Trouble pushing DNS to clients
Posted: Mon Mar 21, 2022 12:59 am
I have set up a OpenVPN server with the Synology plugin running on DSM. The iOS/iPad clients has no problem connecting to the internet via the server.
However, the DNS setting does not work as the local domains cannot be found. Strangely the external domains work even while I disabled the DNS backup option in the client.
Here is my setup:
Server:
Local IP of the OpenVPN Server: 10.27.0.40
Synology DSM version: DSM 7.0.1-42218 Update 3
Clients:
iOS version: 15.4
openvpn.conf
client log:
However, the DNS setting does not work as the local domains cannot be found. Strangely the external domains work even while I disabled the DNS backup option in the client.
Here is my setup:
Server:
Local IP of the OpenVPN Server: 10.27.0.40
Synology DSM version: DSM 7.0.1-42218 Update 3
Clients:
iOS version: 15.4
openvpn.conf
push "route 10.27.0.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management /var/run/openvpn.sock unix
server 10.8.0.0 255.255.255.0
dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh3072.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key
max-clients 10
comp-lzo
persist-tun
persist-key
verb 3
#log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 1194
cipher AES-256-CBC
auth SHA512
mssfix 1450
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.27.0.40"
client log:
Sorry that I can't get oconf and olog tags work.2022-03-21 00:37:18 1
2022-03-21 00:37:18 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit
2022-03-21 00:37:18 OpenVPN core 3.git::58b92569 ios arm64 64-bit
2022-03-21 00:37:18 Frame=512/2048/512 mssfix-ctrl=1250
2022-03-21 00:37:18 UNUSED OPTIONS
1 [tls-client]
4 [register-dns]
5 [block-outside-dns]
6 [pull]
8 [script-security] [2]
2022-03-21 00:37:18 EVENT: RESOLVE
2022-03-21 00:37:18 Contacting [[IP omitted for privacy]]:1194/UDP via UDP
2022-03-21 00:37:18 EVENT: WAIT
2022-03-21 00:37:18 Connecting to [[Domain omitted for privacy]]:1194 ([IP omitted for privacy]) via UDPv4
2022-03-21 00:37:18 EVENT: CONNECTING
2022-03-21 00:37:18 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client
2022-03-21 00:37:18 Creds: Username/Password
2022-03-21 00:37:18 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl
2022-03-21 00:37:18 VERIFY OK: depth=2, /C=US/O=Internet Security Research Group/CN=ISRG Root X1
2022-03-21 00:37:18 VERIFY OK: depth=1, /C=US/O=Let's Encrypt/CN=R3
2022-03-21 00:37:18 VERIFY OK: depth=0, /CN=<Domain omitted for privacy>
2022-03-21 00:37:18 SSL Handshake: CN=<Domain omitted for privacy>, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2022-03-21 00:37:18 Session is ACTIVE
2022-03-21 00:37:18 EVENT: GET_CONFIG
2022-03-21 00:37:18 Sending PUSH_REQUEST to server...
2022-03-21 00:37:18 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.27.0.0] [255.255.255.0]
2 [route] [10.8.0.0] [255.255.255.0]
3 [redirect-gateway] [def1] [bypass-dhcp]
4 [dhcp-option] [DNS] [10.27.0.40]
5 [route] [10.8.0.1]
6 [topology] [net30]
7 [ping] [10]
8 [ping-restart] [60]
9 [ifconfig] [10.8.0.6] [10.8.0.5]
2022-03-21 00:37:18 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA512
compress: LZO_STUB
peer ID: -1
2022-03-21 00:37:18 EVENT: ASSIGN_IP
2022-03-21 00:37:18 NIP: preparing TUN network settings
2022-03-21 00:37:18 NIP: init TUN network settings with endpoint: <IP omitted for privacy>
2022-03-21 00:37:18 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.4/30
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.27.0.0/24
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.0/24
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.1/32
2022-03-21 00:37:18 NIP: redirecting all IPv4 traffic to TUN interface
2022-03-21 00:37:18 NIP: adding DNS 10.27.0.40
2022-03-21 00:37:18 Connected via NetworkExtensionTUN
2022-03-21 00:37:18 LZO-ASYM init swap=0 asym=1
2022-03-21 00:37:18 Comp-stub init swap=0
2022-03-21 00:37:18 EVENT: CONNECTED <user@domain omitted for privacy>:1194 (<IP omitted for privacy>) via /UDPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]