Opened 4 years ago

Closed 4 years ago

Last modified 10 months ago

#809 closed Bug / Defect (notabug)

Setting DNS via DCHP Option in PUSH no longer working.

Reported by: krugger Owned by: Gert Döring
Priority: minor Milestone:
Component: Generic / unclassified Version: OpenVPN 2.4.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

I updated my OpenVPN client to 2.4 and pushing the DNS servera for the internal network stopped working.

Here are the relevant lines from the log:
Mon Jan 02 23:43:33 2017 PUSH: Received control message: 'PUSH_REPLY,route 10.20.0.0 255.255.0.0,dhcp-option DNS 10.20.220.15 10.20.220.11,route 10.20.240.1,topology net30,ping 10,ping-restart 120,ifconfig 10.20.240.6 10.20.240.5'
Mon Jan 02 23:43:33 2017 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: dhcp-option (2.4.0)

I upgraded the priority of this bug, as I cannot upgrade all client machines to the new version, as we rely heavily on the internal DNS servers for users to properly use the VPN connections.

Change History (10)

comment:1 Changed 4 years ago by plaisthos

2.4 is more verbose in logging unrecognised options. The dhcp-options is only recognised by Android and Windows. Other OS rely on parsing this option with a script. Also certain other options (route-nopull) will trigger this message.

Could you give more information, most importantly the OS in question?

comment:2 Changed 4 years ago by krugger

The OpenVPN client has Windows 10 as the Operating System.

Wed Jan 04 19:04:50 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Wed Jan 04 19:04:50 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jan 04 19:04:50 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09

comment:3 Changed 4 years ago by Gert Döring

Owner: set to Gert Döring
Priority: criticalminor
Status: newassigned

I think the issue is that "dhcp-option DNS ..." only takes ONE IP address argument, not two. 2.3 ignored the second argument, 2.4 complains.

So you need to change the server side to read

push "dhcp-option DNS 10.20.220.15"
push "dhcp-option DNS 10.20.220.11"

where it reads today

push "dhcp-option DNS 10.20.220.15 10.20.220.11"

(Yes, this is a bit annoying right now, but the config was wrong all the time and we just never pointed that out)

Please test and report back - I'm confident this will fix it.

comment:4 Changed 4 years ago by krugger

You are correct.

Setting multiple entries for the dhcp push option fixed it, as that is the correct way of configuring it. So this is not a bug in the client.

comment:5 Changed 4 years ago by jobber777

Options error: Unrecognized option or missing or extra parameter(s) in /srv/openvpn/ccd/client_7204:2: push (2.4.0)

and in the file /srv/openvpn/ccd/client_7204

push dhcp-option DNS 10.13.0.1

This option work on openvpn 2.3.14. But not work on the openvpn 2.4.0, what happens?

comment:6 in reply to:  4 Changed 4 years ago by Gert Döring

Replying to krugger:

Setting multiple entries for the dhcp push option fixed it, as that is the correct way of configuring it. So this is not a bug in the client.

Thanks for providing feedback, and good to hear that it works for you now :-) - so, closing this ticket (after answering #6)

comment:7 in reply to:  5 ; Changed 4 years ago by Gert Döring

Resolution: notabug
Status: assignedclosed

Replying to jobber777:

push dhcp-option DNS 10.13.0.1

This option work on openvpn 2.3.14. But not work on the openvpn 2.4.0, what happens?

It does not work in 2.3.14, but the "not working" bit is not so obvious - you need to
have quotes around the arguments to push (if there are spaces)

push "dhcp-option DNS 10.13.0.1"

if you look closely at your 2.3.14 logs, you'll see that it will push the option "dhcp-option", not "dhcp-option DNS 10.30.0.1" - push takes one argument, and used to ignore the rest, while in 2.4.0, we actually tell people that there are too many arguments.

comment:8 in reply to:  7 Changed 4 years ago by jobber777

Replying to cron2:

Replying to jobber777:

push dhcp-option DNS 10.13.0.1

This option work on openvpn 2.3.14. But not work on the openvpn 2.4.0, what happens?

It does not work in 2.3.14, but the "not working" bit is not so obvious - you need to
have quotes around the arguments to push (if there are spaces)

push "dhcp-option DNS 10.13.0.1"

if you look closely at your 2.3.14 logs, you'll see that it will push the option "dhcp-option", not "dhcp-option DNS 10.30.0.1" - push takes one argument, and used to ignore the rest, while in 2.4.0, we actually tell people that there are too many arguments.

thanks!

comment:9 Changed 10 months ago by urp

I'm using OpenVPN 2.4.4 on Ubuntu 18.04 and connecting using MacOS and iPhone. Internal IP addresses work but not the internal DNS service which is running on the same machine as OpenVPN. I have have tried adding push "dhcp-option DNS 10.0.1.2" (10.0.1.2 is IP where DNS is running) but OenVPN clients still do not resolve to internal names. Without VPN on the same network - both clients work properly. What's additional step required ? I prefer to make changes on server side and not the client side.

comment:10 Changed 10 months ago by Gert Döring

this ticket was closed 3 years ago - please do not add new questions to old tickets, even if somewhat similar in topic.

Without looking at your config and client logs it's very hard to say what is happening. But even so, this is better suited for the openvpn forum or the openvpn-users list, as this is a setup question and not a code bug.

Note: See TracTickets for help on using tickets.