OpenVPN Support Forum

Posted: **Tue Oct 27, 2020 1:44 pm**

Hello!
I'm having a really strange problem with DNS when connected thru OpenVPN

The OPENVPN server is an EdgeRouter, DNS server is a WS2012 machine.

When I'm connected the DNS server is replaced with the remote one (192.168.0.10) but for some reason it seems to reply correctly only at queries that asks for "external" destinations (for example google.com) but not internal ones (for example "fileserver", one of our servers).

Here's an example, captured with wireshark (I removed IPs and domain name):

Code: Select all

No.,"Time","Source","Destination","Protocol","Length","Info"
1,"0.000000","172.16.1.2","192.168.0.10","DNS","85","Standard query 0x0001 PTR 10.0.168.192.in-addr.arpa"
2,"0.096566","192.168.0.10","172.16.1.2","DNS","220","Standard query response 0x0001 PTR 10.0.168.192.in-addr.arpa PTR dc.domain.local"
3,"0.104897","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0002 A google.com"
4,"0.176800","192.168.0.10","172.16.1.2","DNS","158","Standard query response 0x0002 A google.com A 216.58.209.46"
5,"0.182976","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0003 AAAA google.com"
6,"0.296723","192.168.0.10","172.16.1.2","DNS","182","Standard query response 0x0003 AAAA google.com AAAA 2a00:1450:4002:809::200e"
7,"3.139653","172.16.1.2","192.168.0.10","DNS","85","Standard query 0x0001 PTR 10.0.168.192.in-addr.arpa"
8,"3.216795","192.168.0.10","172.16.1.2","DNS","220","Standard query response 0x0001 PTR 10.0.168.192.in-addr.arpa PTR dc.domain.local"
9,"3.227870","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0002 A fileserver"
10,"3.304453","192.168.0.10","172.16.1.2","DNS","126","Standard query response 0x0002 Server failure A fileserver"
11,"3.305028","172.16.1.2","192.168.0.10","DNS","70","Standard query 0x0003 AAAA fileserver"
12,"3.376944","192.168.0.10","172.16.1.2","DNS","126","Standard query response 0x0003 Server failure AAAA fileserver"

"Google.com" is translated fine, "fileserver" fails! On a local PC the same query works with no problem.

Here is the OVPN file I'm using for clients:

Client config

client
dev tun
proto udp
remote xxxxxxxxxx 1194
float
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
dhcp-option DNS 192.168.0.10
register-dns
block-outside-dns
ca cacert.pem
cert xxxxxxxxxx.pem
key xxxxxxxxxx.key

Any help would be greatly appreciated

Posted: **Tue Oct 27, 2020 2:14 pm**

so you want the same access as lan on local domain? sometime on vpn people use split dns to make it work on external access and vpn access .

Posted: **Tue Oct 27, 2020 3:20 pm**

This has nothing to do with openvpn.

Posted: **Tue Oct 27, 2020 3:27 pm**

Indeed, connection works, problem is DNS.
Moving to off topic.

Posted: **Sun Nov 01, 2020 10:46 pm**

Hello everyone!
I can confirm that if in place of querying "fileserver" I ask for "fileserver.DOMAIN.local" it works, so it's mainly my configuration of WS DNS service! But still there's something that doesnt work with OpenVPN Connect.

I tried to add to my OVPN the line "dhcp-option DOMAIN xxxx.local" but doing so breaks the DNS registration in Windows, without that option when I connect the DNS server is automatically replaced with the one I chose with the "dhcp-option DNS" line.

To be more precise witohut the DOMAIN option the DNS shows as follow:

Code: Select all

Server DNS . . . . . . . . . . . . .  : 192.168.0.10

With it in place it shows as:

Code: Select all

   Server DNS . . . . . . . . . . . . .  : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1

Do you guys have the same issue? Is it something I'm doing wrong?

Posted: **Sun Nov 01, 2020 11:15 pm**

Giazzi wrote: ↑
Sun Nov 01, 2020 10:46 pm
But still there's something that doesnt work with OpenVPN Connect

OpenVPN Connect is a closed source product which we don't support here.

Posted: **Mon Nov 02, 2020 12:06 am**

TinCanTech wrote: ↑
Sun Nov 01, 2020 11:15 pm

Giazzi wrote: ↑
Sun Nov 01, 2020 10:46 pm
But still there's something that doesnt work with OpenVPN Connect
OpenVPN Connect is a closed source product which we don't support here.

I'm such a noob... I supposed Connect was just a "user-friendly" version of Community

Uninstalled Connect, downloaded Community version and.... IT WORKS!

I had to change nothing in the config or on the EdgeRouter... it just works!

Thank you very much TinCan... you literally saved my a$$

OpenVPN Support Forum

DNS over OpenVPN doesn't reply for internal hosts

DNS over OpenVPN doesn't reply for internal hosts

Re: DNS over OpenVPN doesn't reply for internal hosts

Re: DNS over OpenVPN doesn't reply for internal hosts

Re: DNS over OpenVPN doesn't reply for internal hosts

Re: DNS over OpenVPN doesn't reply for internal hosts

Re: DNS over OpenVPN doesn't reply for internal hosts

Re: DNS over OpenVPN doesn't reply for internal hosts