I recently set up an OpenVPN server to securely connect employee computers to an internal corporate network. The VPN doesn't "hide" the user's IP address, because that's not the intended purpose, and therefore I haven't enabled forced traffic redirection (;push "redirect-gateway def1 bypass-dhcp").
I want to change the default DNS address to one that's hosted on the VPN server, so the clients can use more user-friendly internal domain names instead of IP addresses, but I'm having some strange issues. In my server.conf, I have enabled push "dhcp-option DNS 10.8.0.1" and after connecting to the server, the correct DNS setting shows up in ipconfig /all:
Code: Select all
Unknown adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.8.0.1 <=== This is the correct DNS address
Strangely, if I try to nslookup an internal domain name, it works, even if I don't specify the DNS server address. What's even more strange is that DNS resolution seems to fully work from within a WSL (Windows Subsystem for Linux) terminal, e.g. the ping command functions as expected.
OpenVPN Connect is already deployed on all the relevant machines, and all .ovpn profiles have already been issued and installed, so it would be preferrable if this problem could be solved with a server-side "push" configuration, or something similar.
Here's my minimized server.conf file with all comments stripped:
Server Config
port 52278
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "dhcp-option DNS 10.8.0.1" # <======= DNS Configuration
push "block-outside-dns" # <====== This also doesn't fix the issue
client-config-dir /etc/openvpn/ccd
client-to-client
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
management localhost 7505