Issue: OpenVPN connects successfully but cannot resolved hostnames when browsing. It looks like an OpenVPN DNS issue.
Platform: Ubuntu 14.04 LTS (Trusty Tahr)
Software version: OpenVPN 2.3.4
OpenVPN logs indicated the DNS configuration was successfully pushed from OpenVPN server to client.
Tue Oct 14 05:08:39 2014 SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1) Tue Oct 14 05:08:40 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 188.8.131.52,dhcp-option DNS 184.108.40.206,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.34 10.8.0.33'
I tested nslookup but failed.
rejohn@R007:/opt/openvpn-2.3.4$ nslookup yahoo.com Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find yahoo.com: REFUSED
The error above indicated that my local ISP didn’t allow lookup from non-AU IPs. This make sense because my IP now changed to a non-AU IP.
Solution: Issue resolved by overriding the DNS servers I got from my router. To do this I had to edit /etc/dhcp/dhclient.conf file. Added supersede domain-name-servers 220.127.116.11; then restarted my network connection sudo service network-manager restart. The newly added line in dhclient.conf means that if the name searched for is not in the cache, it will ask 18.104.22.168 and not at the DNS server provided by my router.
Tested nslookup again and got an answer using Google’s DNS servers.
rejohn@R007:/etc/dhcp$ nslookup google.com Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: Name: google.com Address: 22.214.171.124 Name: google.com Address: 126.96.36.199 Name: google.com Address: 188.8.131.52 Name: google.com Address: 184.108.40.206 Name: google.com Address: 220.127.116.11 Name: google.com Address: 18.104.22.168 Name: google.com Address: 22.214.171.124 Name: google.com Address: 126.96.36.199 Name: google.com Address: 188.8.131.52 Name: google.com Address: 184.108.40.206 Name: google.com Address: 220.127.116.11
By invoking nm-tool command I could see that my DNS changed to 18.104.22.168.
rejohn@R007:/etc/dhcp$ nm-tool NetworkManager Tool State: connected (global) - Device: wlan0 [n00b] -------------------------------------------------------- Type: 802.11 WiFi Driver: ath9k State: connected Default: yes HW Address: aa:bb:cc:dd:ee:ff Capabilities: Speed: 54 Mb/s Wireless Properties WEP Encryption: yes WPA Encryption: yes WPA2 Encryption: yes Wireless Access Points (* = current AP) n00b: Infra, 60:73:5C:DA:84:10, Freq 2427 MHz, Rate 54 Mb/s, Strength 82 WPA2 D-Link: Infra, 28:10:7B:DD:84:6A, Freq 2437 MHz, Rate 54 Mb/s, Strength 57 WPA2 la maison: Infra, 00:18:4D:5E:59:5E, Freq 2462 MHz, Rate 54 Mb/s, Strength 45 WPA Motorola: Infra, 00:14:A5:91:5A:65, Freq 2412 MHz, Rate 54 Mb/s, Strength 24 belkin.307: Infra, B4:75:0E:1F:F3:07, Freq 2422 MHz, Rate 54 Mb/s, Strength 20 WPA WPA2 IPv4 Settings: Address: 192.168.xx.x Prefix: 24 (255.255.255.0) Gateway: 192.168.xxx.x DNS: 22.214.171.124