OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPN DNS resolution not working

https://forums.openvpn.net/viewtopic.php?t=21678

Page 1 of 1

OpenVPN DNS resolution not working

Posted: Tue May 03, 2016 5:16 pm
by butterslax
I'm currently trying to get a simple OpenVPN setup working and I'm almost there, except for a DNS (or routing) issue I seem to be having.

The client connects to the server just fine, and I can ping both the server (10.8.0.1) and internet IPs (8.8.8.8). The issue comes when I try to resolve any domain names. Here's what happens when the VPN connection is up:

Code: Select all

[test@localhost etc]$ dig www.google.ca

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> www.google.ca
;; global options: +cmd
;; connection timed out; no servers could be reached
[test@localhost etc]$ dig @<client network DNS server> www.google.ca

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @<client network DNS server> www.google.ca
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
[test@localhost etc]$ dig @8.8.8.8 www.google.ca

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @8.8.8.8 www.google.ca
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6453
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.ca.         IN  A

;; ANSWER SECTION:
www.google.ca.      299 IN  A   172.217.1.3

;; Query time: 32 msec
;; SERVER: 8.8.8.8
As far as I know I'm pushing DNS to my client from my server:

Code: Select all

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
And I've also established routes to the client:

Code: Select all

client-config-dir ccd
route <client subnet IP> 255.255.255.0
And in my client file:

Code: Select all

iroute <client subnet IP> 255.255.255.0
My iptables rules on the server:

Code: Select all

*nat
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s <client subnet IP>/24 -o tun0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT

COMMIT
I've enabled ip forwarding in sysctl. Not really sure where to look from here, so any insight would be greatly appreciated.

Re: OpenVPN DNS resolution not working

Posted: Tue May 03, 2016 5:38 pm
by Traffic
Please see the Forum rules (top of this page)

These options do not work for Linux without a client --up script:

Code: Select all

push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

Re: OpenVPN DNS resolution not working

Posted: Tue May 03, 2016 5:40 pm
by butterslax
Traffic wrote:Please see the Forum rules (top of this page)

These options do not work for Linux without a client --up script:

Code: Select all

push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

Awesome -- would you be able to point me in the direction of some documentation on this? My client is Centos 7...

Re: OpenVPN DNS resolution not working

Posted: Tue May 03, 2016 5:58 pm
by Traffic
If you have installed from a decent repo you should find a script called /etc/openvpn/update-resolv-conf ..

Use it like so:
  • Client config:

    Code: Select all

    script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Re: OpenVPN DNS resolution not working

Posted: Wed Aug 24, 2016 9:35 am
by midnight
Traffic wrote:If you have installed from a decent repo you should find a script called /etc/openvpn/update-resolv-conf ..

Use it like so:
  • Client config:

    Code: Select all

    script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Thanks! Your post has solved my problem.

Re: OpenVPN DNS resolution not working

Posted: Thu Aug 31, 2017 11:14 am
by blueguse
I am finding that the dns push works only with the tunnelblick software, but isn't working with other clients. Any thoughts?

Re: OpenVPN DNS resolution not working

Posted: Fri Dec 28, 2018 4:21 pm
by IcedZ
I edited /etc/resolv.conf and added "nameserver 8.8.8.8" - that seemed to fix my issue.

Re: OpenVPN DNS resolution not working

Posted: Fri Dec 28, 2018 6:12 pm
by TinCanTech
IcedZ wrote:
Fri Dec 28, 2018 4:21 pm
 I edited /etc/resolv.conf and added "nameserver 8.8.8.8" - that seemed to fix my issue.
This is not a fix as you will see in /etrc/resolv.conf:

Code: Select all

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/