Page 1 of 2
DuckDNS - unable to resolve
Posted: Sun Feb 14, 2016 4:47 pm
by superdx
On iOS (iPhone or iPad), under wifi network (Airport Express), OpenVPN seems to be stuck at at "Looking up DNS name". However on all my OSX machines I'm able to connect to my OpenVPN servers which have DuckDNS hostnames using Tunnelblick as the client (latest version).
I've tried connecting to the same server with iOS Safari and can get to webpages fine, so it doesn't appear to be a DNS look-up problem with iOS and the DuckDNS service.
Adding to the wrinkle, if I switch to a 3G connection (no longer wifi), OpenVPN Connect is able to connect immediately.
I'm at a loss to pinpoint the source problem, any ideas? Below is the log file while connected to wifi:
Code: Select all
2016-02-15 00:44:47 LZO-ASYM init swap=0 asym=0
2016-02-15 00:44:47 EVENT: RESOLVE
2016-02-15 00:44:57 Server poll timeout, trying next remote entry...
2016-02-15 00:44:57 EVENT: RECONNECTING
2016-02-15 00:44:57 LZO-ASYM init swap=0 asym=0
2016-02-15 00:44:57 EVENT: RESOLVE
2016-02-15 00:45:07 Server poll timeout, trying next remote entry...
2016-02-15 00:45:07 EVENT: RECONNECTING
2016-02-15 00:45:07 LZO-ASYM init swap=0 asym=0
2016-02-15 00:45:07 EVENT: RESOLVE
2016-02-15 00:45:17 Server poll timeout, trying next remote entry...
2016-02-15 00:45:17 EVENT: RECONNECTING
2016-02-15 00:45:17 LZO-ASYM init swap=0 asym=0
2016-02-15 00:45:17 EVENT: RESOLVE
Re: DuckDNS - unable to resolve
Posted: Mon Feb 15, 2016 2:55 pm
by superdx
Add to this, took my iPad to a restaurant that had free wifi. Was able to connect fine and get on Google and Facebook. OpenVPN Connect was not able to connect to my servers, but again switching to 3G, it immediately connected.
Seems like there's handling differences when the connection source is changed.
Re: DuckDNS - unable to resolve
Posted: Mon Feb 15, 2016 5:00 pm
by Traffic
Some free wifi block you from using VPN in order to steal your information ..
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 12:26 am
by superdx
That's a reasonable assumption, though it was a small family restaurant so I doubt they have a "network admin" working on their payroll. It first happened on my home wifi which is not restricted either.
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 1:09 am
by Traffic
Perhaps their ISP does not offer full services ..
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 1:10 am
by superdx
I'm not sure you can buy those kinds of internet services in my city
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 1:13 am
by superdx
My home internet I can connect fine on Mac using Tunnelblick as a client. The same configuration files imported verbatim fail on all iOS devices (iPad, iPhone, iPad Pro)
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 10:38 am
by Traffic
Can you ping your duckdns-name without using openvpn from all your different devices ?
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 5:15 pm
by superdx
Yep I can, even downloaded a ping app for iOS
Re: DuckDNS - unable to resolve
Posted: Tue Feb 16, 2016 9:37 pm
by Traffic
Which means
all of your devices have working DNS .. and can locate IP address for your DNS name.
Which probably indicates that some of the places you try to connect to your VPN from block you.
Try running your VPN server with:
and try from those places again.
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:15 am
by superdx
haha, I've repeated this a couple times, but I'll do it one more time!
My Macs & Windows PCs, on the same networks, can connect to OpenVPN servers fine.
Only iOS devices cannot. On the same networks.
So it's not the network blocking.
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:16 am
by superdx
Let me also add, Android devices (I just tried this) can connect fine. iOS still stuck at resolving DNS.
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:24 am
by Traffic
You really have not provided any details .. so .. check your DNS settings.
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:33 am
by superdx
Here's my iOS log, all I've done is remove the hostname. You can see the 1st entry where it can connect and then where it cannot. That is when I switch from 3G to wifi.
I'll repeat.
On those same wifi networks, my Macs and Android devices can connect fine.
Code: Select all
2016-02-15 00:42:00 LZO-ASYM init swap=0 asym=0
2016-02-15 00:42:00 EVENT: ASSIGN_IP
2016-02-15 00:42:00 Connected via tun
2016-02-15 00:42:00 EVENT: CONNECTED @****.duckdns.org:1194 (**.**.**.**) via /UDPv4 on tun/10.8.0.6/
2016-02-15 00:42:00 SetStatus Connected
2016-02-15 00:42:50 TUN reset routes
2016-02-15 00:42:50 EVENT: DISCONNECTED
2016-02-15 00:42:50 Raw stats on disconnect:
BYTES_IN : 5991
BYTES_OUT : 17198
PACKETS_IN : 56
PACKETS_OUT : 185
TUN_BYTES_IN : 6768
TUN_BYTES_OUT : 1293
TUN_PACKETS_IN : 141
TUN_PACKETS_OUT : 13
N_RECONNECT : 4
2016-02-15 00:42:50 Performance stats on disconnect:
CPU usage (microseconds): 122671
Tunnel compression ratio (uplink): 2.54108
Tunnel compression ratio (downlink): 4.63341
Network bytes per CPU second: 189034
Tunnel bytes per CPU second: 65712
2016-02-15 00:42:50 ----- OpenVPN Stop -----
2016-02-15 00:44:47 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2016-02-15 00:44:47 UNUSED OPTIONS
4 [nobind]
5 [persist-key]
6 [persist-tun]
13 [verb] [3]
2016-02-15 00:44:47 LZO-ASYM init swap=0 asym=0
2016-02-15 00:44:47 EVENT: RESOLVE
2016-02-15 00:44:57 Server poll timeout, trying next remote entry...
2016-02-15 00:44:57 EVENT: RECONNECTING
2016-02-15 00:44:57 LZO-ASYM init swap=0 asym=0
2016-02-15 00:44:57 EVENT: RESOLVE
2016-02-15 00:45:07 Server poll timeout, trying next remote entry...
2016-02-15 00:45:07 EVENT: RECONNECTING
2016-02-15 00:45:07 LZO-ASYM init swap=0 asym=0
2016-02-15 00:45:07 EVENT: RESOLVE
2016-02-15 00:45:17 Server poll timeout, trying next remote entry...
2016-02-15 00:45:17 EVENT: RECONNECTING
2016-02-15 00:45:17 LZO-ASYM init swap=0 asym=0
2016-02-15 00:45:17 EVENT: RESOLVE
2016-02-15 00:45:27 Server poll timeout, trying next remote entry...
2016-02-15 00:45:27 EVENT: RECONNECTING
2016-02-15 00:45:27 LZO-ASYM init swap=0 asym=0
2016-02-15 00:45:27 EVENT: RESOLVE
2016-02-15 00:45:37 Server poll timeout, trying next remote entry...
2016-02-15 00:45:37 EVENT: RECONNECTING
2016-02-15 00:45:37 LZO-ASYM init swap=0 asym=0
2016-02-15 00:45:37 EVENT: RESOLVE
2016-02-15 00:45:47 EVENT: CONNECTION_TIMEOUT [ERR]
2016-02-15 00:45:47 EVENT: DISCONNECTED
2016-02-15 00:45:48 Raw stats on disconnect:
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2016-02-15 00:45:48 Performance stats on disconnect:
CPU usage (microseconds): 19070
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2016-02-15 00:45:48 EVENT: DISCONNECT_PENDING
2016-02-15 00:45:48 ----- OpenVPN Stop -----
2016-02-16 08:49:51 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2016-02-16 08:49:51 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [3]
2016-02-16 08:49:51 LZO-ASYM init swap=0 asym=0
2016-02-16 08:49:51 EVENT: RESOLVE
2016-02-16 08:50:01 Server poll timeout, trying next remote entry...
2016-02-16 08:50:01 EVENT: RECONNECTING
2016-02-16 08:50:01 LZO-ASYM init swap=0 asym=0
2016-02-16 08:50:01 EVENT: RESOLVE
2016-02-16 08:50:11 Server poll timeout, trying next remote entry...
2016-02-16 08:50:11 EVENT: RECONNECTING
2016-02-16 08:50:11 LZO-ASYM init swap=0 asym=0
2016-02-16 08:50:11 EVENT: RESOLVE
2016-02-16 08:50:22 Server poll timeout, trying next remote entry...
2016-02-16 08:50:22 EVENT: RECONNECTING
2016-02-16 08:50:22 LZO-ASYM init swap=0 asym=0
2016-02-16 08:50:22 EVENT: RESOLVE
2016-02-16 08:50:32 Server poll timeout, trying next remote entry...
2016-02-16 08:50:32 EVENT: RECONNECTING
2016-02-16 08:50:32 LZO-ASYM init swap=0 asym=0
2016-02-16 08:50:32 EVENT: RESOLVE
2016-02-16 08:50:42 Server poll timeout, trying next remote entry...
2016-02-16 08:50:42 EVENT: RECONNECTING
2016-02-16 08:50:42 LZO-ASYM init swap=0 asym=0
2016-02-16 08:50:42 EVENT: RESOLVE
2016-02-16 08:50:51 EVENT: CONNECTION_TIMEOUT [ERR]
2016-02-16 08:50:51 EVENT: DISCONNECTED
2016-02-16 08:50:52 Raw stats on disconnect:
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2016-02-16 08:50:52 Performance stats on disconnect:
CPU usage (microseconds): 24300
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2016-02-16 08:50:52 EVENT: DISCONNECT_PENDING
2016-02-16 08:50:52 ----- OpenVPN Stop -----
2016-02-16 08:50:54 ----- OpenVPN Start -----
OpenVPN core 3.0 ios arm64 64-bit
2016-02-16 08:50:54 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [3]
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:46 am
by superdx
Here's a Tunneblick log
on the same wifi network which can connect fine.
Code: Select all
2016-02-17 09:43:38 *Tunnelblick: openvpnstart starting OpenVPN
2016-02-17 09:43:38 *Tunnelblick: OS X 10.11.3; Tunnelblick 3.5.5 (build 4270.4461); prior version 3.5.3 (build 4270.4371)
2016-02-17 09:43:38 *Tunnelblick: Attempting connection with ****; Set nameserver = 1; monitoring connection
2016-02-17 09:43:38 *Tunnelblick: openvpnstart start ****.tblk 1339 1 0 3 0 16688 -ptADGNWradsgnw 2.3.6
2016-02-17 09:43:39 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-S****.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_16688.1339.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/****.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Shared/****.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Shared/****.tblk/Contents/Resources
--management
127.0.0.1
1339
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
2016-02-17 09:43:39 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Dec 4 2015
2016-02-17 09:43:39 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.08
2016-02-17 09:43:39 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1339
2016-02-17 09:43:39 Need hold release from management interface, waiting...
2016-02-17 09:43:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1339
2016-02-17 09:43:39 MANAGEMENT: CMD 'pid'
2016-02-17 09:43:39 MANAGEMENT: CMD 'state on'
2016-02-17 09:43:39 MANAGEMENT: CMD 'state'
2016-02-17 09:43:39 MANAGEMENT: CMD 'bytecount 1'
2016-02-17 09:43:39 MANAGEMENT: CMD 'hold release'
2016-02-17 09:43:40 *Tunnelblick: Established communication with OpenVPN
2016-02-17 09:43:40 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-02-17 09:43:40 Socket Buffers: R=[196724->65536] S=[9216->65536]
2016-02-17 09:43:40 MANAGEMENT: >STATE:1455673420,RESOLVE,,,
2016-02-17 09:43:40 UDPv4 link local: [undef]
2016-02-17 09:43:40 UDPv4 link remote: [AF_INET]121.202.54.165:1194
2016-02-17 09:43:40 MANAGEMENT: >STATE:1455673420,WAIT,,,
2016-02-17 09:43:41 MANAGEMENT: >STATE:1455673421,AUTH,,,
2016-02-17 09:43:41 TLS: Initial packet from [AF_INET]121.202.54.165:1194, sid=eecdd8ff 2b1f17a0
2016-02-17 09:43:42 VERIFY OK: depth=1, C=CN, ST=NA, L=****, O=FT, OU=Software, CN=****.ddns.net, name=Name, emailAddress=***@***.com
2016-02-17 09:43:42 VERIFY OK: nsCertType=SERVER
2016-02-17 09:43:42 VERIFY OK: depth=0, C=CN, ST=NA, L=****, O=FT, OU=Software, CN=****.ddns.net, name=Name, emailAddress=***@***.com
2016-02-17 09:43:43 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-17 09:43:43 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-17 09:43:43 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-02-17 09:43:43 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-02-17 09:43:43 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2016-02-17 09:43:43 [****.ddns.net] Peer Connection Initiated with [AF_INET]121.202.54.165:1194
2016-02-17 09:43:44 MANAGEMENT: >STATE:1455673424,GET_CONFIG,,,
2016-02-17 09:43:45 SENT CONTROL [****.ddns.net]: 'PUSH_REQUEST' (status=1)
2016-02-17 09:43:45 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
2016-02-17 09:43:45 OPTIONS IMPORT: timers and/or timeouts modified
2016-02-17 09:43:45 OPTIONS IMPORT: --ifconfig/up options modified
2016-02-17 09:43:45 OPTIONS IMPORT: route options modified
2016-02-17 09:43:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2016-02-17 09:43:45 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2016-02-17 09:43:45 Opened utun device utun2
2016-02-17 09:43:45 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-02-17 09:43:45 MANAGEMENT: >STATE:1455673425,ASSIGN_IP,,10.8.0.10,
2016-02-17 09:43:45 /sbin/ifconfig utun2 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2016-02-17 09:43:45 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2016-02-17 09:43:45 /sbin/ifconfig utun2 10.8.0.10 10.8.0.9 mtu 1500 netmask 255.255.255.255 up
2016-02-17 09:43:45 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw utun2 1500 1558 10.8.0.10 10.8.0.9 init
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
DNS servers '10.0.1.1' will be used for DNS queries when the VPN is active
The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2016-02-17 09:43:47 MANAGEMENT: >STATE:1455673427,ADD_ROUTES,,,
2016-02-17 09:43:47 /sbin/route add -net 10.8.0.1 10.8.0.9 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.9
2016-02-17 09:43:47 Initialization Sequence Completed
2016-02-17 09:43:47 MANAGEMENT: >STATE:1455673427,CONNECTED,SUCCESS,10.8.0.10,121.202.54.165
2016-02-17 09:43:48 *Tunnelblick: No 'connected.sh' script to execute
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:51 am
by Traffic
superdx wrote:That is when I switch from 3G to wifi
check your DNS settings when you
switch ..
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:53 am
by superdx
I use Google DNS on wifi, 3G uses the carrier DNS.
Surely Google DNS is not blocking OpenVPN.
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 1:59 am
by Traffic
Check your DNS setting when you switch ..
OpenVPN relies on your DNS server to resolve the host name.
Your DNS is not working when you switch ..
* If anybody else can offer some words of wisdom .. take it away *
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 2:06 am
by superdx
What am I looking for exactly?
Here's the DNS on my iPhone which is pointing to my router:
And here's the DNS on my router:
Re: DuckDNS - unable to resolve
Posted: Wed Feb 17, 2016 2:12 am
by Traffic
Your DNS server is 10.0.1.1 ..
but you cannot contact 10.0.1.1 because you are not connected to your VPN.