OpenVPN Support Forum

Hi,

When I connect to my AWS OpenVPN Server using OpenVPN GUI I am able to resolve domain names and get a ping response.

When I connect to the same AWS OpenVPN Server using OpenVPN Connect, I am unable to resolve domain names. I can however directly ping ips and get a response.

This is both on Windows 11, exactly the same configuration on both clients and connecting to the same server. The OpenVPN server is configured with a split tunnel for only one unrelated ip address, I'm using Google DNS to resolve ips (8.8.8.8, 8.8.4.4).

When I route the Google DNS ips over the VPN rather than using the default local gateway then I'm able to resolve domain names and get a ping response. Any idea why I need to route the Google DNS ips over the VPN to resolve domain names for the OpenVPN Connect client and not the OpenVPN GUI?

Would really appreciate any ideas on how to debug and move forward.

Many thanks

Hello Lach,

OpenVPN GUI uses OpenVPN2. OpenVPN Connect uses OpenVPN3. Split-DNS is not supported by OpenVPN2. But is implemented in OpenVPN3. Simply put there are differences in how DNS works in the two programs. Use the one that matches your needs.

In the meantime, we are working on expanding DNS handling and unifying it in OpenVPN2 and OpenVPN3.

I suggest you use tcpdump to diagnose the DNS queries and responses to see what the difference is. This can give a clue as to what to change to make things work as you expect.

Kind regards,
Johan

Wanted to put an update on this one since I just figured out what was causing this same issue on my particular setup (pfSense OpenVPN Server).

My DNS configuration on the server was using my primary internal network range as the DNS addresses listed in the OpenVPN server settings, and that's worked for a long time using the OpenVPN V2 clients across many different devices. In this case - when DNS was not working on the new OpenVPN Connect windows client - I decided to try using the VPN network's gateway address in the same range as the VPN network as the DNS resolver address since I have the DNS Resolver running on all interfaces. That solved the issue and immediately my windows machine could resolve addresses while on OpenVPN Connect.

It seems as part of the OpenVPN Connect client V3, DNS requests are being blocked to IPs outside of the VPN assigned range. This can be worked around when using pfSense specifically with the DNS Resolver taking care of it for you, but in cases where that isn't available, it's going to make DNS requests to internal DNS servers living in a different subnet a real challenge.