Split DNS issues with new OpenVPN version
Posted: Tue Jan 08, 2019 2:35 am
I have a split DNS setup working with OpenVPN Access Server 2.1.9 where everything is working as expected.
I am running Viscosity 1.7.12 (1581).
Log from working connection
- VPN only handles internal traffic
- Internal DNS is resolved through the VPN server
I am running Viscosity 1.7.12 (1581).
Log from working connection
Code: Select all
Log from non-working connection.
Jan 04 4:33:00 PM: State changed to Connecting
Jan 04 4:33:00 PM: Viscosity Windows 1.7.12 (1581)
Jan 04 4:33:00 PM: Running on Microsoft Windows 10 Pro
Jan 04 4:33:00 PM: Running on .NET Framework Version 4.7.03190.461814
Jan 04 4:33:00 PM: Bringing up interface...
Jan 04 4:33:00 PM: OpenVPN 2.4.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2018
Jan 04 4:33:00 PM: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.09
Jan 04 4:33:01 PM: Checking remote host "34.206.53.180" is reachable...
Jan 04 4:33:01 PM: Server reachable. Connecting to 34.206.53.180.
Jan 04 4:33:02 PM: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 04 4:33:02 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]34.206.53.180:1194
Jan 04 4:33:02 PM: UDP link local: (not bound)
Jan 04 4:33:02 PM: UDP link remote: [AF_INET]34.206.53.180:1194
Jan 04 4:33:02 PM: State changed to Authenticating
Jan 04 4:33:02 PM: [OpenVPN Server] Peer Connection Initiated with [AF_INET]34.206.53.180:1194
Jan 04 4:33:03 PM: State changed to Connecting
Jan 04 4:33:03 PM: Obsolete option --dhcp-release detected. This is now on by default
Jan 04 4:33:03 PM: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: block-ipv6 (2.4.6)
Jan 04 4:33:03 PM: open_tun
Jan 04 4:33:03 PM: TAP-WIN32 device [Staging] opened: \\.\Global\{900C2284-6991-4058-A1CB-454E6D77EDDF}.tap
Jan 04 4:33:03 PM: Set TAP-Windows TUN subnet mode network/local/netmask = 172.27.240.0/172.27.240.27/255.255.240.0 [SUCCEEDED]
Jan 04 4:33:03 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 172.27.240.27/255.255.240.0 on interface {900C2284-6991-4058-A1CB-454E6D77EDDF} [DHCP-serv: 172.27.255.254, lease-time: 31536000]
Jan 04 4:33:03 PM: Successful ARP Flush on interface [13] {900C2284-6991-4058-A1CB-454E6D77EDDF}
Jan 04 4:33:03 PM: NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: The system cannot find the file specified. (code=2)
Jan 04 4:33:03 PM: WARNING: Failed to renew DHCP IP address lease on TAP-Windows adapter: The system cannot find the file specified. (code=2)
Jan 04 4:33:03 PM: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 04 4:33:08 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 04 4:33:08 PM: Initialization Sequence Completed
Jan 04 4:33:12 PM: DNS set to Split, report follows:
Server - 172.16.4.17:53; Lookup Type - Any; Domains - mycompany.com.
Server - 172.16.4.13:53; Lookup Type - Any; Domains - mycompany.com.
Server - 172.16.4.11:53; Lookup Type - Any; Domains - mycompany.com.
Server - 192.168.128.2:53; Lookup Type - Split; Domains - stage.myproject.internal.
Jan 04 4:33:12 PM: State changed to Connected
Code: Select all
Jan 04 4:35:10 PM: State changed to Connecting
Jan 04 4:35:10 PM: Viscosity Windows 1.7.12 (1581)
Jan 04 4:35:10 PM: Running on Microsoft Windows 10 Pro
Jan 04 4:35:10 PM: Running on .NET Framework Version 4.7.03190.461814
Jan 04 4:35:10 PM: Bringing up interface...
Jan 04 4:35:11 PM: OpenVPN 2.4.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2018
Jan 04 4:35:11 PM: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.09
Jan 04 4:35:11 PM: Checking remote host "openvpn.myproject.com" is reachable...
Jan 04 4:35:12 PM: Server reachable. Connecting to 100.24.189.242.
Jan 04 4:35:12 PM: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 04 4:35:12 PM: TCP/UDP: Preserving recently used remote address: [AF_INET]100.24.189.242:1194
Jan 04 4:35:12 PM: UDP link local: (not bound)
Jan 04 4:35:12 PM: UDP link remote: [AF_INET]100.24.189.242:1194
Jan 04 4:35:12 PM: State changed to Authenticating
Jan 04 4:35:12 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 04 4:35:12 PM: [OpenVPN Server] Peer Connection Initiated with [AF_INET]100.24.189.242:1194
Jan 04 4:35:13 PM: State changed to Connecting
Jan 04 4:35:16 PM: Obsolete option --dhcp-release detected. This is now on by default
Jan 04 4:35:16 PM: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:22: block-ipv6 (2.4.6)
Jan 04 4:35:16 PM: open_tun
Jan 04 4:35:16 PM: TAP-WIN32 device [[email protected]] opened: \\.\Global\{9A438DC0-0275-4A96-B5C0-30861C95031D}.tap
Jan 04 4:35:16 PM: Set TAP-Windows TUN subnet mode network/local/netmask = 172.27.240.0/172.27.240.16/255.255.240.0 [SUCCEEDED]
Jan 04 4:35:16 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 172.27.240.16/255.255.240.0 on interface {9A438DC0-0275-4A96-B5C0-30861C95031D} [DHCP-serv: 172.27.255.254, lease-time: 31536000]
Jan 04 4:35:16 PM: Successful ARP Flush on interface [16] {9A438DC0-0275-4A96-B5C0-30861C95031D}
Jan 04 4:35:16 PM: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 04 4:35:21 PM: Initialization Sequence Completed
Jan 04 4:35:25 PM: DNS set to Split, report follows:
Server - 172.16.4.17:53; Lookup Type - Any; Domains - mycompany.com.
Server - 172.16.4.13:53; Lookup Type - Any; Domains - mycompany.com.
Server - 172.16.4.11:53; Lookup Type - Any; Domains - mycompany.com.
Server - 127.0.0.53:53; Lookup Type - Split; Domains - stage.myproject.internal.
Jan 04 4:35:25 PM: State changed to Connected