openvpn-gui
openvpn-gui copied to clipboard
OpenVPN
Use openvpn-gui cause DNS failed, but official OpenVPN connect work, same config file
I use a same configuration file but 2 different software to connect to my company VPN server. After use openvpn-gui connnecting success, I can not connect to my company website through DNS, but connecting through openvpn client, everything work well. Is there any possibilities that same config connecting through 2 different software cause different behavior?
Not sure the route error log related to this or not...
Tried run with administrator but still not working.
==============updated===============
2022-03-09 23:31:26 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-03-09 23:31:26 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-03-09 23:31:26 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-03-09 23:31:26 Windows version 10.0 (Windows 10 or greater) 64bit
2022-03-09 23:31:26 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-03-09 23:31:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-03-09 23:31:26 Need hold release from management interface, waiting...
2022-03-09 23:31:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-03-09 23:31:27 MANAGEMENT: CMD 'state on'
2022-03-09 23:31:27 MANAGEMENT: CMD 'log all on'
2022-03-09 23:31:27 MANAGEMENT: CMD 'echo all on'
2022-03-09 23:31:27 MANAGEMENT: CMD 'bytecount 5'
2022-03-09 23:31:27 MANAGEMENT: CMD 'hold off'
2022-03-09 23:31:27 MANAGEMENT: CMD 'hold release'
2022-03-09 23:31:27 MANAGEMENT: >STATE:1646839887,RESOLVE,,,,,,
2022-03-09 23:31:27 TCP/UDP: Preserving recently used remote address: [AF_INET]61.219.243.246:2194
2022-03-09 23:31:27 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-09 23:31:27 UDP link local: (not bound)
2022-03-09 23:31:27 UDP link remote: [AF_INET]61.219.243.246:2194
2022-03-09 23:31:27 MANAGEMENT: >STATE:1646839887,WAIT,,,,,,
2022-03-09 23:31:27 MANAGEMENT: >STATE:1646839887,AUTH,,,,,,
2022-03-09 23:31:27 TLS: Initial packet from [AF_INET]61.219.243.246:2194, sid=29f517a3 40e8d73e
2022-03-09 23:31:27 VERIFY OK: depth=1, C=TW, ST=Taiwan, L=Taipei, O=KCompany Research, OU=HPC, CN=gateway, [email protected]
2022-03-09 23:31:27 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_e7hcC8JQJoCbtj1, [email protected]
2022-03-09 23:31:27 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_e7hcC8JQJoCbtj1, [email protected]
2022-03-09 23:31:27 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256
2022-03-09 23:31:27 [Appliance_Certificate_e7hcC8JQJoCbtj1] Peer Connection Initiated with [AF_INET]61.219.243.246:2194
2022-03-09 23:31:28 MANAGEMENT: >STATE:1646839888,GET_CONFIG,,,,,,
2022-03-09 23:31:28 SENT CONTROL [Appliance_Certificate_e7hcC8JQJoCbtj1]: 'PUSH_REQUEST' (status=1)
2022-03-09 23:31:33 SENT CONTROL [Appliance_Certificate_e7hcC8JQJoCbtj1]: 'PUSH_REQUEST' (status=1)
2022-03-09 23:31:33 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,redirect-gateway def1,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,dhcp-option DNS 172.29.20.10,dhcp-option DNS 172.29.20.11,dhcp-option DOMAIN KCompanytoken.com,ifconfig 10.81.234.11 255.255.255.0'
2022-03-09 23:31:33 OPTIONS IMPORT: timers and/or timeouts modified
2022-03-09 23:31:33 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-03-09 23:31:33 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-09 23:31:33 OPTIONS IMPORT: --ifconfig/up options modified
2022-03-09 23:31:33 OPTIONS IMPORT: route options modified
2022-03-09 23:31:33 OPTIONS IMPORT: route-related options modified
2022-03-09 23:31:33 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-03-09 23:31:33 Using peer cipher 'AES-128-CBC'
2022-03-09 23:31:33 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2022-03-09 23:31:33 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-09 23:31:33 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2022-03-09 23:31:33 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-09 23:31:33 interactive service msg_channel=720
2022-03-09 23:31:33 open_tun
2022-03-09 23:31:33 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-03-09 23:31:33 TAP-Windows Driver Version 9.24
2022-03-09 23:31:33 Set TAP-Windows TUN subnet mode network/local/netmask = 10.81.234.0/10.81.234.11/255.255.255.0 [SUCCEEDED]
2022-03-09 23:31:33 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.234.11/255.255.255.0 on interface {D8ABF47F-D864-42CE-8483-F1F95F2D511E} [DHCP-serv: 10.81.234.0, lease-time: 31536000]
2022-03-09 23:31:33 Successful ARP Flush on interface [15] {D8ABF47F-D864-42CE-8483-F1F95F2D511E}
2022-03-09 23:31:33 MANAGEMENT: >STATE:1646839893,ASSIGN_IP,,10.81.234.11,,,,
2022-03-09 23:31:33 IPv4 MTU set to 1500 on interface 15 using service
2022-03-09 23:31:37 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
2022-03-09 23:31:37 C:\WINDOWS\system32\route.exe ADD 61.219.243.246 MASK 255.255.255.255 192.168.50.1
2022-03-09 23:31:37 Route addition via service succeeded
2022-03-09 23:31:37 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.81.234.5
2022-03-09 23:31:37 Route addition via service succeeded
2022-03-09 23:31:37 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.81.234.5
2022-03-09 23:31:37 Route addition via service succeeded
2022-03-09 23:31:37 MANAGEMENT: >STATE:1646839897,ADD_ROUTES,,,,,,
2022-03-09 23:31:37 C:\WINDOWS\system32\route.exe ADD 61.219.243.246 MASK 255.255.255.255 192.168.50.1
2022-03-09 23:31:37 ROUTE: route addition failed using service: 物件已經存在。 [status=5010 if_index=13]
2022-03-09 23:31:37 Route addition via service failed
2022-03-09 23:31:37 C:\WINDOWS\system32\route.exe ADD 61.219.243.246 MASK 255.255.255.255 192.168.50.1
2022-03-09 23:31:37 ROUTE: route addition failed using service: 物件已經存在。 [status=5010 if_index=13]
2022-03-09 23:31:37 Route addition via service failed
2022-03-09 23:31:37 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-03-09 23:31:37 Initialization Sequence Completed
2022-03-09 23:31:37 MANAGEMENT: >STATE:1646839897,CONNECTED,SUCCESS,10.81.234.11,61.219.243.246,2194,,
Just curios is this related to the "DNS Fallback" check box on OpenVpn Connect?
I not an expert but this is the major different of DNS setting I can find between these two software...
Having the log from the openvpn client that shows a working connection as comparison would be a good first step
The route addition error in logs is harmless -- its caused by route remote_host 255.255.255.255 pushed by the server which is redundant as redirect-gateway def1 implies it. The error is due to trying to add the same route twice.
There is no DNS fallback option in OpenVPN- GUI, but your server is pushing DNS server addresses so DNS should get set, and work if those pushed DNS servers are active. Could you post the output of ipconfig /all after connection established for both connect and OpenVPN-GUI? A comparison of the two would show any difference in DNS servers set.
The route addition error in logs is harmless -- its caused by
route remote_host 255.255.255.255pushed by the server which is redundant as redirect-gateway def1 implies it. The error is due to trying to add the same route twice.There is no DNS fallback option in OpenVPN- GUI, but your server is pushing DNS server addresses so DNS should get set, and work if those pushed DNS servers are active. Could you post the output of
ipconfig /allafter connection established for both connect and OpenVPN-GUI? A comparison of the two would show any difference in DNS servers set.
Thanks for pointing out the key part for debug, I print the ipconfig content under two different type of connection, they have quite some different:
Both Host Name is my Windows PC name, they are the same
For DNS worked connection
For DNS NOT worked connection
There is an additional row DNS suffic search list: mycompanydomain.com
And lack of 8 rows after Autoconfiguration Enable row like the picture above(The working one)
Problem with the second output is not the missing DNS server -- its taken when the VPN is not connected using this adapter. Unless you are using a different adapter with Windows GUI. Please connect to VPN and then generate the output of ipconfig /all and show all relevant adapters.
Sorry for any inconvenience caused, the following is the full ipconfig output of DNS NOT worked connection
So, with OpenVPN-GUI, the adapter to look at is "TAP-Windows Adapter V9" which has 10.81.243.11 as IP address and 172.29.20.10 as DNS server. The only difference with using Connect is that the latter has set one more DNS server address (172.29.20.11). Both of those DNS addresses are pushed by the server, so I do not see why the former gets only one of them set.
That said, if 172.29.20.10 is a valid DNS server, your connection using OpenVPN-GUI should not have any DNS issues. Check with your VPN server administrator.
Further, if you run with verb = 4 (add or change "verb 4" in the client config file), logs will show dhcp option string in hex which would allow us to check whether the two dns addresses are being passed to the tap driver.
Just update verb to 4 and get the full log, but can not find any line related to DNS server address.. Will check with the administrator, thanks for the help again
2022-03-14 09:01:31 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-03-14 09:01:31 us=156000 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-03-14 09:01:31 us=156000 Current Parameter Settings:
2022-03-14 09:01:31 us=156000 config = 'jimchen__ssl_vpn_config.ovpn'
2022-03-14 09:01:31 us=156000 mode = 0
2022-03-14 09:01:31 us=156000 show_ciphers = DISABLED
2022-03-14 09:01:31 us=156000 show_digests = DISABLED
2022-03-14 09:01:31 us=156000 show_engines = DISABLED
2022-03-14 09:01:31 us=156000 genkey = DISABLED
2022-03-14 09:01:31 us=156000 genkey_filename = '[UNDEF]'
2022-03-14 09:01:31 us=156000 key_pass_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 show_tls_ciphers = DISABLED
2022-03-14 09:01:31 us=156000 connect_retry_max = 0
2022-03-14 09:01:31 us=156000 Connection profiles [0]:
2022-03-14 09:01:31 us=156000 proto = udp
2022-03-14 09:01:31 us=156000 local = '[UNDEF]'
2022-03-14 09:01:31 us=156000 local_port = '[UNDEF]'
2022-03-14 09:01:31 us=156000 remote = 'remote.KCompanyresearch.com'
2022-03-14 09:01:31 us=156000 remote_port = '2194'
2022-03-14 09:01:31 us=156000 remote_float = DISABLED
2022-03-14 09:01:31 us=156000 bind_defined = DISABLED
2022-03-14 09:01:31 us=156000 bind_local = DISABLED
2022-03-14 09:01:31 us=156000 bind_ipv6_only = DISABLED
2022-03-14 09:01:31 us=156000 connect_retry_seconds = 5
2022-03-14 09:01:31 us=156000 connect_timeout = 120
2022-03-14 09:01:31 us=156000 socks_proxy_server = '[UNDEF]'
2022-03-14 09:01:31 us=156000 socks_proxy_port = '[UNDEF]'
2022-03-14 09:01:31 us=156000 tun_mtu = 1500
2022-03-14 09:01:31 us=156000 tun_mtu_defined = ENABLED
2022-03-14 09:01:31 us=156000 link_mtu = 1500
2022-03-14 09:01:31 us=156000 link_mtu_defined = DISABLED
2022-03-14 09:01:31 us=156000 tun_mtu_extra = 0
2022-03-14 09:01:31 us=156000 tun_mtu_extra_defined = DISABLED
2022-03-14 09:01:31 us=156000 mtu_discover_type = -1
2022-03-14 09:01:31 us=156000 fragment = 0
2022-03-14 09:01:31 us=156000 mssfix = 1450
2022-03-14 09:01:31 us=156000 explicit_exit_notification = 1
2022-03-14 09:01:31 us=156000 tls_auth_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 key_direction = not set
2022-03-14 09:01:31 us=156000 tls_crypt_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 tls_crypt_v2_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 Connection profiles END
2022-03-14 09:01:31 us=156000 remote_random = DISABLED
2022-03-14 09:01:31 us=156000 ipchange = '[UNDEF]'
2022-03-14 09:01:31 us=156000 dev = 'tun'
2022-03-14 09:01:31 us=156000 dev_type = '[UNDEF]'
2022-03-14 09:01:31 us=156000 dev_node = '[UNDEF]'
2022-03-14 09:01:31 us=156000 lladdr = '[UNDEF]'
2022-03-14 09:01:31 us=156000 topology = 1
2022-03-14 09:01:31 us=156000 ifconfig_local = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ifconfig_remote_netmask = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ifconfig_noexec = DISABLED
2022-03-14 09:01:31 us=156000 ifconfig_nowarn = DISABLED
2022-03-14 09:01:31 us=156000 ifconfig_ipv6_local = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ifconfig_ipv6_netbits = 0
2022-03-14 09:01:31 us=156000 ifconfig_ipv6_remote = '[UNDEF]'
2022-03-14 09:01:31 us=156000 shaper = 0
2022-03-14 09:01:31 us=156000 mtu_test = 0
2022-03-14 09:01:31 us=156000 mlock = DISABLED
2022-03-14 09:01:31 us=156000 keepalive_ping = 0
2022-03-14 09:01:31 us=156000 keepalive_timeout = 0
2022-03-14 09:01:31 us=156000 inactivity_timeout = 0
2022-03-14 09:01:31 us=156000 ping_send_timeout = 0
2022-03-14 09:01:31 us=156000 ping_rec_timeout = 0
2022-03-14 09:01:31 us=156000 ping_rec_timeout_action = 0
2022-03-14 09:01:31 us=156000 ping_timer_remote = DISABLED
2022-03-14 09:01:31 us=156000 remap_sigusr1 = 0
2022-03-14 09:01:31 us=156000 persist_tun = ENABLED
2022-03-14 09:01:31 us=156000 persist_local_ip = DISABLED
2022-03-14 09:01:31 us=156000 persist_remote_ip = DISABLED
2022-03-14 09:01:31 us=156000 persist_key = ENABLED
2022-03-14 09:01:31 us=156000 passtos = DISABLED
2022-03-14 09:01:31 us=156000 resolve_retry_seconds = 1000000000
2022-03-14 09:01:31 us=156000 resolve_in_advance = DISABLED
2022-03-14 09:01:31 us=156000 username = '[UNDEF]'
2022-03-14 09:01:31 us=156000 groupname = '[UNDEF]'
2022-03-14 09:01:31 us=156000 chroot_dir = '[UNDEF]'
2022-03-14 09:01:31 us=156000 cd_dir = '[UNDEF]'
2022-03-14 09:01:31 us=156000 writepid = '[UNDEF]'
2022-03-14 09:01:31 us=156000 up_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 down_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 down_pre = DISABLED
2022-03-14 09:01:31 us=156000 up_restart = DISABLED
2022-03-14 09:01:31 us=156000 up_delay = DISABLED
2022-03-14 09:01:31 us=156000 daemon = DISABLED
2022-03-14 09:01:31 us=156000 inetd = 0
2022-03-14 09:01:31 us=156000 log = ENABLED
2022-03-14 09:01:31 us=156000 suppress_timestamps = DISABLED
2022-03-14 09:01:31 us=156000 machine_readable_output = DISABLED
2022-03-14 09:01:31 us=156000 nice = 0
2022-03-14 09:01:31 us=156000 verbosity = 4
2022-03-14 09:01:31 us=156000 mute = 0
2022-03-14 09:01:31 us=156000 status_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 status_file_version = 1
2022-03-14 09:01:31 us=156000 status_file_update_freq = 60
2022-03-14 09:01:31 us=156000 occ = ENABLED
2022-03-14 09:01:31 us=156000 rcvbuf = 0
2022-03-14 09:01:31 us=156000 sndbuf = 0
2022-03-14 09:01:31 us=156000 sockflags = 0
2022-03-14 09:01:31 us=156000 fast_io = DISABLED
2022-03-14 09:01:31 us=156000 comp.alg = 2
2022-03-14 09:01:31 us=156000 comp.flags = 0
2022-03-14 09:01:31 us=156000 route_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 route_default_gateway = '[UNDEF]'
2022-03-14 09:01:31 us=156000 route_default_metric = 0
2022-03-14 09:01:31 us=156000 route_noexec = DISABLED
2022-03-14 09:01:31 us=156000 route_delay = 4
2022-03-14 09:01:31 us=156000 route_delay_window = 30
2022-03-14 09:01:31 us=156000 route_delay_defined = ENABLED
2022-03-14 09:01:31 us=156000 route_nopull = DISABLED
2022-03-14 09:01:31 us=156000 route_gateway_via_dhcp = DISABLED
2022-03-14 09:01:31 us=156000 allow_pull_fqdn = DISABLED
2022-03-14 09:01:31 us=156000 Pull filters:
2022-03-14 09:01:31 us=156000 ignore "dhcp-option DNS"
2022-03-14 09:01:31 us=156000 ignore "route-method"
2022-03-14 09:01:31 us=156000 route remote_host/255.255.255.255/net_gateway/default (not set)
2022-03-14 09:01:31 us=156000 management_addr = '127.0.0.1'
2022-03-14 09:01:31 us=156000 management_port = '25340'
2022-03-14 09:01:31 us=156000 management_user_pass = 'stdin'
2022-03-14 09:01:31 us=156000 management_log_history_cache = 250
2022-03-14 09:01:31 us=156000 management_echo_buffer_size = 100
2022-03-14 09:01:31 us=156000 management_write_peer_info_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 management_client_user = '[UNDEF]'
2022-03-14 09:01:31 us=156000 management_client_group = '[UNDEF]'
2022-03-14 09:01:31 us=156000 management_flags = 16390
2022-03-14 09:01:31 us=156000 shared_secret_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 key_direction = not set
2022-03-14 09:01:31 us=156000 ciphername = 'AES-128-CBC'
2022-03-14 09:01:31 us=156000 ncp_enabled = ENABLED
2022-03-14 09:01:31 us=156000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-128-CBC'
2022-03-14 09:01:31 us=156000 authname = 'SHA256'
2022-03-14 09:01:31 us=156000 prng_hash = 'SHA1'
2022-03-14 09:01:31 us=156000 prng_nonce_secret_len = 16
2022-03-14 09:01:31 us=156000 keysize = 0
2022-03-14 09:01:31 us=156000 engine = DISABLED
2022-03-14 09:01:31 us=156000 replay = ENABLED
2022-03-14 09:01:31 us=156000 mute_replay_warnings = DISABLED
2022-03-14 09:01:31 us=156000 replay_window = 64
2022-03-14 09:01:31 us=156000 replay_time = 15
2022-03-14 09:01:31 us=156000 packet_id_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 test_crypto = DISABLED
2022-03-14 09:01:31 us=156000 tls_server = DISABLED
2022-03-14 09:01:31 us=156000 tls_client = ENABLED
2022-03-14 09:01:31 us=156000 ca_file = '[INLINE]'
2022-03-14 09:01:31 us=156000 ca_path = '[UNDEF]'
2022-03-14 09:01:31 us=156000 dh_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 cert_file = '[INLINE]'
2022-03-14 09:01:31 us=156000 extra_certs_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 priv_key_file = '[INLINE]'
2022-03-14 09:01:31 us=156000 pkcs12_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 cryptoapi_cert = '[UNDEF]'
2022-03-14 09:01:31 us=156000 cipher_list = '[UNDEF]'
2022-03-14 09:01:31 us=156000 cipher_list_tls13 = '[UNDEF]'
2022-03-14 09:01:31 us=156000 tls_cert_profile = '[UNDEF]'
2022-03-14 09:01:31 us=156000 tls_verify = '[UNDEF]'
2022-03-14 09:01:31 us=156000 tls_export_cert = '[UNDEF]'
2022-03-14 09:01:31 us=156000 verify_x509_type = 1
2022-03-14 09:01:31 us=156000 verify_x509_name = 'C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_e7hcC8JQJoCbtj1, [email protected]'
2022-03-14 09:01:31 us=156000 crl_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ns_cert_type = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_ku[i] = 0
2022-03-14 09:01:31 us=156000 remote_cert_eku = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ssl_flags = 0
2022-03-14 09:01:31 us=156000 tls_timeout = 2
2022-03-14 09:01:31 us=156000 renegotiate_bytes = -1
2022-03-14 09:01:31 us=156000 renegotiate_packets = 0
2022-03-14 09:01:31 us=156000 renegotiate_seconds = 0
2022-03-14 09:01:31 us=156000 handshake_window = 60
2022-03-14 09:01:31 us=156000 transition_window = 3600
2022-03-14 09:01:31 us=156000 single_session = DISABLED
2022-03-14 09:01:31 us=156000 push_peer_info = DISABLED
2022-03-14 09:01:31 us=156000 tls_exit = DISABLED
2022-03-14 09:01:31 us=156000 tls_crypt_v2_metadata = '[UNDEF]'
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_protected_authentication = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_private_mode = 00000000
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_cert_private = DISABLED
2022-03-14 09:01:31 us=156000 pkcs11_pin_cache_period = -1
2022-03-14 09:01:31 us=156000 pkcs11_id = '[UNDEF]'
2022-03-14 09:01:31 us=156000 pkcs11_id_management = DISABLED
2022-03-14 09:01:31 us=156000 server_network = 0.0.0.0
2022-03-14 09:01:31 us=156000 server_netmask = 0.0.0.0
2022-03-14 09:01:31 us=156000 server_network_ipv6 = ::
2022-03-14 09:01:31 us=156000 server_netbits_ipv6 = 0
2022-03-14 09:01:31 us=156000 server_bridge_ip = 0.0.0.0
2022-03-14 09:01:31 us=156000 server_bridge_netmask = 0.0.0.0
2022-03-14 09:01:31 us=156000 server_bridge_pool_start = 0.0.0.0
2022-03-14 09:01:31 us=156000 server_bridge_pool_end = 0.0.0.0
2022-03-14 09:01:31 us=156000 ifconfig_pool_defined = DISABLED
2022-03-14 09:01:31 us=156000 ifconfig_pool_start = 0.0.0.0
2022-03-14 09:01:31 us=156000 ifconfig_pool_end = 0.0.0.0
2022-03-14 09:01:31 us=156000 ifconfig_pool_netmask = 0.0.0.0
2022-03-14 09:01:31 us=156000 ifconfig_pool_persist_filename = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ifconfig_pool_persist_refresh_freq = 600
2022-03-14 09:01:31 us=156000 ifconfig_ipv6_pool_defined = DISABLED
2022-03-14 09:01:31 us=156000 ifconfig_ipv6_pool_base = ::
2022-03-14 09:01:31 us=156000 ifconfig_ipv6_pool_netbits = 0
2022-03-14 09:01:31 us=156000 n_bcast_buf = 256
2022-03-14 09:01:31 us=156000 tcp_queue_limit = 64
2022-03-14 09:01:31 us=156000 real_hash_size = 256
2022-03-14 09:01:31 us=156000 virtual_hash_size = 256
2022-03-14 09:01:31 us=156000 client_connect_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 learn_address_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 client_disconnect_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 client_config_dir = '[UNDEF]'
2022-03-14 09:01:31 us=156000 ccd_exclusive = DISABLED
2022-03-14 09:01:31 us=156000 tmp_dir = 'C:\Users\ChiHang\AppData\Local\Temp\'
2022-03-14 09:01:31 us=156000 push_ifconfig_defined = DISABLED
2022-03-14 09:01:31 us=156000 push_ifconfig_local = 0.0.0.0
2022-03-14 09:01:31 us=156000 push_ifconfig_remote_netmask = 0.0.0.0
2022-03-14 09:01:31 us=156000 push_ifconfig_ipv6_defined = DISABLED
2022-03-14 09:01:31 us=156000 push_ifconfig_ipv6_local = ::/0
2022-03-14 09:01:31 us=156000 push_ifconfig_ipv6_remote = ::
2022-03-14 09:01:31 us=156000 enable_c2c = DISABLED
2022-03-14 09:01:31 us=156000 duplicate_cn = DISABLED
2022-03-14 09:01:31 us=156000 cf_max = 0
2022-03-14 09:01:31 us=156000 cf_per = 0
2022-03-14 09:01:31 us=156000 max_clients = 1024
2022-03-14 09:01:31 us=156000 max_routes_per_client = 256
2022-03-14 09:01:31 us=156000 auth_user_pass_verify_script = '[UNDEF]'
2022-03-14 09:01:31 us=156000 auth_user_pass_verify_script_via_file = DISABLED
2022-03-14 09:01:31 us=156000 auth_token_generate = DISABLED
2022-03-14 09:01:31 us=156000 auth_token_lifetime = 0
2022-03-14 09:01:31 us=156000 auth_token_secret_file = '[UNDEF]'
2022-03-14 09:01:31 us=156000 vlan_tagging = DISABLED
2022-03-14 09:01:31 us=156000 vlan_accept = all
2022-03-14 09:01:31 us=156000 vlan_pvid = 1
2022-03-14 09:01:31 us=156000 client = ENABLED
2022-03-14 09:01:31 us=156000 pull = ENABLED
2022-03-14 09:01:31 us=156000 auth_user_pass_file = 'D:/login.conf'
2022-03-14 09:01:31 us=156000 show_net_up = DISABLED
2022-03-14 09:01:31 us=156000 route_method = 3
2022-03-14 09:01:31 us=156000 block_outside_dns = DISABLED
2022-03-14 09:01:31 us=156000 ip_win32_defined = DISABLED
2022-03-14 09:01:31 us=156000 ip_win32_type = 3
2022-03-14 09:01:31 us=156000 dhcp_masq_offset = 0
2022-03-14 09:01:31 us=156000 dhcp_lease_time = 31536000
2022-03-14 09:01:31 us=156000 tap_sleep = 0
2022-03-14 09:01:31 us=156000 dhcp_options = ENABLED
2022-03-14 09:01:31 us=156000 dhcp_renew = DISABLED
2022-03-14 09:01:31 us=156000 dhcp_pre_release = DISABLED
2022-03-14 09:01:31 us=156000 domain = 'KCompanytoken.com'
2022-03-14 09:01:31 us=156000 netbios_scope = '[UNDEF]'
2022-03-14 09:01:31 us=156000 netbios_node_type = 0
2022-03-14 09:01:31 us=156000 disable_nbt = DISABLED
2022-03-14 09:01:31 us=156000 DNS[0] = 172.29.20.10
2022-03-14 09:01:31 us=156000 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-03-14 09:01:31 us=156000 Windows version 10.0 (Windows 10 or greater) 64bit
2022-03-14 09:01:31 us=156000 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-03-14 09:01:31 us=156000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-03-14 09:01:31 us=156000 Need hold release from management interface, waiting...
2022-03-14 09:01:31 us=593000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-03-14 09:01:31 us=703000 MANAGEMENT: CMD 'state on'
2022-03-14 09:01:31 us=703000 MANAGEMENT: CMD 'log all on'
2022-03-14 09:01:32 us=156000 MANAGEMENT: CMD 'echo all on'
2022-03-14 09:01:32 us=156000 MANAGEMENT: CMD 'bytecount 5'
2022-03-14 09:01:32 us=171000 MANAGEMENT: CMD 'hold off'
2022-03-14 09:01:32 us=171000 MANAGEMENT: CMD 'hold release'
2022-03-14 09:01:32 us=187000 MANAGEMENT: CMD 'proxy NONE '
2022-03-14 09:01:33 us=203000 LZO compression initializing
2022-03-14 09:01:33 us=203000 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-03-14 09:01:33 us=203000 MANAGEMENT: >STATE:1647219693,RESOLVE,,,,,,
2022-03-14 09:01:33 us=203000 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2022-03-14 09:01:33 us=203000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client'
2022-03-14 09:01:33 us=203000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-server'
2022-03-14 09:01:33 us=203000 TCP/UDP: Preserving recently used remote address: [AF_INET]61.219.243.246:2194
2022-03-14 09:01:33 us=203000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-14 09:01:33 us=203000 UDP link local: (not bound)
2022-03-14 09:01:33 us=203000 UDP link remote: [AF_INET]61.219.243.246:2194
2022-03-14 09:01:33 us=203000 MANAGEMENT: >STATE:1647219693,WAIT,,,,,,
2022-03-14 09:01:33 us=203000 MANAGEMENT: >STATE:1647219693,AUTH,,,,,,
2022-03-14 09:01:33 us=203000 TLS: Initial packet from [AF_INET]61.219.243.246:2194, sid=85ee0e01 d381956f
2022-03-14 09:01:33 us=296000 VERIFY OK: depth=1, C=TW, ST=Taiwan, L=Taipei, O=KCompany Research, OU=HPC, CN=gateway, [email protected]
2022-03-14 09:01:33 us=296000 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_e7hcC8JQJoCbtj1, [email protected]
2022-03-14 09:01:33 us=296000 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_e7hcC8JQJoCbtj1, [email protected]
2022-03-14 09:01:33 us=375000 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256
2022-03-14 09:01:33 us=375000 [Appliance_Certificate_e7hcC8JQJoCbtj1] Peer Connection Initiated with [AF_INET]61.219.243.246:2194
2022-03-14 09:01:34 us=406000 MANAGEMENT: >STATE:1647219694,GET_CONFIG,,,,,,
2022-03-14 09:01:34 us=406000 SENT CONTROL [Appliance_Certificate_e7hcC8JQJoCbtj1]: 'PUSH_REQUEST' (status=1)
2022-03-14 09:01:35 us=406000 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:35 us=453000 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:35 us=484000 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:35 us=656000 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:36 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:36 us=671000 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:38 us=31000 Key [AF_INET]61.219.243.246:2194 [0] not initialized (yet), dropping packet.
2022-03-14 09:01:39 us=62000 SENT CONTROL [Appliance_Certificate_e7hcC8JQJoCbtj1]: 'PUSH_REQUEST' (status=1)
2022-03-14 09:01:39 us=78000 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,redirect-gateway def1,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,dhcp-option DNS 172.29.20.10,dhcp-option DNS 172.29.20.11,dhcp-option DOMAIN KCompanytoken.com,ifconfig 10.81.234.10 255.255.255.0'
2022-03-14 09:01:39 us=78000 Pushed option removed by filter: 'dhcp-option DNS 172.29.20.10'
2022-03-14 09:01:39 us=78000 Pushed option removed by filter: 'dhcp-option DNS 172.29.20.11'
2022-03-14 09:01:39 us=78000 OPTIONS IMPORT: timers and/or timeouts modified
2022-03-14 09:01:39 us=78000 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-03-14 09:01:39 us=78000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-14 09:01:39 us=78000 OPTIONS IMPORT: --ifconfig/up options modified
2022-03-14 09:01:39 us=78000 OPTIONS IMPORT: route options modified
2022-03-14 09:01:39 us=78000 OPTIONS IMPORT: route-related options modified
2022-03-14 09:01:39 us=78000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-03-14 09:01:39 us=78000 Using peer cipher 'AES-128-CBC'
2022-03-14 09:01:39 us=78000 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2022-03-14 09:01:39 us=78000 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-14 09:01:39 us=78000 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2022-03-14 09:01:39 us=78000 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-14 09:01:39 us=78000 interactive service msg_channel=704
2022-03-14 09:01:39 us=93000 open_tun
2022-03-14 09:01:39 us=109000 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-03-14 09:01:39 us=109000 TAP-Windows Driver Version 9.24
2022-03-14 09:01:39 us=109000 TAP-Windows MTU=1500
2022-03-14 09:01:39 us=109000 Set TAP-Windows TUN subnet mode network/local/netmask = 10.81.234.0/10.81.234.10/255.255.255.0 [SUCCEEDED]
2022-03-14 09:01:39 us=109000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.234.10/255.255.255.0 on interface {AC546456-9C13-4AFA-AE49-AB98FA257865} [DHCP-serv: 10.81.234.0, lease-time: 31536000]
2022-03-14 09:01:39 us=109000 DHCP option string: 0f0f6b72 6f6e6f73 746f6b65 6e2e636f 6d0604ac 1d140a
2022-03-14 09:01:39 us=109000 Successful ARP Flush on interface [13] {AC546456-9C13-4AFA-AE49-AB98FA257865}
2022-03-14 09:01:39 us=125000 do_ifconfig, ipv4=1, ipv6=0
2022-03-14 09:01:39 us=125000 MANAGEMENT: >STATE:1647219699,ASSIGN_IP,,10.81.234.10,,,,
2022-03-14 09:01:39 us=125000 IPv4 MTU set to 1500 on interface 13 using service
2022-03-14 09:01:43 us=156000 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
2022-03-14 09:01:43 us=156000 C:\WINDOWS\system32\route.exe ADD 61.219.243.246 MASK 255.255.255.255 192.168.50.1
2022-03-14 09:01:43 us=156000 Route addition via service succeeded
2022-03-14 09:01:43 us=156000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.81.234.5
2022-03-14 09:01:43 us=171000 Route addition via service succeeded
2022-03-14 09:01:43 us=171000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.81.234.5
2022-03-14 09:01:43 us=171000 Route addition via service succeeded
2022-03-14 09:01:43 us=171000 MANAGEMENT: >STATE:1647219703,ADD_ROUTES,,,,,,
2022-03-14 09:01:43 us=171000 C:\WINDOWS\system32\route.exe ADD 61.219.243.246 MASK 255.255.255.255 192.168.50.1
2022-03-14 09:01:43 us=171000 ROUTE: route addition failed using service: 物件已經存在。 [status=5010 if_index=14]
2022-03-14 09:01:43 us=171000 Route addition via service failed
2022-03-14 09:01:43 us=171000 C:\WINDOWS\system32\route.exe ADD 61.219.243.246 MASK 255.255.255.255 192.168.50.1
2022-03-14 09:01:43 us=171000 ROUTE: route addition failed using service: 物件已經存在。 [status=5010 if_index=14]
2022-03-14 09:01:43 us=171000 Route addition via service failed
2022-03-14 09:01:43 us=171000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-03-14 09:01:43 us=171000 Initialization Sequence Completed
2022-03-14 09:01:43 us=171000 MANAGEMENT: >STATE:1647219703,CONNECTED,SUCCESS,10.81.234.10,61.219.243.246,2194,,
From the logs:
DHCP option string: 0f0f6b72 6f6e6f73 746f6b65 6e2e636f 6d0604ac 1d140a
That is the encoded form of "domain name = kronostoken.com and DNS address = 172.29.20.10" -- there is only one DNS address passed to the tap interface --- the tailing end of the DHCP option string that reads: 0604ac1d140a, meaning option 06 (=DNS) with 04 bytes of data for one IP address. I had expected to see 0608ac 1d140aac 1d140b
The PUSH REPLY line in the logs has
dhcp-option DNS 172.29.20.10,dhcp-option DNS 172.29.20.11
So the server is pushing two addresses. I do not know why the second one is not getting included in the DHCP option string --- some one else may have a clue.
That said, please confirm whether the missing 172.29.20.11 as DNS server is the cause of the trouble you have.
Hi,
On Sun, Mar 13, 2022 at 06:26:28PM -0700, Selva Nair wrote:
So the server is pushing two addresses. I do not know why the second one is not getting included in the DHCP option string --- some one else may have a clue.
A quick look into the code (dhcp_option_address_parse() into o->dns, build_dhcp_options_string() reading out of o->dns) confirms that "it should be able to handle multiple".
Just to be sure, I've tested this here (Win10, some older master version) and it correctly installs both pushed DNS servers.
Then I looked again at the original poster's log file, and lo and behold...
2022-03-14 09:01:31 us=156000 Pull filters: 2022-03-14 09:01:31 us=156000 ignore "dhcp-option DNS" 2022-03-14 09:01:31 us=156000 ignore "route-method"
where is that one coming from? "pull-filter route-method" is likely to come from GUI, but do we also set a filter on DHCP stuff?
gert
"If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
Then I looked again at the original poster's log file, and lo and behold... 2022-03-14 09:01:31 us=156000 Pull filters: 2022-03-14 09:01:31 us=156000 ignore "dhcp-option DNS" 2022-03-14 09:01:31 us=156000 ignore "route-method"
Aha... The GUI only adds route-method, the other one must be in the config file. That would have removed both DNS entries though. Possibly there also a "dhcp-optiion DNS 172.29.20.10" in the config file?
@ChiHangChen Please post your client config file. There may be other surprises in there. Anyway, removing the offending pull-filter directive may fix your issue.
Hi,
On Mon, Mar 14, 2022 at 07:11:14AM -0700, Selva Nair wrote:
Then I looked again at the original poster's log file, and lo and behold... 2022-03-14 09:01:31 us=156000 Pull filters: 2022-03-14 09:01:31 us=156000 ignore "dhcp-option DNS" 2022-03-14 09:01:31 us=156000 ignore "route-method"
Aha... The GUI only adds route-method, the other one must be in the config file. That would have removed both DNS entries though. Possibly there also a "dhcp-optiion DNS 172.29.20.10" in the config file?
Yes, the logs show this. I noticed when grepping for "DNS" :-)
(At this point, I'm happy that the OpenVPN part seems to be working correctly... but if someone feeds in expert options, they should have an expert-level understanding on the expected results...)
gert
-- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
Then I looked again at the original poster's log file, and lo and behold... 2022-03-14 09:01:31 us=156000 Pull filters: 2022-03-14 09:01:31 us=156000 ignore "dhcp-option DNS" 2022-03-14 09:01:31 us=156000 ignore "route-method"
Aha... The GUI only adds route-method, the other one must be in the config file. That would have removed both DNS entries though. Possibly there also a "dhcp-optiion DNS 172.29.20.10" in the config file?
@ChiHangChen Please post your client config file. There may be other surprises in there. Anyway, removing the offending pull-filter directive may fix your issue.
Yes I did add the following line into my config file..
pull-filter ignore "dhcp-option DNS"
script-security 2
dhcp-option DNS 172.29.20.10
dhcp-option DOMAIN kros.com
But this is after I found that my DNS can not work properly and try to search some solution throught GOOGLE, and found some people said that add these line might help. I am no expert of this area so I clearly don't know what these config lines using for.
Either with or without these lines, the DNS still not working using OpenVPN-GUI but work fine under OpenVPN Connect
The following is my config file...I wonder if this help for find the root cause
client
dev tun
proto udp
explicit-exit-notify
verify-x509-name "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_eXXXXXXXXXXX1, [email protected]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
MIIDXXXXXXXXXXXXXXXXXXXXXXXXXXXNA==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXU=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEXXXXXXXXXXXXXXXXXXXXXXXXXXXXka1
-----END RSA PRIVATE KEY-----
</key>
auth-user-pass D:/login.conf
cipher AES-128-CBC
auth SHA256
comp-lzo yes
;can_save no
;otp no
;run_logon_script no
;auto_connect
route-delay 4
verb 4
reneg-sec 0
remote remote.kros.com 2194
Hi,
On Tue, Mar 15, 2022 at 06:08:30AM -0700, Jim Chen wrote:
But this is after I found that my DNS can not work properly and try to search some solution throught GOOGLE, and found some people said that add these line might help.
Either with or without these, the DNS still not working using OpenVPN-GUI...
Basically, you need to talk to your network admin to sort this out - if they send you two DNS servers, and one of them is not working, maybe the number changed and they forgot to update the openvpn server config.
It's not an OpenVPN bug, and even less an OpenVPN-GUI bug, or feature enhancement.
gert
-- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
Hi, On Tue, Mar 15, 2022 at 06:08:30AM -0700, Jim Chen wrote: But this is after I found that my DNS can not work properly and try to search some solution throught GOOGLE, and found some people said that add these line might help. Either with or without these, the DNS still not working using OpenVPN-GUI... Basically, you need to talk to your network admin to sort this out - if they send you two DNS servers, and one of them is not working, maybe the number changed and they forgot to update the openvpn server config. It's not an OpenVPN bug, and even less an OpenVPN-GUI bug, or feature enhancement. gert … -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany @.***
Got it thanks, will do. But I am wondering why the OpenVPN Connect didn't encounter this issue but only happened in OpenVPN-GUI?
Hi,
On Tue, Mar 15, 2022 at 07:25:08AM -0700, Jim Chen wrote:
But I am wondering why the OpenVPN Connect didn't encounter this issue but only happened in OpenVPN-GUI?
Maybe OpenVPN Connect installs the DNS servers in the other order, so your client will ask .11 first, then .10 - and if .10 is not working, you won't notice.
"ipconfig /all" in comparison OpenVPN <-> Connect will tell you
gert
"If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***