OpenVPN DNS Issue

redditpinterestlinkedin

Issue: OpenVPN connects successfully but cannot resolved hostnames when browsing. It looks like an OpenVPN DNS issue.

Platform: Ubuntu 14.04 LTS (Trusty Tahr)
Software version: OpenVPN 2.3.4

OpenVPN logs indicated the DNS configuration was successfully pushed from OpenVPN server to client.

Tue Oct 14 05:08:39 2014 SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1)
Tue Oct 14 05:08:40 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.34 10.8.0.33'

I tested nslookup but failed.

rejohn@R007:/opt/openvpn-2.3.4$ nslookup yahoo.com
Server:		127.0.1.1
Address:	127.0.1.1#53

** server can't find yahoo.com: REFUSED

The error above indicated that my local ISP didn’t allow lookup from non-AU IPs. This make sense because my IP now changed to a non-AU IP.

Solution: Issue resolved by overriding the DNS servers I got from my router. To do this I had to edit /etc/dhcp/dhclient.conf file. Added supersede domain-name-servers 8.8.8.8; then restarted my network connection sudo service network-manager restart. The newly added line in dhclient.conf means that if the name searched for is not in the cache, it will ask 8.8.8.8 and not at the DNS server provided by my router.

Tested nslookup again and got an answer using Google’s DNS servers.

rejohn@R007:/etc/dhcp$ nslookup google.com
Server:		127.0.1.1
Address:	127.0.1.1#53

Non-authoritative answer:
Name:	google.com
Address: 173.194.112.200
Name:	google.com
Address: 173.194.112.199
Name:	google.com
Address: 173.194.112.195
Name:	google.com
Address: 173.194.112.206
Name:	google.com
Address: 173.194.112.192
Name:	google.com
Address: 173.194.112.201
Name:	google.com
Address: 173.194.112.198
Name:	google.com
Address: 173.194.112.196
Name:	google.com
Address: 173.194.112.197
Name:	google.com
Address: 173.194.112.194
Name:	google.com
Address: 173.194.112.193

By invoking nm-tool command I could see that my DNS changed to 8.8.8.8.

rejohn@R007:/etc/dhcp$ nm-tool 

NetworkManager Tool
State: connected (global)

- Device: wlan0  [n00b] --------------------------------------------------------
  Type:              802.11 WiFi
  Driver:            ath9k
  State:             connected
  Default:           yes
  HW Address:        aa:bb:cc:dd:ee:ff

  Capabilities:
    Speed:           54 Mb/s

  Wireless Properties
    WEP Encryption:  yes
    WPA Encryption:  yes
    WPA2 Encryption: yes

  Wireless Access Points (* = current AP)
    n00b:            Infra, 60:73:5C:DA:84:10, Freq 2427 MHz, Rate 54 Mb/s, Strength 82 WPA2
    D-Link:          Infra, 28:10:7B:DD:84:6A, Freq 2437 MHz, Rate 54 Mb/s, Strength 57 WPA2
    la maison:       Infra, 00:18:4D:5E:59:5E, Freq 2462 MHz, Rate 54 Mb/s, Strength 45 WPA
    Motorola:        Infra, 00:14:A5:91:5A:65, Freq 2412 MHz, Rate 54 Mb/s, Strength 24
    belkin.307:      Infra, B4:75:0E:1F:F3:07, Freq 2422 MHz, Rate 54 Mb/s, Strength 20 WPA WPA2

  IPv4 Settings:
    Address:         192.168.xx.x
    Prefix:          24 (255.255.255.0)
    Gateway:         192.168.xxx.x
    DNS:             8.8.8.8

Rejohn Cuares

He is Network Engineer working in one of the Managed Service Providers in Brisbane, Australia. His role as an engineer spans across multiple technologies like Unified Communications, Security, Wireless and Routing/Switching. He loves learning new things that makes his job fun and interesting.

Latest posts by Rejohn Cuares (see all)

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

*