Viscosity manipulating Windows DNS settings

Got a problem with Viscosity or need help? Ask here!

mbit

Posts: 4
Joined: Wed Jan 15, 2014 12:49 am

Post by mbit » Thu Feb 25, 2016 12:12 am
Since one of the last updates, Viscosity is manipulating my Windows DNS settings all the time. You can't imagine how annoying this is.

When connecting to VPN using Viscosity, the connection will work, however any other software like my browser will throw errors that the DNS resolution isn't possible. So I'll go and edit my LAN adapters settings, IPv4 settings and will find that where my DNS settings have been, Viscosity placed either an empty setting or localhost (127.0.0.1). I always have to put my DNS servers (8.8.8.8 / 8.8.4.4) here again manually to fix my Internet connection.

The same will appear after every re-connection, and as I have so switch between VPNs kind of often, this is TERRIBLY annoying.

Can you please advise how to fix this? Manipulating DNS wasn't necessary before, can't see why this behaviour popped up now.

Just to mention, in the Viscosity connection settings I already tried setting "DNS" from "Automatic" to "Disabled", but of course this doesn't help as well.

Thanks in advance for your advise.

miqueltango

Posts: 3
Joined: Thu Feb 25, 2016 2:55 am

Post by miqueltango » Thu Feb 25, 2016 2:58 am
I am having the same issue with version 1.6.1 (1419) now need to lookup the IP of the every server I need to manage. Please fix and update.

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Feb 25, 2016 11:32 am
Hi mbit and miqueltango,

Please take a look at the following Blog post for how DNS has changed in version 1.6:
http://sparklabs.com/blog/upcoming-dns- ... osity-1-6/

Viscosity changing DNS Settings on WIndows is by design to meet the DNS Setup that is required. If you do not wish for this to happen, you can set the DNS Mode for all connections to Disabled, but your VPN DNS will not be used at all.

If you take a look at the log, it will show you have DNS is setup once connected:
http://sparklabs.com/support/kb/article ... envpn-log/

Settings adapters to 127.0.0.1 is so the DNS Proxy is used when the DNS Mode is set to Split. This should be reverted when all connections are disconnected.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

rps

Posts: 11
Joined: Wed Mar 18, 2015 5:05 am

Post by rps » Fri Feb 26, 2016 2:43 am
This is affecting our users as well. Is there a way to push DNS settings from the server CCD files? Or do we need to have users re-download their client configuration?

Our model:

VPN pushes down DNS but only routes to authorized resources, most of which are RFC1918. "Full DNS" or being able to split DNS by domain is the ideal setting in this scenario but because we use a split-route VPN "Automatic" defaults to using existing DNS servers which don't have visibility of RFC1918 hosts.

On a side note this is probably better in a separate post, but I'm also getting reports that on boot the VPN fails to connect on startup until the user manually connects. I'll need to track down a Windows PC to verify.

Edit 1:

Adding both
Code: Select all
push "dhcp-option DNSMODE split"


and
Code: Select all
push "dhcp-option DOMAIN mydomain.com"


to the server configuration should achive the desired result, correct? Will DNSMODE and DOMAIN options affect the non-Vicosity clients (e.g. Linux CLI and Android OpenVPN Connect)

Edit 2:

This seems to work. On OS X I wasn't seeing it work as intended because I was using "host" which goes against /etc/resolv.conf (legacy UNIX support) instead of the normal OS X DNS resolver.

Edit 3:

Is there a way to push multiple domains for the Split DNS service?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Feb 26, 2016 9:53 am
Hi rps,
rps wrote:
This is affecting our users as well. Is there a way to push DNS settings from the server CCD files? Or do we need to have users re-download their client configuration?
Are you able to be more specific as to what the exact problem you are facing is? Is the issue when you are connected or are you facing issues when disconnected or settings up as well? Has the setup you have mentioned in your edits resolved any issues you were facing?
rps wrote:
Will DNSMODE and DOMAIN options affect the non-Vicosity clients (e.g. Linux CLI and Android OpenVPN Connect)
DNSMODE should be ignored by any other client. DOMAIN is a standard OpenVPN command and should be handled correctly by the operating system that receives it.
rps wrote:
Is there a way to push multiple domains for the Split DNS service?
You can repeat the usage of push "dhcp-option DOMAIN mydomain.com" as many times as you need to.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

rps

Posts: 11
Joined: Wed Mar 18, 2015 5:05 am

Post by rps » Fri Feb 26, 2016 9:13 pm
Split DNS seems to work in OS X for a.domain.com and b.a.domain.com but on Windows 10 only a.domain.com works (not a.b.domain.com). I've also tried the 1.6.2 beta and no luck.

I disagree with the implementation decision that you've made to not direct any and all subdomain lookups for a domain pushed through the VPN in split DNS mode to VPN DNS servers since if that functionality were not desired the easy solution would be to only specify the individual subdomains.

In our case we have a domain structure that means most domains are 2 or 3 levels deep (e.g. b.a.domain.com or c.b.a.domain.com) and the number of domains used would mean pushing down nearly 100 domains which I would rather not do. With the current implementation this almost forces me to use Full DNS instead of Split DNS which is unfortunate.

I'm personally on a Mac, so I assumed Split DNS was working correctly when I was able to resolve most of my b.a.domain.com lookups through the VPN (verified by packet capture). Unfortinately the Windows behavior is different and makes Split DNS useless in our case.

This is a plea to consider one of the following options (ranked best to worst):

1. Direct DNS lookups for any number of subdomains to VPN provided DNS servers since this makes the most sense for a split DNS configuration (I have no idea what the use case is for not wanting it to work this way).

or

2. Make the Windows client work the same way as the Mac client and allow up to 2 levels of subdomain matching.

swsjr

Posts: 2
Joined: Sun Feb 28, 2016 1:34 am

Post by swsjr » Sun Feb 28, 2016 1:43 am
Same or similar issue. WIN DNS settings are completely wiped every time I disconnect from Viscosity. They do not 'revert' no matter what DNS setting I use and I must reset them manually every time. As I believe the original poster stated, "This is beyond annoying.

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Feb 29, 2016 1:27 pm
Hi rps,

We are doing some testing to see if we can find a safe way to integrate this behaviour into Viscosity's DNS system. In the mean time we recommend using Full DNS.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Feb 29, 2016 1:33 pm
Hi swsjr,

Are you using static DNS settings when not connected to a VPN? Are these static DNS settings not being reapplied when you disconnect? Are you making any changes to Windows DNS while connected to a VPN?

Could you please post (or you may prefer to email us this information to keep it off a public forum) some further information to what is happening? Could you please post the following:

A copy of ipconfig -all before you connect.
The full output of your log and ipconfig -all after you connect
A copy of ipconfig -all after you disconnect.

To get ipconfig -all, go to Start, type cmd and press enter. In the command prompt window, type 'ipconfig -all' without quotes and press enter. Then right click in the cmd window, select Mark, you can then select all the output and press Enter to copy it.

To get a copy of the log, please see the following - http://sparklabs.com/support/kb/article/viewing-the-openvpn-log/

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed Mar 02, 2016 12:53 pm
Hi,

Legacy downloads are available on the Downloads page. Please note we do not support these versions, they are made available only for users on older operating systems.

We still do not know the issue you are facing. The detail you have provided has not allowed us to help you at all and to find if there is a problem with Viscosity that we can fix or allow us to help you with your configuration that might be causing an issue.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
23 posts Page 1 of 3