Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Lach
OpenVpn Newbie
Posts: 1
Joined: Tue Apr 19, 2022 2:31 am

Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect

Post by Lach » Tue Apr 19, 2022 2:35 am

Hi,

When I connect to my AWS OpenVPN Server using OpenVPN GUI I am able to resolve domain names and get a ping response.

When I connect to the same AWS OpenVPN Server using OpenVPN Connect, I am unable to resolve domain names. I can however directly ping ips and get a response.

This is both on Windows 11, exactly the same configuration on both clients and connecting to the same server. The OpenVPN server is configured with a split tunnel for only one unrelated ip address, I'm using Google DNS to resolve ips (8.8.8.8, 8.8.4.4).

When I route the Google DNS ips over the VPN rather than using the default local gateway then I'm able to resolve domain names and get a ping response. Any idea why I need to route the Google DNS ips over the VPN to resolve domain names for the OpenVPN Connect client and not the OpenVPN GUI?

Would really appreciate any ideas on how to debug and move forward.

Many thanks

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect

Post by openvpn_inc » Thu Apr 21, 2022 10:16 am

Hello Lach,

OpenVPN GUI uses OpenVPN2. OpenVPN Connect uses OpenVPN3. Split-DNS is not supported by OpenVPN2. But is implemented in OpenVPN3. Simply put there are differences in how DNS works in the two programs. Use the one that matches your needs.

In the meantime, we are working on expanding DNS handling and unifying it in OpenVPN2 and OpenVPN3.

I suggest you use tcpdump to diagnose the DNS queries and responses to see what the difference is. This can give a clue as to what to change to make things work as you expect.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

n0vajay05
OpenVpn Newbie
Posts: 1
Joined: Fri May 20, 2022 7:19 pm

Re: Difference in DNS resolution when connecting with Open VPN GUI and Open VPN Connect

Post by n0vajay05 » Fri May 20, 2022 7:31 pm

Wanted to put an update on this one since I just figured out what was causing this same issue on my particular setup (pfSense OpenVPN Server).

My DNS configuration on the server was using my primary internal network range as the DNS addresses listed in the OpenVPN server settings, and that's worked for a long time using the OpenVPN V2 clients across many different devices. In this case - when DNS was not working on the new OpenVPN Connect windows client - I decided to try using the VPN network's gateway address in the same range as the VPN network as the DNS resolver address since I have the DNS Resolver running on all interfaces. That solved the issue and immediately my windows machine could resolve addresses while on OpenVPN Connect.

It seems as part of the OpenVPN Connect client V3, DNS requests are being blocked to IPs outside of the VPN assigned range. This can be worked around when using pfSense specifically with the DNS Resolver taking care of it for you, but in cases where that isn't available, it's going to make DNS requests to internal DNS servers living in a different subnet a real challenge.

Post Reply