OpenVPNDNSRouting Registry key not deleting on disconnect
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Jun 01, 2017 9:40 am
OpenVPNDNSRouting Registry key not deleting on disconnect
Hello
When you connect to OpenVPN a key called OpenVPNDNSRouting auto creates which has DNS server settings from the OpenVPN server. When you disconnect this key then auto deletes. (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting)
I have a one client where the key creates on connection but will not never auto delete on when it disconnects from OpenVPN resulting it it still trying to use the OpenVPN DNS servers so nothing will then work as DNS cannot be contacted.
Removing / reinstalling the client does not help.
I have 100's of users who use OpenVPN and issue does not occur anywhere except this one. Next step is to replace the laptop but user is typically travelling so want to avoid this.
In meanwhile the user has a script on their desktop they can run to manually fix when they disconnect "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting /f"
Laptop is Windows 10.
Anyone ever see this?
When you connect to OpenVPN a key called OpenVPNDNSRouting auto creates which has DNS server settings from the OpenVPN server. When you disconnect this key then auto deletes. (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting)
I have a one client where the key creates on connection but will not never auto delete on when it disconnects from OpenVPN resulting it it still trying to use the OpenVPN DNS servers so nothing will then work as DNS cannot be contacted.
Removing / reinstalling the client does not help.
I have 100's of users who use OpenVPN and issue does not occur anywhere except this one. Next step is to replace the laptop but user is typically travelling so want to avoid this.
In meanwhile the user has a script on their desktop they can run to manually fix when they disconnect "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting /f"
Laptop is Windows 10.
Anyone ever see this?
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
Doesn't sound familiar at all. Check permissions of the keys, compare with a system that is working normally, see if there's a difference?
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Jun 01, 2017 9:40 am
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
This issue is still randomly happening at multiple clients now. I have tested every possible scenario to try emulate and pretty sure it has to do with how the user is ending their session however cannot pin point it.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
I'll let someone here in the company have a look at it and see what we can do from our end about this problem.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Nov 14, 2019 9:01 pm
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
This is happening to my users now. Internet connection is very spotty. Google often works while most other webpages don't load. If you troubleshoot the connection in Windows you get a DNS error. The only way to get the user back on the internet is to delete that key. That can be very tricky for a user with no administrator access. Reinstalling or updating does not help.
It's also possible to that when you delete the key OpenVPN will not work properly. At least they can get back on the internet, though.
Has anyone from OpenVPN been able to replicate this issue?
It's also possible to that when you delete the key OpenVPN will not work properly. At least they can get back on the internet, though.
Has anyone from OpenVPN been able to replicate this issue?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Nov 14, 2019 9:01 pm
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
I have come up with a preemptive fix for this using PDQ. I'm sure you could figure it out in SCCM. Broadly speaking, I am enabling all users to full control over the 'DnsPolicyConfig' folder that is located just above the registry key in question. Then I am putting a script on their machines that they can run to delete this key. It is a preemptive fix because this stuff has to be pushed to the user while they are on the network/VPN.
First I push SubInACL.exe to every VPN users' Windows\System32 folder. This is the official MS tool for editing registry permissions. It will be used in the next step.
Second I run the command "SUBINACL /keyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" /grant=users=f" on the users' mahcines. With PDQ it's very simple to run commands on user's machines as an admin. They just need to be on the network/VPN.
Finally I copy a .bat file to the users' C:\Scripts folder. It has one line: "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting-0 /f"
In testing I have found that the user cannot delete OpenVPNDNSRouting from RegEdit because the key does not get installed with Users having Full Control even if they have Full Control of the key folder. They must run the .bat file. They don't need admin permissions, though.
First I push SubInACL.exe to every VPN users' Windows\System32 folder. This is the official MS tool for editing registry permissions. It will be used in the next step.
Second I run the command "SUBINACL /keyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" /grant=users=f" on the users' mahcines. With PDQ it's very simple to run commands on user's machines as an admin. They just need to be on the network/VPN.
Finally I copy a .bat file to the users' C:\Scripts folder. It has one line: "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting-0 /f"
In testing I have found that the user cannot delete OpenVPNDNSRouting from RegEdit because the key does not get installed with Users having Full Control even if they have Full Control of the key folder. They must run the .bat file. They don't need admin permissions, though.
- AlexS4M
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Dec 06, 2019 6:59 pm
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
Hi All,
Almost the the same bug started to appear on some PCs after the latest Windows 10 Update (+OpenVPN driver was installed), probably something have changed in the way dnscache service works.
Here is the step-by-step solution from Seed4.Me VPN:
Step 1. Open Windows PowerShell as administrator: click START > Windows PowerShell (Admin)
Step 2. Enter the line to remove OpenVPN DNS Policies:
You can download premade BAT file to fix the bug here: https://seed4.me/blog/no-internet-windows-update-fix/
(Save as... then Run as admin).
We hope this information will be helpful
Almost the the same bug started to appear on some PCs after the latest Windows 10 Update (+OpenVPN driver was installed), probably something have changed in the way dnscache service works.
Here is the step-by-step solution from Seed4.Me VPN:
Step 1. Open Windows PowerShell as administrator: click START > Windows PowerShell (Admin)
Step 2. Enter the line to remove OpenVPN DNS Policies:
Step 3. Enter one more line to reset Windows Firewall configuration:reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig /f
Step 4. Reboot.netsh advfirewall reset
You can download premade BAT file to fix the bug here: https://seed4.me/blog/no-internet-windows-update-fix/
(Save as... then Run as admin).
We hope this information will be helpful
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jul 29, 2020 1:27 pm
(Solved) OpenVPN Client No Internet Access on Windows 10 system.
Problem:
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0
Hope this helps someone
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0
Hope this helps someone
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.
I have not experienced this myself but just in case it is a real bug there is now a ticket for it:
https://community.openvpn.net/openvpn/t ... 311#ticket
Thanks for reporting your findings
https://community.openvpn.net/openvpn/t ... 311#ticket
Thanks for reporting your findings
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.
Which version of OpenVPN are you using ?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jul 29, 2020 1:27 pm
Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.
OpenVPN Connect 2.6.0.100
Access Server 2.6.1
Access Server 2.6.1
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Aug 25, 2020 12:15 pm
Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.
This helped me at my firm. A couple of users had this issue, after removing VPN client or disconnecting from VPN, the internet connection was gone.amakaresu wrote: ↑Wed Jul 29, 2020 1:52 pmProblem:
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0
Hope this helps someone
We could connect through wifi and cable but could not browse, DNS issues.
Everything works fine when in the office but when connected with different network (wifi, cable or mobile) nothing.
After deleting the registry key and rebooting everything was fine.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPNDNSRouting Registry key not deleting on disconnect
I see reports about this surfacing but also that older software is being used. For example I saw a post from just a month ago from a user that has Access Server 2.6.1 and OpenVPN Connect 2.6.0. This was released over a year and a half ago. I really suggest updating software, it's so important with security software, and it will resolve many issues that are long ago discovered and resolved.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.