OpenVPN Support Forum

Hello,

After the OpenVPN client connected on windows 10, the domain can't be resolved, I guess it's a DNS problem. (But it works well on windows 7)

server.conf: (ubuntu 22)
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_oheNEiztDlcqOm4y.crt
key server_oheNEiztDlcqOm4y.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

client.ovpn: (windows 10)
client
proto udp
explicit-exit-notify
remote my.domain 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_oheNEiztDlcqOm4y name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
route 172.31.0.0 255.255.0.0
verb 3

==========================================================================
PS C:\Users\Administrator> ping bing.com
Ping request could not find host bing.com. Please check the name and try again.
==========================================================================

==========================================================================
PS C:\Users\Administrator> ping 13.107.21.200

Pinging 13.107.21.200 with 32 bytes of data:
Reply from 13.107.21.200: bytes=32 time=98ms TTL=115
Reply from 13.107.21.200: bytes=32 time=97ms TTL=115
Reply from 13.107.21.200: bytes=32 time=98ms TTL=115
Reply from 13.107.21.200: bytes=32 time=100ms TTL=11

Ping statistics for 13.107.21.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% lo
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 100ms, Average = 98ms
==========================================================================


Any idea where this issue could be coming from?

Thanks,
Haoran

Hi Haoran,

This forum is for issues specific to the proprietary OpenVPN Connect client. It is not for client issues in general (such as with the open source client or third party clients.) And in fact there is no such forum here, because most "client issues" are in fact server issues. Which client software are you using?

I checked out 94.140.14.14 and 94.140.15.15; they are Adguard open resolvers, both of which answered recursive DNS queries for me. (Seemingly a shared cache with both addresses.)

Interesting that Win7 works. I don't know much about Windows (does anyone outside of Redmond?) but I know in 10 and 11 there is a Name Resolution Policy Table (NRPT), and perhaps that's not being updated properly.

Please followup to the Server Administration forum if you are not using OpenVPN Connect. If you are, show some information about NRPT and the nameservers you are using, plus some actual DNS queries. As much as I hate it, nslookup.exe is your best bet on Windows to show what happens with DNS queries. (There are some PowerShell DNS cmdlets which are better in some ways, but IIRC they don't show which nameserver was queried.)

Refer to Microsoft PowerShell documentation about NRPT.

regards, rob0