Page 1 of 1
Potential bug with DNS on OpenVPN Connect v3.2.3
Posted: Tue May 18, 2021 7:12 pm
by fh29
Hello,
There seems to be an issue with OpenVPN Connect (at least in v3.2.3 on Windows 10) not being able to set the DNS on the TAP adapter and silently failing after the command 'NRPT::ActionCreate names=[.somedomain.com] dns_servers=[192.168.1.11]'. The equivalent netsh command works fine however:
Code: Select all
netsh interface ipv4 set dns 49 static 192.168.1.11 primary
This has been discussed multiple times on this forum already but with no clear solution:
viewtopic.php?f=5&t=30124
viewtopic.php?f=6&t=30960
viewtopic.php?f=24&t=29626
The issue doesn't exist in the OpenVPN GUI "Community Edition" client.
Please advise.
Re: Potential bug with DNS on OpenVPN Connect v3.2.3
Posted: Tue Jun 22, 2021 8:46 am
by fh29
Additional info from original thread for more clarity:
My server is pushing a DNS IPv4 to my OpenVPN Connect v3.2.3 client on Windows 10. The pushed DNS is received by OpenVPN connect (I can see the correct DNS in the log), but the DNS is not set in the TAP v9 adapter.
Every configuration option is correctly set on the adapter (via netsh commands).
The only option not being set via a netsh command is the DNS:
Code: Select all
NRPT::ActionCreate names=[.somedomain.com] dns_servers=[192.168.1.11]
If I try that command in Powershell I get:
Code: Select all
The term 'NRPT::ActionCreate' is not recognized as the name of a cmdlet
Whereas if I try the equivalent with netsh in Powershell, '192.168.1.11' is correctly set as the DNS value for the TAP adapter:
Code: Select all
netsh interface ipv4 set dns 49 static 192.168.1.11 primary
Without changing anything in the client or server config, but using the community edition client "OpenVPN GUI" instead of "OpenVPN Connect", the DNS IP is correctly set in the TAP adapter setting. I don't know how to get a more verbose log in OpenVPN GUI so I'm not sure which command is used to configure the DNS there.
Re: Potential bug with DNS on OpenVPN Connect v3.2.3
Posted: Mon Jun 28, 2021 12:12 pm
by openvpn_inc
Hello fh29,
OpenVPN Connect v3 supports NRPT, which is a way to do split-dns. If you're seeing that ".somedomain.com" thing in there, that means that apparently you're being pushed a split-DNS domain. That means that the DNS server will only apply for resolving anything ending in ".somedomain.com". And that means it gets implemented in NRPT, not as a global DNS server on your TAP interface.
If you see in your pushed options in the logs something like "dhcp-option DOMAIN somedomain.com" then that will be why this is happening. If you remove that pushed option from the server side, the consequence will be that all domains will be resolved through the DNS server specified. And then NRPT will not be used, and the DNS server gets set on the TAP adapter instead.
Kind regards,
Johan
Re: Potential bug with DNS on OpenVPN Connect v3.2.3
Posted: Thu Feb 09, 2023 11:57 am
by chad90b
im having the same issue with openvpn connect 3.3.6
how do we disable nrpt in the client?
always appreciate that new features are supported, but not at the cost of removing old features. would like to be able to toggle this
i do not have access to the vpn server and it will not be reconfigured. other vpn clients do not have this problem. im using openvpn connect because having multiple profiles is nice... just hope this issue can be resolved as well somehow