Skip to content
osx mavericks - doesn't accept server pushed dns server
Got a problem with Viscosity or need help? Ask here!
Hello,
I've determined that osx mavericks uses wrong/default dns server, although dns server is pushed from my openvpn server.
I've attached scutil --dns log output before connect and after connect. DNS resolver isn't changed after connect. Additionally I've attached viscosity client log.
I've tested my configuration on windows7, too. On my windows7 client, the server pushed dns was used after connect.
So the question is, how to get dns server push working on osx mavericks?
Best regards,
theq
scutil dns before connect:
---------------------------------------------------------------------
scutil --dns
DNS configuration
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Request A records
reach : Reachable,Directly Reachable Address
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Scoped, Request A records
reach : Reachable,Directly Reachable Address
scutil dns after connect:
---------------------------------------------------------------------
scutil --dns
DNS configuration
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Request A records
reach : Reachable,Directly Reachable Address
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Scoped, Request A records
reach : Reachable,Directly Reachable Address
viscosity client log:
---------------------------------------------------------------------
server 192.168.200.0 255.255.255.248
push "redirect-gateway def1"
push "dhcp-option DOMAIN internal.mydomain.org"
push "dhcp-option DNS 192.168.201.1"
push "dhcp-option NTP 192.53.103.108"
push "dhcp-option NTP 192.53.103.104"
Apr 20 18:27:03: Viscosity Mac 1.4.8 (1162)
Apr 20 18:27:03: Viscosity OpenVPN Engine Started
Apr 20 18:27:03: Running on Mac OS X 10.9.2
Apr 20 18:27:03: ---------
Apr 20 18:27:03: Checking reachability status of connection...
Apr 20 18:27:03: Connection is reachable. Starting connection attempt.
Sun Apr 20 18:27:04 2014 viscosity_foreign_option_1=dhcp-option DNS 192.168.201.1
Sun Apr 20 18:27:04 2014 viscosity_foreign_option_2=dhcp-option DOMAIN internal.mydomain.org
Apr 20 18:27:05: OpenVPN 2.3.2 i386-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 8 2014
Apr 20 18:27:05: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 20 18:27:05: UDPv4 link local: [undef]
Apr 20 18:27:05: UDPv4 link remote: [AF_INET]serverip:1194
Apr 20 18:27:39: [server.mydomain.org] Peer Connection Initiated with [AF_INET]serverip:1194
Apr 20 18:27:42: viscosity_foreign_option_3=dhcp-option DOMAIN internal.mydomain.org
Apr 20 18:27:42: viscosity_foreign_option_4=dhcp-option DNS 192.168.201.1
Apr 20 18:27:42: viscosity_foreign_option_5=dhcp-option NTP 192.53.103.108
Apr 20 18:27:42: viscosity_foreign_option_6=dhcp-option NTP 192.53.103.104
Apr 20 18:27:42: TUN/TAP device /dev/tun0 opened
Apr 20 18:27:42: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 20 18:27:42: /sbin/ifconfig tun0 delete
Apr 20 18:27:42: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Apr 20 18:27:42: /sbin/ifconfig tun0 192.168.200.6 192.168.200.5 mtu 1500 netmask 255.255.255.255 up
Apr 20 18:27:42: Initialization Sequence Completed
I've determined that osx mavericks uses wrong/default dns server, although dns server is pushed from my openvpn server.
I've attached scutil --dns log output before connect and after connect. DNS resolver isn't changed after connect. Additionally I've attached viscosity client log.
I've tested my configuration on windows7, too. On my windows7 client, the server pushed dns was used after connect.
So the question is, how to get dns server push working on osx mavericks?
Best regards,
theq
scutil dns before connect:
---------------------------------------------------------------------
scutil --dns
DNS configuration
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Request A records
reach : Reachable,Directly Reachable Address
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Scoped, Request A records
reach : Reachable,Directly Reachable Address
scutil dns after connect:
---------------------------------------------------------------------
scutil --dns
DNS configuration
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Request A records
reach : Reachable,Directly Reachable Address
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mydomain.local
nameserver[0] : 192.168.11.1
if_index : 4 (en1)
flags : Scoped, Request A records
reach : Reachable,Directly Reachable Address
viscosity client log:
---------------------------------------------------------------------
server 192.168.200.0 255.255.255.248
push "redirect-gateway def1"
push "dhcp-option DOMAIN internal.mydomain.org"
push "dhcp-option DNS 192.168.201.1"
push "dhcp-option NTP 192.53.103.108"
push "dhcp-option NTP 192.53.103.104"
Apr 20 18:27:03: Viscosity Mac 1.4.8 (1162)
Apr 20 18:27:03: Viscosity OpenVPN Engine Started
Apr 20 18:27:03: Running on Mac OS X 10.9.2
Apr 20 18:27:03: ---------
Apr 20 18:27:03: Checking reachability status of connection...
Apr 20 18:27:03: Connection is reachable. Starting connection attempt.
Sun Apr 20 18:27:04 2014 viscosity_foreign_option_1=dhcp-option DNS 192.168.201.1
Sun Apr 20 18:27:04 2014 viscosity_foreign_option_2=dhcp-option DOMAIN internal.mydomain.org
Apr 20 18:27:05: OpenVPN 2.3.2 i386-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 8 2014
Apr 20 18:27:05: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 20 18:27:05: UDPv4 link local: [undef]
Apr 20 18:27:05: UDPv4 link remote: [AF_INET]serverip:1194
Apr 20 18:27:39: [server.mydomain.org] Peer Connection Initiated with [AF_INET]serverip:1194
Apr 20 18:27:42: viscosity_foreign_option_3=dhcp-option DOMAIN internal.mydomain.org
Apr 20 18:27:42: viscosity_foreign_option_4=dhcp-option DNS 192.168.201.1
Apr 20 18:27:42: viscosity_foreign_option_5=dhcp-option NTP 192.53.103.108
Apr 20 18:27:42: viscosity_foreign_option_6=dhcp-option NTP 192.53.103.104
Apr 20 18:27:42: TUN/TAP device /dev/tun0 opened
Apr 20 18:27:42: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 20 18:27:42: /sbin/ifconfig tun0 delete
Apr 20 18:27:42: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Apr 20 18:27:42: /sbin/ifconfig tun0 192.168.200.6 192.168.200.5 mtu 1500 netmask 255.255.255.255 up
Apr 20 18:27:42: Initialization Sequence Completed
Hi theq,
Make sure the "Enable DNS support" checkbox is ticked (under the Networking tab when editing your connection in Viscosity). If you want the VPN DNS servers to override your local servers you should also ensure that the "Apply DNS settings simultaneously" option is un-ticked (under Preferences->Advanced).
Cheers,
James
Make sure the "Enable DNS support" checkbox is ticked (under the Networking tab when editing your connection in Viscosity). If you want the VPN DNS servers to override your local servers you should also ensure that the "Apply DNS settings simultaneously" option is un-ticked (under Preferences->Advanced).
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Hi cudiaco,
There are no known issues with Viscosity's DNS support on Mavericks. However based on earlier posts it appears you are using a custom build of OpenVPN, rather than Viscosity's official build? If that's still the case it's probably the reason behind what is going on: we apply a patch to OpenVPN to output pushed DNS settings, without this they'll be ignored.
If you'd like to apply this patch to your build of OpenVPN please simply shoot an email our way and we can send you the OpenVPN source/patches we're using for our OpenVPN build (as per the GPL).
Cheers,
James
There are no known issues with Viscosity's DNS support on Mavericks. However based on earlier posts it appears you are using a custom build of OpenVPN, rather than Viscosity's official build? If that's still the case it's probably the reason behind what is going on: we apply a patch to OpenVPN to output pushed DNS settings, without this they'll be ignored.
If you'd like to apply this patch to your build of OpenVPN please simply shoot an email our way and we can send you the OpenVPN source/patches we're using for our OpenVPN build (as per the GPL).
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
6 posts
Page 1 of 1