OpenVPN Support Forum

We are running an OpenVPN Access Server deployed through the GCP marketplace. The setup when smoothly and everything is working as expected server side, however whenever a user connects to the VPN client side, they have no internet.

A workaround for this issue for our users is to add 8.8.8.8/0.0.0.0 as a DNS server for the local machine, however this has to be done every time the user connects, so becomes frustrating and is not ideal for our less tech savy users.

I was looking to find out if there are any setting I can put in place server side to avoid this workaround? I have had a look in a few places it looks like I will need to set up a server.conf file which is not currently present on our server. What setting need to go into this, and will I also need users to set up a clinet.conf file to match it?

In the OpenVPN AS admin web panel, under Configuration -> VPN Settings, find "DNS Settings"

Then try changing it to "Do not alter clients' DNS server settings"

If you really do want it set to 8.8.8.8 every time instead, change it to "Have clients use specific DNS servers"

In addition to 8.8.8.8 as the Primary, I recommend using 8.8.4.4 as the Secondary.

Thank you very much for this. "Do not alter clients' DNS server settings" was already set to yes, but using "Have clients use specific DNS servers" and setting the IPs resolved the issue

chilinux wrote: ↑

Mon Feb 28, 2022 5:11 am

In addition to 8.8.8.8 as the Primary, I recommend using 8.8.4.4 as the Secondary.

Actually that does not matter. Both addresses are anycast, so your queries are answered by any member of the Google Public DNS farm. Probably all the members of the farm are answering on both addresses.

There is nothing wrong with only using only one of those addresses for DNS. The only way it can be a SPOF is when a firewall blocks the address (and if it blocks one, most likely it blocks the other.)

regards, rob0