osx mavericks - doesn't accept server pushed dns server

Got a problem with Viscosity or need help? Ask here!

theq

Posts: 2
Joined: Mon Apr 21, 2014 2:22 am

Post by theq » Mon Apr 21, 2014 3:25 am
Hello,

I've determined that osx mavericks uses wrong/default dns server, although dns server is pushed from my openvpn server.
I've attached scutil --dns log output before connect and after connect. DNS resolver isn't changed after connect. Additionally I've attached viscosity client log.

I've tested my configuration on windows7, too. On my windows7 client, the server pushed dns was used after connect.

So the question is, how to get dns server push working on osx mavericks?

Best regards,
theq




scutil dns before connect:
---------------------------------------------------------------------
scutil --dns
DNS configuration

resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Request A records
reach : Reachable,Directly Reachable Address

resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 301000

DNS configuration (for scoped queries)

resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Scoped, Request A records
reach : Reachable,Directly Reachable Address




scutil dns after connect:
---------------------------------------------------------------------
scutil --dns
DNS configuration

resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Request A records
reach : Reachable,Directly Reachable Address

resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 301000

DNS configuration (for scoped queries)

resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Scoped, Request A records
reach : Reachable,Directly Reachable Address




viscosity client log:
---------------------------------------------------------------------

server 192.168.200.0 255.255.255.248
push "redirect-gateway def1"
push "dhcp-option DOMAIN internal.mydomain.org"
push "dhcp-option DNS 192.168.201.1"
push "dhcp-option NTP 192.53.103.108"
push "dhcp-option NTP 192.53.103.104"


Apr 20 18:27:03: Viscosity Mac 1.4.8 (1162)
Apr 20 18:27:03: Viscosity OpenVPN Engine Started
Apr 20 18:27:03: Running on Mac OS X 10.9.2
Apr 20 18:27:03: ---------
Apr 20 18:27:03: Checking reachability status of connection...
Apr 20 18:27:03: Connection is reachable. Starting connection attempt.
Sun Apr 20 18:27:04 2014 viscosity_foreign_option_1=dhcp-option DNS 192.168.201.1
Sun Apr 20 18:27:04 2014 viscosity_foreign_option_2=dhcp-option DOMAIN internal.mydomain.org
Apr 20 18:27:05: OpenVPN 2.3.2 i386-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 8 2014
Apr 20 18:27:05: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 20 18:27:05: UDPv4 link local: [undef]
Apr 20 18:27:05: UDPv4 link remote: [AF_INET]serverip:1194
Apr 20 18:27:39: [server.mydomain.org] Peer Connection Initiated with [AF_INET]serverip:1194
Apr 20 18:27:42: viscosity_foreign_option_3=dhcp-option DOMAIN internal.mydomain.org
Apr 20 18:27:42: viscosity_foreign_option_4=dhcp-option DNS 192.168.201.1
Apr 20 18:27:42: viscosity_foreign_option_5=dhcp-option NTP 192.53.103.108
Apr 20 18:27:42: viscosity_foreign_option_6=dhcp-option NTP 192.53.103.104
Apr 20 18:27:42: TUN/TAP device /dev/tun0 opened
Apr 20 18:27:42: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 20 18:27:42: /sbin/ifconfig tun0 delete
Apr 20 18:27:42: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Apr 20 18:27:42: /sbin/ifconfig tun0 192.168.200.6 192.168.200.5 mtu 1500 netmask 255.255.255.255 up
Apr 20 18:27:42: Initialization Sequence Completed

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Apr 24, 2014 12:22 pm
Hi theq,

Make sure the "Enable DNS support" checkbox is ticked (under the Networking tab when editing your connection in Viscosity). If you want the VPN DNS servers to override your local servers you should also ensure that the "Apply DNS settings simultaneously" option is un-ticked (under Preferences->Advanced).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

theq

Posts: 2
Joined: Mon Apr 21, 2014 2:22 am

Post by theq » Fri Apr 25, 2014 11:04 pm
Hi James,

I did as you said. Viscosity now takes the server pushed DNS-server.

Thanks for your support!
Regards,
theq

cudiaco

Posts: 11
Joined: Tue Dec 06, 2011 2:01 am

Post by cudiaco » Sat May 24, 2014 5:32 am
Hi,

I'm having the same issue on Mavericks as well. I have followed the steps but the pushed DNS is not being changed on my Mac. It does work on windows and iOS devices however.

Any thoughts?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sat May 24, 2014 10:06 am
Hi cudiaco,

There are no known issues with Viscosity's DNS support on Mavericks. However based on earlier posts it appears you are using a custom build of OpenVPN, rather than Viscosity's official build? If that's still the case it's probably the reason behind what is going on: we apply a patch to OpenVPN to output pushed DNS settings, without this they'll be ignored.

If you'd like to apply this patch to your build of OpenVPN please simply shoot an email our way and we can send you the OpenVPN source/patches we're using for our OpenVPN build (as per the GPL).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

cudiaco

Posts: 11
Joined: Tue Dec 06, 2011 2:01 am

Post by cudiaco » Sat May 24, 2014 2:06 pm
Hi James,

That makes sense. I suppose I will just reinstall OpenVPN, make things easier this way.

Cheers.
6 posts Page 1 of 1