OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPN Connect for MacOS doesn't change/set DNS servers

https://forums.openvpn.net/viewtopic.php?t=34612

Page 1 of 1

OpenVPN Connect for MacOS doesn't change/set DNS servers

Posted: Tue Aug 02, 2022 1:48 pm
by gyrex
Hi,

The official OpenVPN Connect client (V3.3.6 4368) for MacOS (Monterey 12.5) isn't setting the server defined DNS servers.

If I use Tunnelblick the DNS servers are set correctly. Without the local DNS servers set on the client, it means I can't resolve any servers or clients on the remote network.

Tried adding:
dhcp-option DNS 10.11.12.1
dhcp-option DOMAIN local

to the client file but it makes no difference.

After connecting to the VPN server, running cat /etc/resolv.conf shows the DNS servers set by the local DHCP server.

Re: OpenVPN Connect for MacOS doesn't change/set DNS servers

Posted: Sun Aug 07, 2022 11:33 am
by openvpn_inc
Hi gyrex,

Thank you for bringing this to the correct forum. I was just looking at your post in Server Administration and was going to move it here.

We have had some reports of this, and a bug ticket was opened. I do not know the status of that ticket, however.

Often this issue can be caused outside of OpenVPN, such as by various "security" software products who know your needs better than you do. Cisco Umbrella is a common example.

However since Tunnelblick works, that would seem unlikely to be the cause for you. I would suggest since you're using the community version server, you might be best off just staying with a fine open source client.

If you're interested in pursuing this, the results of this command could be useful:

Code: Select all

scutil --dns
regards, rob0

Re: OpenVPN Connect for MacOS doesn't change/set DNS servers

Posted: Tue Aug 01, 2023 4:26 pm
by sbakhtiar
@openvpn_inc

I'm having a similar issue. I use

Code: Select all

push "dhcp-option DNS 172.31.0.2"
to push the dns server from the server to the clients. I have included a dump of

Code: Select all

scutil --dns
first of the error condition, in which, even though the client is connected, DNS is resolving using the assigned DNS, and after disconnecting, then reconnecting, at which point the private DNS queries start working, as they are using the correct resolver (the one pushed by the server).

I have a feeling something is reseting the my Mac's DNS settings?

[VPN CONNECTED BUT CAN NOT RESOLVE PRIVATE DOMAIN]
sbakhtiar@Shawn-Mac-mini-AZ ~ % scutil --dns
DNS configuration

resolver #1
search domain[0] : mtecom.net
nameserver[0] : 10.0.1.1
if_index : 12 (en1)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000

DNS configuration (for scoped queries)

resolver #1
search domain[0] : mtecom.net
nameserver[0] : 10.0.1.1
if_index : 12 (en1)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)






[RECONNECTED VPN, PRIVATE DOMAIN RESOLVING]
sbakhtiar@Shawn-Mac-mini-AZ ~ % scutil --dns
DNS configuration

resolver #1
search domain[0] : mtecom.net
nameserver[0] : 172.31.0.2
flags : Request A records
reach : 0x00000002 (Reachable)
order : 5000

resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000

DNS configuration (for scoped queries)

resolver #1
search domain[0] : mtecom.net
nameserver[0] : 172.31.0.2
if_index : 12 (en1)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
order : 5000
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
sbakhtiar@Shawn-Mac-mini-AZ ~ %
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/