OpenVPN Connect 3.3.1
Posted: Tue Jul 20, 2021 2:08 pm
So, I've been pulling my hair on this one
We have internal DNS servers hosting some .com entries for internal servers, so we do not want them exposed on external DNS servers. I've used the same .ovpn file on OpenVPN 2.5 and it applies the DNS servers and correctly identifies them with PING and NSLOOKUP.
After installing Connect, importing the client config, the DNS servers are not set correctly on the TAP adapter. Running NSLOOKUP on the .com addresses tries to use external DNS. I can ping my .local entries just fine and NSLOOKUP works for those.
I have modified the config file to have:
dhcp-option DNS 10.200.0.201
dhcp-option DNS 10.200.0.202
But still no DNS servers. I've unchecked the DNS fallback option under advanced settings. In the log file, I receive this:
Tunnel Addresses:
10.200.200.2/24 -> 10.200.200.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.200.0.0/24
10.0.1.0/24
10.0.99.0/24
10.190.101.26/32
10.190.101.27/32
172.16.0.0/16
Exclude Routes:
DNS Servers:
10.200.0.201
10.200.0.202
Search Domains:
(blank).local
WINS Servers:
10.200.0.201
10.200.0.202
After editing the config file and adding
dhcp-option DOMAIN (blank).com
dhcp-option DOMAIN (blank).local
I can ping and access them via a web browser. However, the issue still exists that DNS is not propagated to the TAP adapter. Certain applications rely on a dig of the .com domain names to access them. We do not want to host our internal .com names on our external DNS server.
I have also gone through setting different binding order in registry, enabling SmartDNS through GPO, disabling SmartDNS through GPO, changing the metrics of the adapters, and such. Adding the DNS servers manually to the TAP adapter will add them, but I'm trying to figure out a way to do this without manual intervention. I'd just like to get the functionality back like it was in OVPN 2.5, but we like being able to automatically connect on boot. This version of OVPN Connect also fixes some of the random VPN disconnect issues a few clients had, so rolling back isn't such a good option at this time.
Thanks for any insight to this issue.
We have internal DNS servers hosting some .com entries for internal servers, so we do not want them exposed on external DNS servers. I've used the same .ovpn file on OpenVPN 2.5 and it applies the DNS servers and correctly identifies them with PING and NSLOOKUP.
After installing Connect, importing the client config, the DNS servers are not set correctly on the TAP adapter. Running NSLOOKUP on the .com addresses tries to use external DNS. I can ping my .local entries just fine and NSLOOKUP works for those.
I have modified the config file to have:
dhcp-option DNS 10.200.0.201
dhcp-option DNS 10.200.0.202
But still no DNS servers. I've unchecked the DNS fallback option under advanced settings. In the log file, I receive this:
Tunnel Addresses:
10.200.200.2/24 -> 10.200.200.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.200.0.0/24
10.0.1.0/24
10.0.99.0/24
10.190.101.26/32
10.190.101.27/32
172.16.0.0/16
Exclude Routes:
DNS Servers:
10.200.0.201
10.200.0.202
Search Domains:
(blank).local
WINS Servers:
10.200.0.201
10.200.0.202
After editing the config file and adding
dhcp-option DOMAIN (blank).com
dhcp-option DOMAIN (blank).local
I can ping and access them via a web browser. However, the issue still exists that DNS is not propagated to the TAP adapter. Certain applications rely on a dig of the .com domain names to access them. We do not want to host our internal .com names on our external DNS server.
I have also gone through setting different binding order in registry, enabling SmartDNS through GPO, disabling SmartDNS through GPO, changing the metrics of the adapters, and such. Adding the DNS servers manually to the TAP adapter will add them, but I'm trying to figure out a way to do this without manual intervention. I'd just like to get the functionality back like it was in OVPN 2.5, but we like being able to automatically connect on boot. This version of OVPN Connect also fixes some of the random VPN disconnect issues a few clients had, so rolling back isn't such a good option at this time.
Thanks for any insight to this issue.