getting iOS clients to recognize pushed DNS settings

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
bjsdaiyu
OpenVpn Newbie
Posts: 5
Joined: Sat Mar 15, 2014 3:06 pm

getting iOS clients to recognize pushed DNS settings

Post by bjsdaiyu » Sat Mar 15, 2014 3:30 pm

Hello:

I have been having difficulty getting my iOS OpenVPN client to update its DNS settings in response to DNS transactions routed through the VPN on a per-search-domain basis, as dictated by the following in server.conf:

Code: Select all

push "dhcp-option DNS 10.0.3.1"
push "dhcp-option DOMAIN lan"
It is clear from tcpdump (on the server side, obviously) that the client is performing the per-search-domain resolution correctly:

Code: Select all

# tcpdump 'udp port 53 && host 10.8.0.6' 
// client: "who is 'foo.lan'? -> server: 'foo.lan' is 10.0.3.2"
// no requests for anything but *.lan which is what i want

10:18:07.640564 IP dns.lan.domain > 10.8.0.6.54782: 28038*- 1/1/1 A 10.0.3.2 (81)
10:18:08.670509 IP dns.lan.domain > 10.8.0.6.54782: 28038*- 1/1/1 A 10.0.3.2 (81)
Despite receiving this correct resolution information, the iOS web browser is unable to load resources from "foo.lan", even though it is able to load them from "10.0.3.2". This suggests to me that there is some directive missing from server.conf, my iOS client's config.opvn (which currently contains no routing- or DNS-related directives) or that the iOS VPN client is somehow not passing the resolution information back to the source of the DNS request.

Currently the only way to get the iOS client to resolve *and load* "foo.lan" appears to be to route *all* DNS through the VPN tunnel which I am unwilling to do because of the negative effect on performance. I would very much like to fix this since having to use IP addresses instead of domain names for some cases complicates certificate management. It appears that others have had similar difficulties; the one suggestion I've found, concerning the use of "--register-dns" as a command line option when starting the server, appears to be relevant exclusively in regards to Windows clients.

Thank you for any help you might be able to provide concerning how to enable iOS per-search-domain DNS tunneling using OpenVPN.
Top
bjsdaiyu
OpenVpn Newbie
Posts: 5
Joined: Sat Mar 15, 2014 3:06 pm

Re: getting iOS clients to recognize pushed DNS settings

Post by bjsdaiyu » Sun Mar 16, 2014 6:53 pm

yes - the search-domain rules are working correctly so it will only tunnel DNS requests for *.lan domain - desired behavior, apart from the *.lan resolution information apparently not being communicated back to the client.

EDIT: I should also note I've tried this while disabling my firewall entirely, so it probably isn't that, either.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”