dhcp-option DNS not working
Posted: Thu Feb 04, 2016 5:57 pm
Hi,
I use openvpn with my mikrotik router for about some month now. It worked perfectly since day one. But since today my iphone won't update the DNS anymore. Forwarding IP works. On other OS (such as OS X) it still works like a charm. I did not change my config intentionally. However, I made an update of my mikrotik a few days ago. But I believe that should not make a difference as the relevant config is client side. (And the other OS are still working perfectly.)
I use the most recent IOS (9.2.1).
Any suggestions?
Have a nice day,
Sven
My client config:
dev tun
proto tcp-client
remote x.x.x.x
tls-client
(END)
#comp-lzo # Do not use compression.
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher BF-CBC
pull
route 10.0.4.0 255.255.255.0
route 10.0.5.0 255.255.255.0
route 10.10.10.0 255.255.255.0
route 10.10.20.0 255.255.255.0
route 10.10.30.0 255.255.255.0
route 10.10.40.0 255.255.255.0
route 10.10.50.0 255.255.255.0
dhcp-option DNS 10.10.50.53
dhcp-option DOMAIN x.lab
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
x
-----END CERTIFICATE-----
</ca>
log:
2016-02-04 16:55:38 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2016-02-04 16:55:38 UNUSED OPTIONS
3 [tls-client]
6 [ping-timer-rem]
7 [persist-tun]
8 [persist-key]
9 [mute-replay-warnings]
10 [verb] [3]
12 [pull]
2016-02-04 16:55:38 EVENT: RESOLVE
2016-02-04 16:55:38 Contacting x.x.x.x:1194 via TCP
2016-02-04 16:55:38 EVENT: WAIT
2016-02-04 16:55:38 SetTunnelSocket returned 1
2016-02-04 16:55:38 Connecting to x.x.x.x:1194 (x) via TCPv4
2016-02-04 16:55:38 EVENT: CONNECTING
2016-02-04 16:55:38 Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-02-04 16:55:38 Creds: Username/Password
2016-02-04 16:55:38 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
2016-02-04 16:55:38 VERIFY OK: depth=1
cert. version : 3
serial number : DD:AF:5C:E7:6A:57:44:2A
issuer name : x
subject name : x
issued on : 2015-11-21 14:39:26
expires on : 2025-11-18 14:39:26
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2016-02-04 16:55:38 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : x
subject name : x
issued on : 2015-11-21 14:41:40
expires on : 2025-11-18 14:41:40
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : mikrotik
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-02-04 16:55:38 SSL Handshake: TLSv1.2/TLS-RSA-WITH-AES-256-GCM-SHA384
2016-02-04 16:55:38 Session is ACTIVE
2016-02-04 16:55:38 EVENT: GET_CONFIG
2016-02-04 16:55:38 Sending PUSH_REQUEST to server...
2016-02-04 16:55:39 Sending PUSH_REQUEST to server...
2016-02-04 16:55:41 Sending PUSH_REQUEST to server...
2016-02-04 16:55:41 OPTIONS:
0 [route] [10.0.4.0] [255.255.255.0]
1 [route] [10.0.5.0] [255.255.255.0]
2 [route] [10.10.10.0] [255.255.255.0]
3 [route] [10.10.20.0] [255.255.255.0]
4 [route] [10.10.30.0] [255.255.255.0]
5 [route] [10.10.40.0] [255.255.255.0]
6 [route] [10.10.50.0] [255.255.255.0]
7 [ping] [28800]
8 [ping-restart] [86400]
9 [topology] [subnet]
10 [route-gateway] [10.10.100.1]
11 [ifconfig] [10.10.100.252] [255.255.255.0]
2016-02-04 16:55:41 EVENT: ASSIGN_IP
2016-02-04 16:55:41 TunPersist: saving tun context:
Session Name: 213.178.90.1
Remote Address: 213.178.90.1
Tunnel Addresses:
10.10.100.252/24 -> 10.10.100.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.0.4.0/24
10.0.5.0/24
10.10.10.0/24
10.10.20.0/24
10.10.30.0/24
10.10.40.0/24
10.10.50.0/24
Exclude Routes:
DNS Servers:
Search Domains:
2016-02-04 16:55:41 Connected via tun
2016-02-04 16:55:41 EVENT: CONNECTED sw@213.178.90.1:1194 (213.178.90.1) via /TCPv4 on tun/10.10.100.252/
2016-02-04 16:55:41 SetStatus Connected
2016-02-04 16:57:30 TUN reset routes
2016-02-04 16:57:30 EVENT: DISCONNECTED
2016-02-04 16:57:30 Raw stats on disconnect:
BYTES_IN : 1970966
BYTES_OUT : 175956
PACKETS_IN : 1392
PACKETS_OUT : 1248
TUN_BYTES_IN : 127497
TUN_BYTES_OUT : 1910988
TUN_PACKETS_IN : 1236
TUN_PACKETS_OUT : 1466
2016-02-04 16:57:30 Performance stats on disconnect:
CPU usage (microseconds): 291414
Tunnel compression ratio (uplink): 1.38008
Tunnel compression ratio (downlink): 1.03139
Network bytes per CPU second: 7367257
Tunnel bytes per CPU second: 6995151
2016-02-04 16:57:30 ----- OpenVPN Stop -----
I use openvpn with my mikrotik router for about some month now. It worked perfectly since day one. But since today my iphone won't update the DNS anymore. Forwarding IP works. On other OS (such as OS X) it still works like a charm. I did not change my config intentionally. However, I made an update of my mikrotik a few days ago. But I believe that should not make a difference as the relevant config is client side. (And the other OS are still working perfectly.)
I use the most recent IOS (9.2.1).
Any suggestions?
Have a nice day,
Sven
My client config:
dev tun
proto tcp-client
remote x.x.x.x
tls-client
(END)
#comp-lzo # Do not use compression.
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher BF-CBC
pull
route 10.0.4.0 255.255.255.0
route 10.0.5.0 255.255.255.0
route 10.10.10.0 255.255.255.0
route 10.10.20.0 255.255.255.0
route 10.10.30.0 255.255.255.0
route 10.10.40.0 255.255.255.0
route 10.10.50.0 255.255.255.0
dhcp-option DNS 10.10.50.53
dhcp-option DOMAIN x.lab
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
x
-----END CERTIFICATE-----
</ca>
log:
2016-02-04 16:55:38 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2016-02-04 16:55:38 UNUSED OPTIONS
3 [tls-client]
6 [ping-timer-rem]
7 [persist-tun]
8 [persist-key]
9 [mute-replay-warnings]
10 [verb] [3]
12 [pull]
2016-02-04 16:55:38 EVENT: RESOLVE
2016-02-04 16:55:38 Contacting x.x.x.x:1194 via TCP
2016-02-04 16:55:38 EVENT: WAIT
2016-02-04 16:55:38 SetTunnelSocket returned 1
2016-02-04 16:55:38 Connecting to x.x.x.x:1194 (x) via TCPv4
2016-02-04 16:55:38 EVENT: CONNECTING
2016-02-04 16:55:38 Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-02-04 16:55:38 Creds: Username/Password
2016-02-04 16:55:38 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
2016-02-04 16:55:38 VERIFY OK: depth=1
cert. version : 3
serial number : DD:AF:5C:E7:6A:57:44:2A
issuer name : x
subject name : x
issued on : 2015-11-21 14:39:26
expires on : 2025-11-18 14:39:26
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2016-02-04 16:55:38 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : x
subject name : x
issued on : 2015-11-21 14:41:40
expires on : 2025-11-18 14:41:40
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : mikrotik
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-02-04 16:55:38 SSL Handshake: TLSv1.2/TLS-RSA-WITH-AES-256-GCM-SHA384
2016-02-04 16:55:38 Session is ACTIVE
2016-02-04 16:55:38 EVENT: GET_CONFIG
2016-02-04 16:55:38 Sending PUSH_REQUEST to server...
2016-02-04 16:55:39 Sending PUSH_REQUEST to server...
2016-02-04 16:55:41 Sending PUSH_REQUEST to server...
2016-02-04 16:55:41 OPTIONS:
0 [route] [10.0.4.0] [255.255.255.0]
1 [route] [10.0.5.0] [255.255.255.0]
2 [route] [10.10.10.0] [255.255.255.0]
3 [route] [10.10.20.0] [255.255.255.0]
4 [route] [10.10.30.0] [255.255.255.0]
5 [route] [10.10.40.0] [255.255.255.0]
6 [route] [10.10.50.0] [255.255.255.0]
7 [ping] [28800]
8 [ping-restart] [86400]
9 [topology] [subnet]
10 [route-gateway] [10.10.100.1]
11 [ifconfig] [10.10.100.252] [255.255.255.0]
2016-02-04 16:55:41 EVENT: ASSIGN_IP
2016-02-04 16:55:41 TunPersist: saving tun context:
Session Name: 213.178.90.1
Remote Address: 213.178.90.1
Tunnel Addresses:
10.10.100.252/24 -> 10.10.100.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.0.4.0/24
10.0.5.0/24
10.10.10.0/24
10.10.20.0/24
10.10.30.0/24
10.10.40.0/24
10.10.50.0/24
Exclude Routes:
DNS Servers:
Search Domains:
2016-02-04 16:55:41 Connected via tun
2016-02-04 16:55:41 EVENT: CONNECTED sw@213.178.90.1:1194 (213.178.90.1) via /TCPv4 on tun/10.10.100.252/
2016-02-04 16:55:41 SetStatus Connected
2016-02-04 16:57:30 TUN reset routes
2016-02-04 16:57:30 EVENT: DISCONNECTED
2016-02-04 16:57:30 Raw stats on disconnect:
BYTES_IN : 1970966
BYTES_OUT : 175956
PACKETS_IN : 1392
PACKETS_OUT : 1248
TUN_BYTES_IN : 127497
TUN_BYTES_OUT : 1910988
TUN_PACKETS_IN : 1236
TUN_PACKETS_OUT : 1466
2016-02-04 16:57:30 Performance stats on disconnect:
CPU usage (microseconds): 291414
Tunnel compression ratio (uplink): 1.38008
Tunnel compression ratio (downlink): 1.03139
Network bytes per CPU second: 7367257
Tunnel bytes per CPU second: 6995151
2016-02-04 16:57:30 ----- OpenVPN Stop -----