DNS Not Resolving on Clients - New Setup

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
jmdomini
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 09, 2022 4:12 pm

DNS Not Resolving on Clients - New Setup

Post by jmdomini » Fri Dec 09, 2022 4:36 pm

Hello all,
So I've setup OpenVPN Access Server on a VPS (Alma Linux 8). Keep in mind I'm a total newbie at this and have no experience with the product. At this point everything is pretty well setup with the out of the box defaults. I setup a client profile to test, again pretty well with the default options. At first it appears that I have a successful connection (Windows 11 client), except I can't resolve DNS. I can ping the dns servers or any other address on the internet if I have the IP. OK, so I check this board and someone else has the same issue and the suggestion is to push a public DNS server to the client, so I do that and add 4.2.2.1 and 4.2.2.2 to be pushed. Reconnect after making that change, see that those dns servers are set as the default on the Windows 11 device now. However, still can't resolve DNS. :x Try totally disabling the firewall temporarily on both the W11 device and the VPS to rule out that being the problem, no change. As you can see from the trace at the bottom of the message taken from the VPS, the DNS requests are reaching the access server. I also tried connecting with my iPhone to rule out a Windows 11 issue, same behaviour.

I've spent more hours than I'd like to admit on this and I have no idea where to go next. Santised version of the config file the client receive also below. Can anyone tell me what I am missing?

client

server-poll-timeout 4
nobind
remote 199.xxxx 1194 udp
remote 199.xxxx 1194 udp
remote 199.xxxx 443 tcp
remote 199.xxxx 1194 udp
remote 199.xxxx 1194 udp
remote 199.xxxx 1194 udp
remote 199.xxxx 1194 udp
remote 199.xxxx 1194 udp
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
auth-user-pass
verb 3
push-peer-info


10:03:44.579793 In ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 30836, offset 0, flags [none], proto UDP (17), length 58)
172.27.232.19.53033 > 4.2.2.1.domain: 51927+ A? www.bing.com. (30)
10:03:52.933587 In ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 14348, offset 0, flags [none], proto UDP (17), length 58)
172.27.232.19.51378 > 4.2.2.2.domain: 14500+ Type65? www.bing.com. (30)
10:03:52.934255 In ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 35747, offset 0, flags [none], proto UDP (17), length 58)
172.27.232.19.49620 > 4.2.2.2.domain: 51927+ A? www.bing.com. (30)
10:03:56.339169 In ethertype IPv4 (0x0800), length 75: (tos 0x0, ttl 64, id 36364, offset 0, flags [none], proto UDP (17), length 59)
172.27.232.19.64144 > 4.2.2.2.domain: 40781+ Type65? ocs

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: DNS Not Resolving on Clients - New Setup

Post by openvpn_inc » Fri Dec 09, 2022 10:14 pm

Hello,

You didn't mention how you were pushing DNS servers. Did you do this by configuring this on the Admin UI of the Access Server in the VPN Settings page, by enabling the option to push DNS servers, and defining 2 DNS servers there to push? Or did you use client or server config directive overrides?

I could explain the trace if you had implemented it using client or server config directive overrides, as that would not have opened the internal Access Server firewall automatically to pass on DNS requests.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

jmdomini
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 09, 2022 4:12 pm

Re: DNS Not Resolving on Clients - New Setup

Post by jmdomini » Sat Dec 10, 2022 12:51 am

In the admin GUI of the server, I chose the option "Have client use specific DNS servers" and set the servers there.

jmdomini
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 09, 2022 4:12 pm

Re: DNS Not Resolving on Clients - New Setup

Post by jmdomini » Sat Dec 10, 2022 8:11 pm

I've given up on getting this working and moved to the open-source version of OpenVPN. Perhaps some quirk between AlmaLinux 8 vs genuine Red Hat EL 8 at play here? This is just needed for a short-term project, and I don't have the patience to figure it out. Thanks though for trying to help.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: DNS Not Resolving on Clients - New Setup

Post by openvpn_inc » Sat Dec 17, 2022 10:13 am

Hi,

Does the VPS server itself can resolve DNS - I'm sure it does. If that is the case, try selecting "Have clients use the same DNS servers as the Access Server host" under VPN Settings>DNS Settings and see how it goes.

Regards,
.\kionci
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply