Mac openvpn connect client not updating DNS domain suffix

Post Reply
olafman1
OpenVpn Newbie
Posts: 8
Joined: Thu Dec 06, 2018 1:13 pm

Mac openvpn connect client not updating DNS domain suffix

Post by olafman1 » Tue May 07, 2019 1:52 pm

I'm looking for tips for troubleshooting the DNS domain not updating in /etc/resolv.conf on a Mac client (10.13.6) when using openvpn connect 2.6.0.103 or 2.7.1.100. The DNS servers do update properly, just not the domain suffix. The domain suffix remains the same as what it was prior to connecting to the VPN instead of updating to the server configed push "dhcp-option DOMAIN vpndomain.com".

If I do nothing except downgrade the openvpn connect client to 2.5.0.136, the DNS domain suffix updates properly when I connect to the VPN, and reverts after disconnecting. I do see in the client log on the Mac that the push "dhcp-option DOMAIN vpndomain.com" is there and I even see it in the MacDNSAction log line.

MacDNSAction: FLAGS=F RD=1 SO=5000 DNS=1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001 DOM=vpndomain.com

So the server is delivering the correct config to the client, the client just isn't fully applying the DNS configuration.

olafman1
OpenVpn Newbie
Posts: 8
Joined: Thu Dec 06, 2018 1:13 pm

Re: Mac openvpn connect client not updating DNS domain suffix

Post by olafman1 » Thu Jun 18, 2020 4:56 pm

I am seeing the same thing on Mac OS (10.15.5) and OpenVPN Connect client 3.1.1.1089. Anyone else experience this? I can still go back to OpenVPN connect client 2.5 and the domain suffix updates properly. The same server config updates the domain suffix properly on iOS devices.

johnstewart
OpenVpn Newbie
Posts: 3
Joined: Tue Sep 29, 2020 2:49 pm

Re: Mac openvpn connect client not updating DNS domain suffix

Post by johnstewart » Tue Sep 29, 2020 3:54 pm

olafman1 - did you ever find a solution to this.

I'm finding the same thing with OpenVPN Connect client 3.2.1 on Windows 10.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8354
Joined: Fri Jun 03, 2016 1:17 pm

Re: Mac openvpn connect client not updating DNS domain suffix

Post by TinCanTech » Tue Sep 29, 2020 4:08 pm

OpenVPN Connect Client, this is not server administration.

olafman1
OpenVpn Newbie
Posts: 8
Joined: Thu Dec 06, 2018 1:13 pm

Re: Mac openvpn connect client not updating DNS domain suffix

Post by olafman1 » Fri Dec 04, 2020 8:21 pm

I am only finding OpenVPN Connect (iOS) and OpenVPN Connect (Android) client forums listed. Is there another more generic OpenVPN Connect (Mac) client forum I can post this question to?

I have yet to figure out a solution even with the latest 3.2.5 client it is doing the same thing.

jimryan
OpenVpn Newbie
Posts: 1
Joined: Fri Jan 08, 2021 2:18 pm

Re: Mac openvpn connect client not updating DNS domain suffix

Post by jimryan » Fri Jan 08, 2021 4:47 pm

I'm having the same issue OpenVPN Client for iOS Version 3.2.2 (3507) and OpenVPN Client for Mac Version 3.2.5 (2468) with OpenVPN server 2.4.9. Tunnelblick 3.8.4a (build 5601) for Mac works as expected with the same server instance. It appears that OpenVPN client fails to update DNS and Search Domains for the client. Manually updating DNS and Search Domain works on a Mac and iOS Wifi (information icon). For iOS cellular a third-party app is required. Be careful if you make the manual updates as subsequent attempts to connect to a host name (not IP) will fail because the client won't be able to resolve the host.

OpenVPN appears to generate the following command to update both the DNS and Domain Search

Code: Select all

/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0add net fc00::: gateway ::1%lo0MacDNSAction: FLAGS=F RD=0 SO=5000 DNS=10.0.0.1 DOM=domain.org ADS=
If I attempt to run this command manually it fails with "net: nodename nor servname provided, or not known".

Manually configuring the server to push DNS and Domain as shown here doesn't help

Code: Select all

push "dhcp-option DNS 10.0.0.1"
push "dhcp-option DOMAIN domain.org"
Redacted Mac client log follows:

Code: Select all

1/8/2021, 10:40:51 AM OpenVPN core 3.git::662eae9a mac x86_64 64-bit built on Nov  4 2020 11:18:22
⏎1/8/2021, 10:40:51 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎1/8/2021, 10:40:51 AM UNUSED OPTIONS
1 [persist-tun] 
2 [persist-key] 
3 [data-ciphers-fallback] [AES-256-CBC] 
5 [tls-client] 
7 [resolv-retry] [infinite] 
9 [verify-x509-name] [Server Certificate] [name] 
12 [keysize] [256] 
14 [link-mtu] [1557] 
⏎1/8/2021, 10:40:51 AM EVENT: RESOLVE ⏎1/8/2021, 10:40:52 AM Contacting xx.xx.xx.xx:1194 via UDP
⏎1/8/2021, 10:40:52 AM UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
	"host" : "xx.xx.xx.xx",
	"ipv6" : false,
	"pid" : 38491
}

⏎1/8/2021, 10:40:52 AM EVENT: WAIT ⏎1/8/2021, 10:40:52 AM Connecting to [host.domain.org]:1194 (xx.xx.xx.xx) via UDPv4
⏎1/8/2021, 10:40:52 AM EVENT: CONNECTING ⏎1/8/2021, 10:40:52 AM Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
⏎1/8/2021, 10:40:52 AM Creds: Username/Password
⏎1/8/2021, 10:40:52 AM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_GUI_VER=OCmacOS_3.2.5-2468
IV_SSO=openurl

⏎1/8/2021, 10:40:52 AM VERIFY OK: depth=0, /CN=Server Certificate/subjectAltName=/C=US/ST=State/L=Location/O=Organization
⏎1/8/2021, 10:40:52 AM SSL Handshake: CN=Server Certificate, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
⏎1/8/2021, 10:40:52 AM EVENT: GET_CONFIG ⏎1/8/2021, 10:40:52 AM Session is ACTIVE
⏎1/8/2021, 10:40:52 AM Sending PUSH_REQUEST to server...
⏎1/8/2021, 10:40:53 AM Sending PUSH_REQUEST to server...
⏎1/8/2021, 10:40:53 AM OPTIONS:
0 [route] [10.0.0.0] [255.255.255.0] 
1 [route] [10.0.1.0] [255.255.255.0] 
2 [dhcp-option] [DOMAIN] [domain.org] 
3 [dhcp-option] [DNS] [10.0.0.1] 
4 [register-dns] 
5 [route-gateway] [10.0.2.1] 
6 [topology] [subnet] 
7 [ping] [10] 
8 [ping-restart] [60] 
9 [ifconfig] [10.0.2.2] [255.255.255.0] 
10 [peer-id] [1] 
11 [cipher] [AES-128-GCM] 
12 [block-ipv6] 

⏎1/8/2021, 10:40:53 AM PROTOCOL OPTIONS:
  cipher: AES-128-GCM
  digest: NONE
  compress: NONE
  peer ID: 1
⏎1/8/2021, 10:40:53 AM TunPersist: short-term connection scope
⏎1/8/2021, 10:40:53 AM TunPersist: new tun context
⏎1/8/2021, 10:40:53 AM CAPTURED OPTIONS:
Session Name: host.domain.org
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: xx.xx.xx.xx
Tunnel Addresses:
  10.0.2.2/24 -> 10.0.2.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: yes
Add Routes:
  10.0.0.0/24
  10.0.1.0/24
Exclude Routes:
DNS Servers:
  10.0.0.1
Search Domains:
  domain.org

⏎1/8/2021, 10:40:53 AM EVENT: ASSIGN_IP ⏎1/8/2021, 10:40:53 AM SetupClient: transmitting tun setup list to /var/run/agent_ovpnconnect.sock
{
	"config" : 
	{
		"iface_name" : "",
		"layer" : "OSI_LAYER_3",
		"tun_prefix" : false
	},
	"pid" : 38491,
	"tun" : 
	{
		"adapter_domain_suffix" : "",
		"add_routes" : 
		[
			{
				"address" : "10.0.0.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			},
			{
				"address" : "10.0.1.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			}
		],
		"block_ipv6" : true,
		"dns_servers" : 
		[
			{
				"address" : "10.0.0.1",
				"ipv6" : false
			}
		],
		"layer" : 3,
		"mtu" : 1500,
		"remote_address" : 
		{
			"address" : "xx.xx.xx.xx",
			"ipv6" : false
		},
		"reroute_gw" : 
		{
			"flags" : 256,
			"ipv4" : false,
			"ipv6" : false
		},
		"route_metric_default" : -1,
		"search_domains" : 
		[
			{
				"domain" : "domain.org"
			}
		],
		"session_name" : "home.domain.org",
		"tunnel_address_index_ipv4" : 0,
		"tunnel_address_index_ipv6" : -1,
		"tunnel_addresses" : 
		[
			{
				"address" : "10.0.2.2",
				"gateway" : "10.0.2.1",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			}
		]
	}
}
POST unix://[/var/run/agent_ovpnconnect.sock]/tun-setup : 200 OK
{
	"iface_name" : "utun4",
	"layer" : "OSI_LAYER_3",
	"tun_prefix" : true
}
/sbin/ifconfig utun4 down
/sbin/ifconfig utun4 10.0.2.2 10.0.2.1 netmask 255.255.255.0 mtu 1500 up
/sbin/route add -net 10.0.2.0 -netmask 255.255.255.0 10.0.2.2
add net 10.0.2.0: gateway 10.0.2.2
/sbin/route add -net 10.0.0.0 -netmask 255.255.255.0 10.0.2.1
add net 10.0.0.0: gateway 10.0.2.1
/sbin/route add -net 10.0.1.0 -netmask 255.255.255.0 10.0.2.1
add net 10.0.1.0: gateway 10.0.2.1
/sbin/route add -net -inet6 2000:: -prefixlen 4 -reject ::1%lo0
add net 2000::: gateway ::1%lo0
/sbin/route add -net -inet6 3000:: -prefixlen 4 -reject ::1%lo0
add net 3000::: gateway ::1%lo0
/sbin/route add -net -inet6 fc00:: -prefixlen 7 -reject ::1%lo0
add net fc00::: gateway ::1%lo0
MacDNSAction: FLAGS=F RD=0 SO=5000 DNS=10.0.0.1 DOM=domain.org ADS=
open utun4 SUCCEEDED
⏎1/8/2021, 10:40:53 AM Connected via utun4
⏎1/8/2021, 10:40:53 AM EVENT: CONNECTED user@host.domain.org:1194 (xx.xx.xx.xx) via /UDPv4 on utun4/10.0.2.2/ gw=[10.0.2.1/]⏎
Last edited by Pippin on Fri Jan 08, 2021 4:52 pm, edited 1 time in total.
Reason: Formatting

Post Reply