What's new

[Solved] DNS failed for OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Mikiya

Occasional Visitor
Hi
I'm using my AC68U ( 382.2 beta2) as OpenVPN server. My client (my Android phone) can connect to it, browsing by IP works, but DNS resolutions failed. If i override the DNS on client with public IPs it works but my DNS-traffic leak.
I configured DNS server to enable Web access, and when i'm in local network with wifi, i do not have any problems with DNS.

Here my generated conf :
Code:
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto udp
port 443
dev tun21
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
tls-auth static.key 1
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 5

# Custom Configuration

Do you have any ideas ? Thanks !
 
Hi
I'm using my AC68U ( 382.2 beta2) as OpenVPN server. My client (my Android phone) can connect to it, browsing by IP works, but DNS resolutions failed. If i override the DNS on client with public IPs it works but my DNS-traffic leak.
I configured DNS server to enable Web access, and when i'm in local network with wifi, i do not have any problems with DNS.

Here my generated conf :
Code:
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto udp
port 443
dev tun21
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
tls-auth static.key 1
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 5

# Custom Configuration

Do you have any ideas ? Thanks !
What do you mean by: "I configured DNS server to enable Web access"?

Post log of the client to understand how the connection is created.

Make sure the VPN server is configured to allow client's access to the LAN & Internet.

Regards.

Sent from my ONEPLUS A3000 using Tapatalk
 
Excuse i made a typo, i mean "I configured VPN server to enable Web access"
So it replies to your other point ("Make sure the VPN server is configured to allow client's access to the LAN & Internet.").
In conf it's set with

push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"


So i do not understand why it does not work...
(I will edit my post as soon as i can extract client logs)
 
Last edited:
Maybe turn on firewall drop log to see if there is any drop packet in port 53/443 that is related to your VPN clients.

Coz u mentioned that when in local network, you can VPN and access internet but not when u are connected outside the local network.
 
Last edited:
Excuse i made a typo, i mean "I configured VPN server to enable Web access"
So it replies to your other point ("Make sure the VPN server is configured to allow client's access to the LAN & Internet.").
In conf it's set with

push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"


So i do not understand why it does not work...
(I will edit my post as soon as i can extract client logs)

I meant this setting:

upload_2018-1-15_14-32-11.png
 
think he did. Based on the generated config,
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"

That already push DNS to client.

Just realise one thing.. why the DNS is router ip? Are u using dnscrypt? If not check your WAN setting. Either is Yes to Connect to DNS Server automatically or u manually set your preferred DNS server ie. 8.8.8.8 (Google)

The Openvpn DNS is pull from the setting here.
 
Hum indeed, in the past i had configured dnscrypt... I removed it (with all references in /jfss/scripts) but maybe something went wrong...
In WAN settings, i manually set 2 public DNS servers (compliants with DNSSEC if it can help).
 
Once u set the DNS, suggest u restart the Openvpn server to pull the data or best u restart the router.
 
I just try to restart the router, without effect :(
Another thing : I can't get the web page of router from VPN. I can reach other internal IPs but not 192.168.1.1 ! I have IPSET_Block.sh configured, i will try to disable it to see if it's related.
 
Last edited:
Make sure the client's LAN subnet is whitelisted in your IPSET_Block configuration, as well as the VPN Server subnet.
What if you push a public DNS instead of the router?
Look at the VPN client log for any anomaly with the connection parameters.
 
Try
Code:
push "dhcp-option DNS 10.8.0.1"

Assuming your OpenVPN subnet is the default. Android has an issue where it doesn't like to use DNS not on the same subnet (or so a warning in OpenVPN for Android leads me to believe).
 
Yeah ! I change IPSET Block conf to use WANONLY mode, and it's ok now i can access Internet from VPN ! :D (And it still blocks scans from Internet, it's main purpose :cool:)
Thanks everyone for the help :)
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top