How do I prevent 'block-external-dns' at client?
Posted: Fri Jun 26, 2020 9:24 pm
I am testing a new AWS Client VPN Endpoint setup, which is effectively hosted OpenVPN. As such, I do not have access to the server-side configs (only those options exposed in the AWS console). The problem is that we need to co-exist with the Palo Alto 'GlobalProtect' VPN client and everything I tried with the OpenVPN Connect clients (both v2 / v3) breaks the DNS of the GlobalProtect. I assume this is because the AWS-hosted server is pushing the 'block-external-dns' directive to my clients.
I have tried all the following variations of this client-side directive, without success:
Is there a list of supported client-side directives for both versions of OpenVPN Connect v2 and v3?
And, just to clarify, in every other respect the networking for both VPN clients seems to be working properly. I can even ping my DNS server hosted across GlobalProtect -- I just can't connect to it on port 53 when the OpenVPN Connect client is connected.
Thank you for any suggestions and assistance !
I have tried all the following variations of this client-side directive, without success:
- pull-filter ignore "block-outside-dns"
- pull-filter reject "block-outside-dns"
- pull-filter ignore "block-external-dns"
- pull-filter reject "block-external-dns"
Is there a list of supported client-side directives for both versions of OpenVPN Connect v2 and v3?
And, just to clarify, in every other respect the networking for both VPN clients seems to be working properly. I can even ping my DNS server hosted across GlobalProtect -- I just can't connect to it on port 53 when the OpenVPN Connect client is connected.
Thank you for any suggestions and assistance !