OpenVPN via pfSense
Tested on multiple Windows 10 and 8.1 clients w/ same result.
After Connecting, client can access network share using IP; but not hostname. Same for ping.
I've tried Enabling/Disabling [Block Outside DNS], [force DNS cache update] on the server with no change. I've also tried adding the DNS info manually on the client OVPN file; but that just resulted listing the DNS info twice at the same line in the log.
Thank you for any assistance.
server config file - public ip names and addresses removed
dev ovpns3
verb 1
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local
tls-server
server 10.0.10.0 255.255.255.0
client-config-dir /var/etc/openvpn/server3/csc
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user RGVmLUxvZ2l4IEF1dGhlbnRpY2F0aW9uIC0gV2lkZS1PcGVuIFZQTiBFeGVjICYgU3lzYWRtaW4gT05MWQ== false server3 1195
tls-verify "/usr/local/sbin/ovpn_auth_verify tls '' 1"
lport 1195
management /var/etc/openvpn/server3/sock unix
max-clients 100
push "route 192.168.200.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"
push "route 172.16.101.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.30.0 255.255.255.0"
push "route 172.16.0.0 255.255.255.0"
push "route 10.10.0.0 255.255.255.0"
push "route 10.20.0.0 255.255.255.0"
push "route 172.16.2.0 255.255.255.0"
push "dhcp-option DOMAIN def-logix.local"
push "dhcp-option DNS 192.168.200.4"
push "dhcp-option DNS 192.168.200.5"
push "block-outside-dns"
push "dhcp-option NTP 216.239.35.12"
push "dhcp-option NTP 50.205.244.107"
remote-cert-tls client
capath /var/etc/openvpn/server3/ca
cert /var/etc/openvpn/server3/cert
key /var/etc/openvpn/server3/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server3/tls-auth 0
ncp-disable
cipher AES-128-CBC
allow-compression no
persist-remote-ip
float
topology subnet
inactive 900
inactive 3600
client config file - public ip names and addresses removed
⏎5/10/2022, 12:20:50 PM OpenVPN core 3.git::662eae9a win x86_64 64-bit built on Oct 27 2020 12:49:07
⏎5/10/2022, 12:20:50 PM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/10/2022, 12:20:50 PM UNUSED OPTIONS
1 [persist-key]
2 [ncp-disable]
5 [tls-client]
7 [resolv-retry] [infinite]
9 [nobind]
10 [verify-x509-name] [] [name]
13 [explicit-exit-notify]
⏎5/10/2022, 12:20:50 PM Contacting :1195 via UDP
⏎5/10/2022, 12:20:50 PM WinCommandAgent: transmitting bypass route to
{
"host" : "",
"ipv6" : false
}
⏎5/10/2022, 12:20:50 PM EVENT: RESOLVE ⏎5/10/2022, 12:20:50 PM EVENT: WAIT ⏎5/10/2022, 12:20:50 PM Connecting to []:1195 () via UDPv4
⏎5/10/2022, 12:20:50 PM EVENT: CONNECTING ⏎5/10/2022, 12:20:50 PM Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎5/10/2022, 12:20:50 PM Creds: Username/Password
⏎5/10/2022, 12:20:50 PM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_GUI_VER=OCWindows_3.2.2-1455
IV_SSO=openurl
⏎5/10/2022, 12:20:51 PM SSL Handshake: CN=, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
⏎5/10/2022, 12:20:51 PM Session is ACTIVE
⏎5/10/2022, 12:20:51 PM Sending PUSH_REQUEST to server...
⏎5/10/2022, 12:20:51 PM EVENT: GET_CONFIG ⏎5/10/2022, 12:20:51 PM OPTIONS:
0 [route] [192.168.200.0] [255.255.255.0]
1 [route] [192.168.100.0] [255.255.255.0]
2 [route] [172.16.101.0] [255.255.255.0]
3 [route] [192.168.1.0] [255.255.255.0]
4 [route] [172.16.30.0] [255.255.255.0]
5 [route] [172.16.0.0] [255.255.255.0]
6 [route] [10.10.0.0] [255.255.255.0]
7 [route] [10.20.0.0] [255.255.255.0]
8 [route] [172.16.2.0] [255.255.255.0]
9 [dhcp-option] [DOMAIN] [def-logix.local]
10 [dhcp-option] [DNS] [192.168.200.4]
11 [dhcp-option] [DNS] [192.168.200.5]
12 [block-outside-dns]
13 [dhcp-option] [NTP] [216.239.35.12]
14 [dhcp-option] [NTP] [50.205.244.107]
15 [route-gateway] [10.0.10.1]
16 [topology] [subnet]
17 [ping] [10]
18 [ping-restart] [60]
19 [ifconfig] [10.0.10.2] [255.255.255.0]
20 [peer-id] [0]
21 [cipher] [AES-128-CBC]
⏎5/10/2022, 12:20:51 PM PROTOCOL OPTIONS:
cipher: AES-128-CBC
digest: SHA256
compress: NONE
peer ID: 0
⏎5/10/2022, 12:20:51 PM Unknown pushed DHCP option: [dhcp-option] [NTP] [216.239.35.12]
⏎5/10/2022, 12:20:51 PM Unknown pushed DHCP option: [dhcp-option] [NTP] [50.205.244.107]
⏎5/10/2022, 12:20:51 PM CAPTURED OPTIONS:
Session Name:
Layer: OSI_LAYER_3
Remote Address:
Tunnel Addresses:
10.0.10.2/24 -> 10.0.10.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
192.168.200.0/24
192.168.100.0/24
172.16.101.0/24
192.168.1.0/24
172.16.30.0/24
172.16.0.0/24
10.10.0.0/24
10.20.0.0/24
172.16.2.0/24
Exclude Routes:
DNS Servers:
192.168.200.4
192.168.200.5
Search Domains:
def-logix.local
⏎5/10/2022, 12:20:51 PM EVENT: ASSIGN_IP ⏎5/10/2022, 12:20:52 PM SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"confirm_event" : "b005000000000000",
"destroy_event" : "6c11000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "192.168.200.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "192.168.100.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.101.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "192.168.1.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.30.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.10.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.20.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.2.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "192.168.200.4",
"ipv6" : false
},
{
"address" : "192.168.200.5",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "###.###.###.###",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"search_domains" :
[
{
"domain" : "def-logix.local"
}
],
"session_name" : "",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.0.10.2",
"gateway" : "10.0.10.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{926D4931-E217-4D2C-B5C9-28F8B3C0B7DE}' index=9 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{926D4931-E217-4D2C-B5C9-28F8B3C0B7DE}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=9
netsh interface ip set interface 9 metric=1
Ok.
netsh interface ip set address 9 static 10.0.10.2 255.255.255.0 gateway=10.0.10.1 store=active
IPHelper: add route 192.168.200.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 192.168.100.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.101.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 192.168.1.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.30.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.0.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 10.10.0.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 10.20.0.0/24 9 10.0.10.1 metric=-1
IPHelper: add route 172.16.2.0/24 9 10.0.10.1 metric=-1
NRPT::ActionCreate names=[.def-logix.local] dns_servers=[192.168.200.4,192.168.200.5]
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 8c12000000000000
⏎5/10/2022, 12:20:52 PM Connected via TUN_WIN
⏎5/10/2022, 12:20:52 PM EVENT: CONNECTED @:1195 () via /UDPv4 on TUN_WIN/10.0.10.2/ gw=[10.0.10.1/]⏎5/10/2022, 12:21:30 PM SetupClient: signaling tun destroy event
⏎5/10/2022, 12:21:30 PM EVENT: DISCONNECTED ⏎