block-outside-dns for linux
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
block-outside-dns for linux
Wasn't sure how to ask my question in the subject but here I will explain.
In my client-template.txt file, I have
setenv opt block-outside-dns
The clients are only Linux however and I have read the man page which says this option is only for windows clients.
However, it then says
>You may want to use --setenv opt
The clients all get the error when connecting. It doesn't seem to affect anything but wanted to know what is the correct method of preventing Linux clients from using the vpn servers DNS. I want the clients to use their own local DNS server.
On the client, it is using the local DNS but the vpn server DNS show in the client vpn log.
Sun Nov 4 17:27:38 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS x.x.x.16,dhcp-option DNS x.x.x.15,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.3 255.255.248.0,peer-id 0,cipher AES-256-GCM'
In the server.conf I have
push "dhcp-option DNS x.x.x.16"
push "dhcp-option DNS x.x.x.15"
#push "redirect-gateway def1 bypass-dhcp"
In my client-template.txt file, I have
setenv opt block-outside-dns
The clients are only Linux however and I have read the man page which says this option is only for windows clients.
However, it then says
>You may want to use --setenv opt
The clients all get the error when connecting. It doesn't seem to affect anything but wanted to know what is the correct method of preventing Linux clients from using the vpn servers DNS. I want the clients to use their own local DNS server.
On the client, it is using the local DNS but the vpn server DNS show in the client vpn log.
Sun Nov 4 17:27:38 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS x.x.x.16,dhcp-option DNS x.x.x.15,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.3 255.255.248.0,peer-id 0,cipher AES-256-GCM'
In the server.conf I have
push "dhcp-option DNS x.x.x.16"
push "dhcp-option DNS x.x.x.15"
#push "redirect-gateway def1 bypass-dhcp"
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
Then do not push DNS servers to your clients.
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: block-outside-dns for linux
As mentioned, they are in fact using the local DNS servers (I tested this) which is why I am asking the question.
I inherited the setup, don't know much about it and this seemed odd to me when looking at it.
I inherited the setup, don't know much about it and this seemed odd to me when looking at it.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: block-outside-dns for linux
Read the doc is a childish response. I said I've been searching and reading. I also said I inherited this and am just learning as I go.
If you don't want to help, just move on, don't help.
If you don't want to help, just move on, don't help.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: block-outside-dns for linux
Again, a childish response. Why even bother?
As I clearly show in one of my responses, I have been reading manuals, docs, posts etc. Don't bother reading that I've done that and instead, keep wasting my post with your childish responses. As this gets indexed, others will find this and wonder why these forums aren't very friendly or useful to someone new. Only the elite helping the elite it seems.
As I clearly show in one of my responses, I have been reading manuals, docs, posts etc. Don't bother reading that I've done that and instead, keep wasting my post with your childish responses. As this gets indexed, others will find this and wonder why these forums aren't very friendly or useful to someone new. Only the elite helping the elite it seems.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
You do not clearly state anything in any of your posts, as per your claim of:
.. I will expand on this later.
Focus on the Howto and the manual for the best results. (In that order)
Expanding ..
Just a little from previously,
Please, explain the question and read the docs.
It is your job, i presume, so you will need to read the docs,
You have .. read the man page about this option and understand how it works,TommyKL wrote: ↑Sun Nov 04, 2018 5:20 pmWasn't sure how to ask my question in the subject but here I will explain.
In my client-template.txt file, I have
setenv opt block-outside-dns
The clients are only Linux however and I have read the man page which says this option is only for windows clients.
However, it then says
>You may want to use --setenv opt
The clients all get the error when connecting. It doesn't seem to affect anything but
by now ?You asked a direct question and got a direct answer.
I have answered all the questions accurately ..
And, for the record, Openvpn does not have anything to do with DNS.
All Openvpn does is push a string to the client which the client can use or not.
And for posterity: viewtopic.php?f=30&t=22603
ciao
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: block-outside-dns for linux
Sorry but you are just trying to pick on me for no good reason what so ever. Sorry that I am not as knowledgeable as you are. Maybe I will become more knowledgeable if you don't insult me to the pointy where I never want to post on this site again.
I'm not interested in arguing or breaking down comments so that we can nit pick.
I clearly said;
>In the server.conf I have
>push "dhcp-option DNS x.x.x.16"
>push "dhcp-option DNS x.x.x.15"
>#push "redirect-gateway def1 bypass-dhcp"
Your answer was that the config is pushing the DNS to the clients. Yet I also answered that by telling you that no, it's not working that way.
>As mentioned, they are in fact using the local DNS servers (I tested this) which is why I am asking the question.
>I inherited the setup, don't know much about it and this seemed odd to me when looking at it.
Pretty simple question. I'm not asking about DNS either, I'm asking very specifically about the configuration contents that I have read about but do not understand enough so thought I would ask here.
I'm not interested in arguing or breaking down comments so that we can nit pick.
I clearly said;
>In the server.conf I have
>push "dhcp-option DNS x.x.x.16"
>push "dhcp-option DNS x.x.x.15"
>#push "redirect-gateway def1 bypass-dhcp"
Your answer was that the config is pushing the DNS to the clients. Yet I also answered that by telling you that no, it's not working that way.
>As mentioned, they are in fact using the local DNS servers (I tested this) which is why I am asking the question.
>I inherited the setup, don't know much about it and this seemed odd to me when looking at it.
Pretty simple question. I'm not asking about DNS either, I'm asking very specifically about the configuration contents that I have read about but do not understand enough so thought I would ask here.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
* sigh *
No, I am not .. but this post is meant to help avoid this sort of confusion.
Please read it.
I do not understand what your question is ..
But ..... I'll give this a shot!
Which it is, provided the client is configured correctly.
Ok, then your client is probably not configured correctly.
Did i answer your question ?
Openvpn looks odd to everybody when they first see it which is why you have to read the docs.
If you really get stuck then you can contact me : tincanteksup <at> gmail
Addendum:
Following your second post, I said this:
Because I do not know what your question is ..
Because everybody has to read the docs.
And you jump to this:
Being advised to read the docs is not childish ..
But calling other people names .. .. ..
FYI:
search.php?author_id=45096&sr=posts
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
I believe you can request this entire thread be deleted -- By Order of: GDPR
It is an option which you can exercise.
It is an option which you can exercise.
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: block-outside-dns for linux
Look, first, I appreciate any help that is offered in forums and fully understand that no one is being forced to respond.
Second, I've been around forums long enough to understand that you don't bother posting unless you've already done some research, already tried to understand but need more help. I understand that many people come to forums expecting help without bothering to read docs and information.
However, I've said in this thread that I HAVE searched, I have read and that I am now at the point where I cannot help myself since I simply do not yet have that knowledge and so need help. Hence, this is why I posted the question so to immediately get a RTM really really sucks, especially from what appears to be an elder on this site no less.
If I asked the question it is because I have to ask a human being at this point, docs are not helping me, a person that doesn't fully understand OVPN but certainly am trying to as I continue trying to solve some problems. I didn't post all of the things that I have no idea about yet, only this which is confusing me.
You finally answered after telling me I've not asked a question yet or at least have not clearly defined it yet I've posted all that I know at this time and happy to post more if someone that actually cares to help another human being comes along asking me to supply more information.
So no, I'm not here to play games, I'm not here to get into flame wars or any other nonsense, I am here because there are some things I have not been able to solve on my own. You finally said 'something is not configured right on the client', great, there's a lead now, something I can dig into it. Of course, since I don't yet know openvpn yet, I'm not even sure where to start since that is a very broad statement.
I do have other questions, things I've been struggling with for weeks but now am nervous asking asking anything in these forums because I feel that I am now on your radar and each time I post, you'll come back in this way, always telling me to read the manual, learn the software and generally wasting any thread I start.
I hope that will not be the case especially since I mentioned it but I have no idea since I am new here and my first experience was this.
You tell me, how the heck am I supposed to learn if you won't bother helping people like myself who ARE trying to learn?
Second, I've been around forums long enough to understand that you don't bother posting unless you've already done some research, already tried to understand but need more help. I understand that many people come to forums expecting help without bothering to read docs and information.
However, I've said in this thread that I HAVE searched, I have read and that I am now at the point where I cannot help myself since I simply do not yet have that knowledge and so need help. Hence, this is why I posted the question so to immediately get a RTM really really sucks, especially from what appears to be an elder on this site no less.
If I asked the question it is because I have to ask a human being at this point, docs are not helping me, a person that doesn't fully understand OVPN but certainly am trying to as I continue trying to solve some problems. I didn't post all of the things that I have no idea about yet, only this which is confusing me.
You finally answered after telling me I've not asked a question yet or at least have not clearly defined it yet I've posted all that I know at this time and happy to post more if someone that actually cares to help another human being comes along asking me to supply more information.
So no, I'm not here to play games, I'm not here to get into flame wars or any other nonsense, I am here because there are some things I have not been able to solve on my own. You finally said 'something is not configured right on the client', great, there's a lead now, something I can dig into it. Of course, since I don't yet know openvpn yet, I'm not even sure where to start since that is a very broad statement.
I do have other questions, things I've been struggling with for weeks but now am nervous asking asking anything in these forums because I feel that I am now on your radar and each time I post, you'll come back in this way, always telling me to read the manual, learn the software and generally wasting any thread I start.
I hope that will not be the case especially since I mentioned it but I have no idea since I am new here and my first experience was this.
You tell me, how the heck am I supposed to learn if you won't bother helping people like myself who ARE trying to learn?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
This is from your OP:
viewtopic.php?f=30&t=22603#p68963
Sorry .. I just do not understand what your question is .. at this time.
This is how to ask:
viewtopic.php?f=30&t=22603#p68963
Sorry .. I just do not understand what your question is .. at this time.
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: block-outside-dns for linux
I would post it again but as I have explained, I am new so not sure how to ask other than what I've shared so far.
I've been around forums long enough o know how to ask a question but if I don't know much about what I am working with, there needs to be a starting point which is what I did.
I was happy to give more information but no one is going to bother reading this at this point.
I've been around forums long enough o know how to ask a question but if I don't know much about what I am working with, there needs to be a starting point which is what I did.
I was happy to give more information but no one is going to bother reading this at this point.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
I have answered the three questions I managed to delicately pick out of your thread.
And You have obstinately refused to co-operate ...
Cat 'n' Mouse ..
This is why They wrote the Manual AND the Howto..
And I wrote this: viewtopic.php?f=30&t=22603#p68963
Goto what ever source you use and figure out openvpn --log and --verb ...
And You have obstinately refused to co-operate ...
Cat 'n' Mouse ..
This is why They wrote the Manual AND the Howto..
And I wrote this: viewtopic.php?f=30&t=22603#p68963
Goto what ever source you use and figure out openvpn --log and --verb ...
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: block-outside-dns for linux
Re:
--block-outside-dns
for linux
Try google.
--block-outside-dns
for linux
Try google.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue May 05, 2020 3:43 pm
Re: block-outside-dns for linux
I agreed with you. Such a childish and even useless response from those "professional".
There is nothing to feel shame why you want to find a tldr solution from the internet. You waste time to write a long question and replies just to see they answer with a very short and not useful.
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: block-outside-dns for linux
windows automatic get dns from all network card so maybe it is not inten dns you want openvpn client to use and it is maybe insecu so for the win dows they make block-outside-dns to block windows get dns server from outside openvpn tunnel . that is all windows only . if you not sure just add
push "dhcp-option DNS 192.168.90.1 "
push "block-outside-dns"
if you add this into your server config will send all infor to client and client will only use dns 192.168.90.1 so the risk insecu will be less .
push "dhcp-option DNS 192.168.90.1 "
push "block-outside-dns"
if you add this into your server config will send all infor to client and client will only use dns 192.168.90.1 so the risk insecu will be less .