

I do have other questions, things I've been struggling with for weeks but now am nervous asking asking anything in these forums because I feel that I am now on your radar and each time I post, you'll come back in this way, always telling me to read the manual, learn the software and generally wasting any thread I start.

I hope that will not be the case especially since I mentioned it but I have no idea since I am new here and my first experience was this.

You tell me, how the heck am I supposed to learn if you won't bother helping people like myself who ARE trying to learn?

[TinCanTech]

This is from your OP:

Wasn't sure how to ask my question

This is how to ask:
viewtopic.php?f=30&t=22603#p68963

Sorry .. I just do not understand what your question is .. at this time.

[TommyKL]

I would post it again but as I have explained, I am new so not sure how to ask other than what I've shared so far.
I've been around forums long enough o know how to ask a question but if I don't know much about what I am working with, there needs to be a starting point which is what I did.

I was happy to give more information but no one is going to bother reading this at this point.

[TinCanTech]

I have answered the three questions I managed to delicately pick out of your thread.

And You have obstinately refused to co-operate ...

Cat 'n' Mouse ..

This is why They wrote the Manual AND the Howto..
And I wrote this: viewtopic.php?f=30&t=22603#p68963

Goto what ever source you use and figure out openvpn --log and --verb ...

[TinCanTech]

Re:

--block-outside-dns

for linux

Try google.

[magikarpbaby]

Read the doc is a childish response. I said I've been searching and reading. I also said I inherited this and am just learning as I go.
If you don't want to help, just move on, don't help.

I agreed with you. Such a childish and even useless response from those "professional".
There is nothing to feel shame why you want to find a tldr solution from the internet. You waste time to write a long question and replies just to see they answer with a very short and not useful.

[300000]

windows automatic get dns from all network card so maybe it is not inten dns you want openvpn client to use and it is maybe insecu so for the win dows they make block-outside-dns to block windows get dns server from outside openvpn tunnel . that is all windows only . if you not sure just add

push "dhcp-option DNS 192.168.90.1 "
push "block-outside-dns"

if you add this into your server config will send all infor to client and client will only use dns 192.168.90.1 so the risk insecu will be less .