Opened 7 years ago
Closed 7 years ago
#982 closed Bug / Defect (fixed)
iOS: DNS settings still not apllied
Reported by: | nodefeet | Owned by: | Antonio Quartulli |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | OpenVPN Connect | Version: | OpenVPN Connect for iOS v1.2.6 |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | DNS gateway |
Cc: |
Description
The issue from:
https://forums.openvpn.net/viewtopic.php?f=36&t=25598
is still not solved.
Change History (22)
comment:1 Changed 7 years ago by
Owner: | set to Antonio Quartulli |
---|---|
Status: | new → assigned |
comment:2 Changed 7 years ago by
Here you go:
2018-01-17 08:30:43 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32 2018-01-17 08:30:43 Frame=512/2048/512 mssfix-ctrl=1250 2018-01-17 08:30:43 UNUSED OPTIONS 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 12 [verb] [4] 13 [mute] [20] 2018-01-17 08:30:43 EVENT: RESOLVE 2018-01-17 08:30:43 Contacting [x.x.x.x]:1724/TCP via TCP 2018-01-17 08:30:43 EVENT: WAIT 2018-01-17 08:30:43 Connecting to [x.myfritz.net]:1724 (91.14.239.55) via TCPv4 2018-01-17 08:30:43 EVENT: CONNECTING 2018-01-17 08:30:43 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client 2018-01-17 08:30:43 Creds: UsernameEmpty/PasswordEmpty 2018-01-17 08:30:43 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO=1 IV_AUTO_SESS=1 2018-01-17 08:30:45 VERIFY OK : depth=1 cert. version : 3 serial number : FE:1D:6D:D1:E7:E4:C5:CF issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=x GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:20 expires on : 2027-11-27 10:42:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true 2018-01-17 08:30:45 VERIFY OK : depth=0 cert. version : 3 serial number : 01 issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=server, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:26 expires on : 2027-11-27 10:42:26 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server cert. type : SSL Server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-17 08:30:47 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA 2018-01-17 08:30:47 Session is ACTIVE 2018-01-17 08:30:47 EVENT: GET_CONFIG 2018-01-17 08:30:47 Sending PUSH_REQUEST to server... 2018-01-17 08:30:47 OPTIONS: 0 [route-gateway] [10.8.0.1] 1 [topology] [subnet] 2 [ping] [10] 3 [ping-restart] [90] 4 [ifconfig] [10.8.0.2] [255.255.255.0] 2018-01-17 08:30:47 PROTOCOL OPTIONS: cipher: AES-256-CBC digest: SHA1 compress: LZO peer ID: -1 2018-01-17 08:30:47 EVENT: ASSIGN_IP 2018-01-17 08:30:47 NIP: preparing TUN network settings 2018-01-17 08:30:47 NIP: init TUN network settings with endpoint: x.x.x.x 2018-01-17 08:30:47 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0 2018-01-17 08:30:47 Connected via NetworkExtensionTUN 2018-01-17 08:30:47 LZO-ASYM init swap=0 asym=0 2018-01-17 08:30:47 EVENT: CONNECTED @x.myfritz.net:1724 (x.x.x.x) via /TCPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
comment:3 Changed 7 years ago by
2018-01-17 08:30:47 OPTIONS: 0 [route-gateway] [10.8.0.1] 1 [topology] [subnet] 2 [ping] [10] 3 [ping-restart] [90] 4 [ifconfig] [10.8.0.2] [255.255.255.0]
There is no gateway being set in your config. How are you pushing the DNS setting?
comment:4 follow-up: 5 Changed 7 years ago by
Well, you are right there should be the local gateway address like 192.168.1.1 instead of the VPN-Server 10.8.0.1, right? (Please bear in mind that I'm not a professional). However this is the log file from 1.1.1 and it worked just fine with the same option.
2018-01-09 15:29:23 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios armv7a thumb2 32-bit built on Dec 5 2016 12:50:25 2018-01-09 15:29:23 Frame=512/2048/512 mssfix-ctrl=1250 2018-01-09 15:29:23 UNUSED OPTIONS 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 12 [verb] [4] 13 [mute] [20] 2018-01-09 15:29:23 EVENT: RESOLVE 2018-01-09 15:29:23 Contacting x.x.x.x:1724 via TCP 2018-01-09 15:29:23 EVENT: WAIT 2018-01-09 15:29:23 SetTunnelSocket returned 1 2018-01-09 15:29:23 Connecting to [x.myfritz.net]:1724 (x.x.x.x) via TCPv4 2018-01-09 15:29:23 EVENT: CONNECTING 2018-01-09 15:29:23 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client 2018-01-09 15:29:23 Creds: UsernameEmpty/PasswordEmpty 2018-01-09 15:29:23 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO=1 IV_AUTO_SESS=1 2018-01-09 15:29:23 NET Internet:ReachableViaWiFi/-R t------ 2018-01-09 15:29:25 VERIFY OK: depth=1 cert. version : 3 serial number : FE:1D:6D:D1:E7:E4:C5:CF issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:20 expires on : 2027-11-27 10:42:20 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true 2018-01-09 15:29:25 VERIFY OK: depth=0 cert. version : 3 serial number : 01 issuer name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=BAB TECHNOLOGIE GmbH CA, ??=EasyRSA, emailAddress=info@bab-tec.de subject name : C=DE, ST=NRW, L=Dortmund, O=BAB TECHNOLOGIE GmbH, OU=BAB TECHNOLOGIE Signing CA, CN=server, ??=EasyRSA, emailAddress=info@bab-tec.de issued on : 2017-11-29 10:42:26 expires on : 2027-11-27 10:42:26 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false subject alt name : server cert. type : SSL Server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-01-09 15:29:27 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA 2018-01-09 15:29:27 Session is ACTIVE 2018-01-09 15:29:27 EVENT: GET_CONFIG 2018-01-09 15:29:27 Sending PUSH_REQUEST to server... 2018-01-09 15:29:27 OPTIONS: 0 [route-gateway] [10.8.0.1] 1 [topology] [subnet] 2 [ping] [10] 3 [ping-restart] [90] 4 [ifconfig] [10.8.0.2] [255.255.255.0] 2018-01-09 15:29:27 PROTOCOL OPTIONS: cipher: AES-256-CBC digest: SHA1 compress: LZO peer ID: -1 2018-01-09 15:29:27 EVENT: ASSIGN_IP 2018-01-09 15:29:27 Connected via tun 2018-01-09 15:29:27 LZO-ASYM init swap=0 asym=0 2018-01-09 15:29:27 EVENT: CONNECTED @x.myfritz.net:1724 (x.x.x.x) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/] 2018-01-09 15:29:27 SetStatus Connected
comment:5 Changed 7 years ago by
Replying to nodefeet:
Well, you are right there should be the local gateway address like 192.168.1.1 instead of the VPN-Server 10.8.0.1, right? (Please bear in mind that I'm not a professional). However this is the log file from 1.1.1 and it worked just fine with the same option.
No, the route-gateway is correct as it is (unless you know what you are doing and want to change it, but this is not normally the case).
This said, the "issue" you have is not clear to me.
Could you please explain what does not work exactly?
What is the behaviour you see and what would you expect?
I am asking because, given your configuration, this issue is different from what was reported in the forum: in this case there is no DNS setting to apply, but probably you want to refer to something else.
comment:6 follow-up: 7 Changed 7 years ago by
Hello,
i have the same Problem in Version 1.2.6 too.
my log:
2018-01-17 09:35:10 EVENT: RESOLVE
2018-01-17 09:35:11 Contacting [XXX]:1199/UDP via UDP
2018-01-17 09:35:11 EVENT: WAIT
2018-01-17 09:35:11 Connecting to [XXX]:1199 (XX) via UDPv4
2018-01-17 09:35:11 EVENT: CONNECTING
2018-01-17 09:35:11 Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client
2018-01-17 09:35:11 Creds: Username/Password?
2018-01-17 09:35:11 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
2018-01-17 09:35:11 VERIFY OK : depth=1
cert. version : 3
serial number : 00
issuer name : XXX
subject name : XXX
issued on : 2018-01-01 00:00:00
expires on : 2037-12-31 23:59:59
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2018-01-17 09:35:11 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : XXX
subject name : XXX
issued on : 2018-01-01 00:00:00
expires on : 2037-12-31 23:59:59
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
ext key usage : TLS Web Server Authentication
2018-01-17 09:35:11 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-17 09:35:11 Session is ACTIVE
2018-01-17 09:35:11 EVENT: GET_CONFIG
2018-01-17 09:35:11 Sending PUSH_REQUEST to server...
2018-01-17 09:35:11 OPTIONS:
0 [dhcp-option] [DOMAIN] [XXX.local]
1 [route] [XXX] [255.255.248.0]
2 [route] [XXX] [255.255.252.0]
3 [dhcp-option] [DNS] [XXX]
4 [dhcp-option] [DNS] [XXX]
5 [route-gateway] [192.168.16.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [192.168.16.2] [255.255.255.0]
2018-01-17 09:35:11 PROTOCOL OPTIONS:
cipher: AES-128-CBC
digest: SHA256
compress: NONE
peer ID: -1
2018-01-17 09:35:11 EVENT: ASSIGN_IP
2018-01-17 09:35:11 NIP: preparing TUN network settings
2018-01-17 09:35:11 NIP: init TUN network settings with endpoint: XXX
2018-01-17 09:35:11 NIP: adding IPv4 address to network settings 192.168.16.2/255.255.255.0
2018-01-17 09:35:11 NIP: adding (included) IPv4 route XXX
2018-01-17 09:35:11 NIP: adding (included) IPv4 route XXX
2018-01-17 09:35:11 NIP: adding match domain XXX.local
2018-01-17 09:35:11 NIP: no DNS provided. Ignoring match domain
2018-01-17 09:35:11 NIP: adding DNS XXX
2018-01-17 09:35:11 NIP: adding DNS XXX
2018-01-17 09:35:11 NIP: setting MTU to 1500
2018-01-17 09:35:11 NIP: adding DNS specific routes:
2018-01-17 09:35:11 NIP: adding (included) IPv4 route XXX/32
2018-01-17 09:35:11 NIP: adding (included) IPv4 route XXX/32
2018-01-17 09:35:11 Connected via NetworkExtensionTUN
2018-01-17 09:35:11 EVENT: CONNECTED XXX:1199 (XXX) via /UDPv4 on NetworkExtensionTUN/192.168.16.2/ gw=/
comment:7 follow-ups: 9 13 Changed 7 years ago by
Replying to matthiasue:
Hello,
i have the same Problem in Version 1.2.6 too.
What hostnames are you trying to resolve exactly?
As a test, could you please edit the config file and move the DOMAIN directive *after* the DNS ones please? (not sure if these options are pushed by the server or not, but wherever they are configured, please try changing the order)
comment:8 follow-up: 10 Changed 7 years ago by
The issue from:
https://forums.openvpn.net/viewtopic.php?f=36&t=25598
is still not solved.
I am asking because, given your configuration, this issue is different from what was reported in the forum: in this case there is no DNS setting to apply, but probably you want to refer to something else.
Ok sorry I thought it is this issue because the workaround of adding „redirect-gateway def1“ to the client file is working for me as well.
Without this workaround the OpenVPN-App says it is connected (although the last “SetStatus? Connected” line form the previous version is missing in the log) but I still cannot ping the VPN-Server.
I would guess it has something to do with the empty
gw=[/]
part in the last line of version 1.2.5 and 1.2.6
comment:9 follow-up: 11 Changed 7 years ago by
i try to resolve internal hosts like server.domain.local
i can try to change the order, but this information are pushed by my firewall.
Replying to ordex:
Replying to matthiasue:
Hello,
i have the same Problem in Version 1.2.6 too.
What hostnames are you trying to resolve exactly?
As a test, could you please edit the config file and move the DOMAIN directive *after* the DNS ones please? (not sure if these options are pushed by the server or not, but wherever they are configured, please try changing the order)
comment:10 Changed 7 years ago by
Replying to nodefeet:
The issue from:
https://forums.openvpn.net/viewtopic.php?f=36&t=25598
is still not solved.
I am asking because, given your configuration, this issue is different from what was reported in the forum: in this case there is no DNS setting to apply, but probably you want to refer to something else.
Ok sorry I thought it is this issue because the workaround of adding „redirect-gateway def1“ to the client file is working for me as well.
Without this workaround the OpenVPN-App says it is connected (although the last “SetStatus? Connected” line form the previous version is missing in the log) but I still cannot ping the VPN-Server.
I would guess it has something to do with the empty
gw=[/]part in the last line of version 1.2.5 and 1.2.6
Same medicine doesn't imply same sickness :-)
However, could you please open another ticket and report exactly what you wrote in your last reply? You already managed to isolate interesting details.
Thanks!
Here we will continue tracking issues related to the DNS option.
comment:11 Changed 7 years ago by
Replying to matthiasue:
i try to resolve internal hosts like server.domain.local
i can try to change the order, but this information are pushed by my firewall.
Yeah, testing that would be helpful, thanks
comment:12 Changed 7 years ago by
The same problem as version 1.2.5. I have a Pfsense 2.4.1 with Openvpn 2.4.4 and Openvpn-client-export-2.4.4
OpenVpn? correctly connects but does not apply DNS settings. If you enter our portal by IP address there are no problems but if I try to enter by DNS does not work. I'm using Safari.
I do not know if I have to make any changes to the configuration of my server, but everything worked correctly before the update to 1.2.5.
Uninstall the previous version and install a new clean OpenVpn? (1.2.6) but it does not work, I do not assign the DNS.
if they need any other information or that they perform some test, they let me know and we do it.
I have a a Internal DNS with Windows Server and our Server Portal is a Apache Web.
This is an example of a ovpn client file:
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA1
tls-client
client
remote 111.111.111.111 1194 udp
verify-x509-name "openvpn-server" name
auth-user-pass
remote-cert-tls server
comp-lzo adaptive
then comes the configuration of CERTIFICATE, PRIVATE KEY and OpenVPN Static key...
This is the log of one ios phone.
2018-01-17 10:37:06 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan 14 2018 14:23:32
2018-01-17 10:37:06 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-17 10:37:06 UNUSED OPTIONS
0 [persist-tun]
1 [persist-key]
3 [ncp-ciphers] [AES-256-GCM:AES-128-GCM]
5 [tls-client]
8 [verify-x509-name] [openvpn-server] [name]
2018-01-17 10:37:06 EVENT: RESOLVE
2018-01-17 10:37:06 Contacting [111.111.111.111]:1194/UDP via UDP
2018-01-17 10:37:06 EVENT: WAIT
2018-01-17 10:37:06 Connecting to [111.111.111.111]:1194 (111.111.111.111) via UDPv4
2018-01-17 10:37:06 EVENT: CONNECTING
2018-01-17 10:37:06 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2018-01-17 10:37:06 Creds: Username/Password?
2018-01-17 10:37:06 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.6-4
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
2018-01-17 10:37:06 VERIFY OK : depth=1
cert. version : 3
serial number : 00
issuer name : C=UY, ST=Mdeo, L=Montevideo, O=Pulso, emailAddress=soporte@…, CN=internal-ca
subject name : C=UY, ST=Mdeo, L=Montevideo, O=Pulso, emailAddress=soporte@…, CN=internal-ca
issued on : 2017-11-03 01:53:31
expires on : 2027-11-01 01:53:31
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2018-01-17 10:37:06 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=UY, ST=Mdeo, L=Montevideo, O=Pulso, emailAddress=soporte@…, CN=internal-ca
subject name : C=UY, ST=Mdeo, L=Montevideo, O=Pulso, emailAddress=soporte@…, CN=openvpn-server
issued on : 2017-11-03 01:57:16
expires on : 2027-11-01 01:57:16
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : openvpn-server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, ???
2018-01-17 10:37:07 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-17 10:37:07 Session is ACTIVE
2018-01-17 10:37:07 EVENT: GET_CONFIG
2018-01-17 10:37:07 Sending PUSH_REQUEST to server...
2018-01-17 10:37:07 OPTIONS:
0 [route] [192.168.150.0] [255.255.255.0]
1 [dhcp-option] [DOMAIN] [portovenus.local]
2 [dhcp-option] [DNS] [192.168.150.2]
3 [route-gateway] [192.168.2.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [60]
7 [ifconfig] [192.168.2.4] [255.255.255.0]
8 [peer-id] [3]
9 [cipher] [AES-256-GCM]
2018-01-17 10:37:07 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: LZO
peer ID: 3
2018-01-17 10:37:07 EVENT: ASSIGN_IP
2018-01-17 10:37:07 NIP: preparing TUN network settings
2018-01-17 10:37:07 NIP: init TUN network settings with endpoint: 111.111.111.111
2018-01-17 10:37:07 NIP: adding IPv4 address to network settings 192.168.2.4/255.255.255.0
2018-01-17 10:37:07 NIP: adding (included) IPv4 route 192.168.150.0/24
2018-01-17 10:37:07 NIP: adding match domain portovenus.local
2018-01-17 10:37:07 NIP: no DNS provided. Ignoring match domain
2018-01-17 10:37:07 NIP: adding DNS 192.168.150.2
2018-01-17 10:37:07 NIP: adding DNS specific routes:
2018-01-17 10:37:07 NIP: adding (included) IPv4 route 192.168.150.2/32
2018-01-17 10:37:07 Connected via NetworkExtensionTUN
2018-01-17 10:37:07 LZO-ASYM init swap=0 asym=0
2018-01-17 10:37:07 EVENT: CONNECTED igutierrez@111.111.111.111:1194 (111.111.111.111) via /UDPv4 on NetworkExtensionTUN/192.168.2.4/ gw=/
comment:13 follow-up: 14 Changed 7 years ago by
Replying to ordex:
Replying to matthiasue:
Hello,
i have the same Problem in Version 1.2.6 too.
What hostnames are you trying to resolve exactly?
As a test, could you please edit the config file and move the DOMAIN directive *after* the DNS ones please? (not sure if these options are pushed by the server or not, but wherever they are configured, please try changing the order)
Hi!
I tried it and then it works. Order does matter.
This is config generated by pfsense, search domain is above DNS and hence DOMAIN is being omitted...
comment:14 Changed 7 years ago by
Replying to gregecslo:
Replying to ordex:
Replying to matthiasue:
Hello,
i have the same Problem in Version 1.2.6 too.
What hostnames are you trying to resolve exactly?
As a test, could you please edit the config file and move the DOMAIN directive *after* the DNS ones please? (not sure if these options are pushed by the server or not, but wherever they are configured, please try changing the order)
Hi!
I tried it and then it works. Order does matter.
This is config generated by pfsense, search domain is above DNS and hence DOMAIN is being omitted...
HI!!
It has not worked for me!
I have modified the openvpn configuration file but it does not resolve the DNS.
From the pfsense website, the order of the fields is:
Default domain DNS: portovenus.local
DNS server 1: 192.168.150.2
The problem that I see is that when making any modification from the pfsense web, it will modify the configuration file and invert the order of the fields again.
I sent them the modified configuration file where I inverted the DNS and DOMAIN fields.
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 111.111.111.111
tls-server
server 192.168.2.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'openvpn-server' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.150.0 255.255.255.0"
push "dhcp-option DNS 192.168.150.2"
push "dhcp-option DOMAIN portovenus.local"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
topology subnet
comment:15 follow-up: 19 Changed 7 years ago by
I Confirm that changing order the config directives are pushed fixes this. DNS first, then DOMAIN results in dns working properly again.
I am using pfsense as the OpenVPN host. As a workaround to the pfsense gui options resulting in the incorrect order and the misconfig, I did the following to resolve it:
- Uncheck the “provide a default domain name to clients” option on the OpenVPN server options page on pfsense.
- Add a custom config directive in the advanced section that does the same thing e.g.
push "dhcp-option DOMAIN foo.bar"
After doing these 2 steps, pfsense sends the 2 directives in the right order and everything works.
comment:16 Changed 7 years ago by
Status: | assigned → accepted |
---|
Thanks for testing this.
This should be fixed in the app as well, but it's good to have a workaround in the meantime.
comment:17 Changed 7 years ago by
hello, i change the ordner in my firewall and now the DNS is working
comment:18 Changed 7 years ago by
A fix will be available in the next release, thanks for the information
comment:20 Changed 7 years ago by
v1.2.7 is being rolled out to the various AppStore? as we speak. Please test it once you have a chance to upgrade and update this ticket accordingly, if possible. Thanks!
comment:22 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Great! thanks for the update!
I am closing this ticket.
Could you please post the connection log?
Thanks