OpenVPN Support Forum

Posted: **Wed Dec 01, 2021 9:17 am**

Hi,

When I use a ovpn client file as provided by the VPN provider, I can add

block-outside-dns

to block outside DNS, I can add DNS servers with

Code: Select all

dhcp-option DNS

etc.

So far, so good.

However, the VPN provider always adds it own DNS server too. I would like to block that, so ONLY the DNS servers I add are used...

I tried to add 4 dhcp options (the max as it seems), but then an error occurs.

My current solutions to deny the VPN provider to store my DNS requests are:

1) I have a local DNS server in my network, when I remove "block-outside-dns" from the ovpn file and specify that DNS in the OpenVPN TAP Local area connection, the provider assigned DNS is bypassed. (but my DNS server is exposed)

2) Use the provider ovpn config on a router, and redirect all traffic from my local network, including DNS queries.

Is there another way to remove the openvpn provider assigned DNS from the client?

Thanks,

Tony

Posted: **Wed Dec 01, 2021 1:22 pm**

In your client config use:

Code: Select all

pull-filter ignore "dhcp-option  DNS" # Ignore the pushed DNS servers
dhcp-option DNS <YOUR_DNS_SERVER_IP>  # Use your own server
block-outside-dns                     # Only works on Windblows

Posted: **Wed Dec 01, 2021 2:56 pm**

VPN still pushes their own DNS:

Code: Select all

pull-filter ignore "dhcp-option  DNS" # Ignore the pushed DNS servers
dhcp-option DNS 1.1.1.1  # Use your own server
dhcp-option DNS 1.0.0.1  # Use your own server
block-outside-dns

Result:

Code: Select all

   DNS Servers . . . . . . . . . . . : 1.1.1.1
                                       1.0.0.1
                                       10.143.0.1

I am on Winblows withe the OpenVPN gui etc, latest version.

Posted: **Wed Dec 01, 2021 3:03 pm**

From the connection log:

Code: Select all

2021-12-01 16:00:08 SENT CONTROL [Server-7315-0a]: 'PUSH_REQUEST' (status=1)
2021-12-01 16:00:08 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.198.0.1,comp-lzo no,route 10.198.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.198.0.6 10.198.0.5,peer-id 18,cipher AES-256-GCM'
2021-12-01 16:00:08 OPTIONS IMPORT: timers and/or timeouts modified
2021-12-01 16:00:08 OPTIONS IMPORT: compression parms modified

Posted: **Wed Dec 01, 2021 3:03 pm**

Watch the spaces...

Posted: **Wed Dec 01, 2021 3:08 pm**

Damn that white-space Dragon!

Replace:

TinCanTech wrote: ↑

Wed Dec 01, 2021 1:22 pm

Code: Select all

pull-filter ignore "dhcp-option  DNS" # Ignore the pushed DNS servers
dhcp-option DNS <YOUR_DNS_SERVER_IP>  # Use your own server
block-outside-dns                     # Only works on Windblows

With:

Code: Select all

pull-filter ignore "dhcp-option DNS" # Ignore the pushed DNS servers
dhcp-option DNS <YOUR_DNS_SERVER_IP>  # Use your own server
block-outside-dns                     # Only works on Windblows

@Pippin well spotted!

Posted: **Wed Dec 01, 2021 3:23 pm**

Ah, the spaces, now it works....

OpenVPN Support Forum

Howto Ignore DNS assignments pushed from server

Howto Ignore DNS assignments pushed from server

Re: OpenVPN and DNS assignments

Re: OpenVPN and DNS assignments

Re: OpenVPN and DNS assignments

Re: OpenVPN and DNS assignments

Re: OpenVPN and DNS assignments

Re: OpenVPN and DNS assignments