OpenVPNDNSRouting Registry key not deleting on disconnect

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
DaMiBu
OpenVpn Newbie
Posts: 6
Joined: Thu Jun 01, 2017 9:40 am

OpenVPNDNSRouting Registry key not deleting on disconnect

Post by DaMiBu » Wed Nov 21, 2018 1:00 pm

Hello

When you connect to OpenVPN a key called OpenVPNDNSRouting auto creates which has DNS server settings from the OpenVPN server. When you disconnect this key then auto deletes. (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting)

I have a one client where the key creates on connection but will not never auto delete on when it disconnects from OpenVPN resulting it it still trying to use the OpenVPN DNS servers so nothing will then work as DNS cannot be contacted.

Removing / reinstalling the client does not help.

I have 100's of users who use OpenVPN and issue does not occur anywhere except this one. Next step is to replace the laptop but user is typically travelling so want to avoid this.

In meanwhile the user has a script on their desktop they can run to manually fix when they disconnect "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting /f"

Laptop is Windows 10.

Anyone ever see this?

Image

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by novaflash » Wed Nov 21, 2018 1:05 pm

Doesn't sound familiar at all. Check permissions of the keys, compare with a system that is working normally, see if there's a difference?
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

DaMiBu
OpenVpn Newbie
Posts: 6
Joined: Thu Jun 01, 2017 9:40 am

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by DaMiBu » Tue Feb 05, 2019 11:32 am

This issue is still randomly happening at multiple clients now. I have tested every possible scenario to try emulate and pretty sure it has to do with how the user is ending their session however cannot pin point it.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by novaflash » Wed Feb 06, 2019 11:17 am

I'll let someone here in the company have a look at it and see what we can do from our end about this problem.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

tnapier
OpenVpn Newbie
Posts: 2
Joined: Thu Nov 14, 2019 9:01 pm

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by tnapier » Thu Nov 14, 2019 9:05 pm

This is happening to my users now. Internet connection is very spotty. Google often works while most other webpages don't load. If you troubleshoot the connection in Windows you get a DNS error. The only way to get the user back on the internet is to delete that key. That can be very tricky for a user with no administrator access. Reinstalling or updating does not help.
It's also possible to that when you delete the key OpenVPN will not work properly. At least they can get back on the internet, though.
Has anyone from OpenVPN been able to replicate this issue?

tnapier
OpenVpn Newbie
Posts: 2
Joined: Thu Nov 14, 2019 9:01 pm

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by tnapier » Mon Nov 18, 2019 4:03 pm

I have come up with a preemptive fix for this using PDQ. I'm sure you could figure it out in SCCM. Broadly speaking, I am enabling all users to full control over the 'DnsPolicyConfig' folder that is located just above the registry key in question. Then I am putting a script on their machines that they can run to delete this key. It is a preemptive fix because this stuff has to be pushed to the user while they are on the network/VPN.

First I push SubInACL.exe to every VPN users' Windows\System32 folder. This is the official MS tool for editing registry permissions. It will be used in the next step.
Second I run the command "SUBINACL /keyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" /grant=users=f" on the users' mahcines. With PDQ it's very simple to run commands on user's machines as an admin. They just need to be on the network/VPN.
Finally I copy a .bat file to the users' C:\Scripts folder. It has one line: "REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\OpenVPNDNSRouting-0 /f"

In testing I have found that the user cannot delete OpenVPNDNSRouting from RegEdit because the key does not get installed with Users having Full Control even if they have Full Control of the key folder. They must run the .bat file. They don't need admin permissions, though.

User avatar
AlexS4M
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 06, 2019 6:59 pm

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by AlexS4M » Fri Dec 06, 2019 8:25 pm

Hi All,

Almost the the same bug started to appear on some PCs after the latest Windows 10 Update (+OpenVPN driver was installed), probably something have changed in the way dnscache service works.

Here is the step-by-step solution from Seed4.Me VPN:

Step 1. Open Windows PowerShell as administrator: click START > Windows PowerShell (Admin)

Step 2. Enter the line to remove OpenVPN DNS Policies:
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig /f
Step 3. Enter one more line to reset Windows Firewall configuration:
netsh advfirewall reset
Step 4. Reboot.

You can download premade BAT file to fix the bug here: https://seed4.me/blog/no-internet-windows-update-fix/
(Save as... then Run as admin).

We hope this information will be helpful ;)

amakaresu
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 29, 2020 1:27 pm

(Solved) OpenVPN Client No Internet Access on Windows 10 system.

Post by amakaresu » Wed Jul 29, 2020 1:52 pm

Problem:
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0

Hope this helps someone

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.

Post by TinCanTech » Wed Jul 29, 2020 8:15 pm

I have not experienced this myself but just in case it is a real bug there is now a ticket for it:
https://community.openvpn.net/openvpn/t ... 311#ticket

Thanks for reporting your findings 8-)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.

Post by TinCanTech » Wed Jul 29, 2020 8:20 pm

Which version of OpenVPN are you using ?

amakaresu
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 29, 2020 1:27 pm

Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.

Post by amakaresu » Thu Jul 30, 2020 8:00 am

OpenVPN Connect 2.6.0.100
Access Server 2.6.1

NJManager
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 25, 2020 12:15 pm

Re: (Solved) OpenVPN Client No Internet Access on Windows 10 system.

Post by NJManager » Tue Aug 25, 2020 12:20 pm

amakaresu wrote:
Wed Jul 29, 2020 1:52 pm
Problem:
Sometimes, after an unexpected reboot, there is a chance that the windows computer will stop resolving any dns names on any network other than the organization's network. When connecting, the system writes the message "No internet" in the connection status. This is possible with both domain computers and off-domain computers, with windows 10 and 8 (possibly others too). This problem cannot be solved by resetting network settings, manually naming the dns server, reinstalling the openvpn connect client.
Resolution:
Delete the hive in the registry at HKLM: \\ SYSTEM \ ControlSet001 \ Services \ Dnscache \ Parameters \ DnsPolicyConfig \ OpenVPNDNSRouting-0

Hope this helps someone
This helped me at my firm. A couple of users had this issue, after removing VPN client or disconnecting from VPN, the internet connection was gone.
We could connect through wifi and cable but could not browse, DNS issues.
Everything works fine when in the office but when connected with different network (wifi, cable or mobile) nothing.
After deleting the registry key and rebooting everything was fine.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPNDNSRouting Registry key not deleting on disconnect

Post by novaflash » Tue Sep 01, 2020 10:23 pm

I see reports about this surfacing but also that older software is being used. For example I saw a post from just a month ago from a user that has Access Server 2.6.1 and OpenVPN Connect 2.6.0. This was released over a year and a half ago. I really suggest updating software, it's so important with security software, and it will resolve many issues that are long ago discovered and resolved.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply