My problem is that Linux clients work but Windows 10 Pro ones don’t.
My server configuration is:
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab.crt
key /etc/openvpn/easy-rsa/pki/private/LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.1.0 255.255.255.0
push "dhcp-option DNS e.f.g.h"
push "dhcp-option DNS i.j.k.l"
push "dhcp-option DNS w.x.y.z"
push "route 10.0.220.0 255.255.255.0"
push "route 10.0.100.0 255.255.255.0"
push "block-outside-dns"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
For client that I’m testing I have /etc/openvpn/ccd/oneclient with this content:
Code: Select all
ifconfig-push 10.8.1.93 255.255.255.0Windows 10 Client configuration:
Code: Select all
client
dev tun
proto udp
remote a.b.c.d 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 4
Client log:
Code: Select all
Sun Mar 29 16:49:03 2020 us=94550 Current Parameter Settings:
Sun Mar 29 16:49:03 2020 us=94550 config = 'backup_oneclient.ovpn'
Sun Mar 29 16:49:03 2020 us=94550 mode = 0
Sun Mar 29 16:49:03 2020 us=94550 show_ciphers = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 show_digests = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 show_engines = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 genkey = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 key_pass_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 show_tls_ciphers = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 connect_retry_max = 0
Sun Mar 29 16:49:03 2020 us=94550 Connection profiles [0]:
Sun Mar 29 16:49:03 2020 us=94550 proto = udp
Sun Mar 29 16:49:03 2020 us=94550 local = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 local_port = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 remote = 'a.b.c.d'
Sun Mar 29 16:49:03 2020 us=94550 remote_port = '1194'
Sun Mar 29 16:49:03 2020 us=94550 remote_float = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 bind_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 bind_local = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 bind_ipv6_only = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 connect_retry_seconds = 5
Sun Mar 29 16:49:03 2020 us=94550 connect_timeout = 120
Sun Mar 29 16:49:03 2020 us=94550 socks_proxy_server = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 socks_proxy_port = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 tun_mtu = 1500
Sun Mar 29 16:49:03 2020 us=94550 tun_mtu_defined = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 link_mtu = 1500
Sun Mar 29 16:49:03 2020 us=94550 link_mtu_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 tun_mtu_extra = 0
Sun Mar 29 16:49:03 2020 us=94550 tun_mtu_extra_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 mtu_discover_type = -1
Sun Mar 29 16:49:03 2020 us=94550 fragment = 0
Sun Mar 29 16:49:03 2020 us=94550 mssfix = 1450
Sun Mar 29 16:49:03 2020 us=94550 explicit_exit_notification = 0
Sun Mar 29 16:49:03 2020 us=94550 Connection profiles END
Sun Mar 29 16:49:03 2020 us=94550 remote_random = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ipchange = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 dev = 'tun'
Sun Mar 29 16:49:03 2020 us=94550 dev_type = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 dev_node = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 lladdr = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 topology = 1
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_local = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_remote_netmask = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_noexec = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_nowarn = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_ipv6_local = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_ipv6_netbits = 0
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_ipv6_remote = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 shaper = 0
Sun Mar 29 16:49:03 2020 us=94550 mtu_test = 0
Sun Mar 29 16:49:03 2020 us=94550 mlock = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 keepalive_ping = 0
Sun Mar 29 16:49:03 2020 us=94550 keepalive_timeout = 0
Sun Mar 29 16:49:03 2020 us=94550 inactivity_timeout = 0
Sun Mar 29 16:49:03 2020 us=94550 ping_send_timeout = 0
Sun Mar 29 16:49:03 2020 us=94550 ping_rec_timeout = 0
Sun Mar 29 16:49:03 2020 us=94550 ping_rec_timeout_action = 0
Sun Mar 29 16:49:03 2020 us=94550 ping_timer_remote = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 remap_sigusr1 = 0
Sun Mar 29 16:49:03 2020 us=94550 persist_tun = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 persist_local_ip = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 persist_remote_ip = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 persist_key = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 passtos = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 resolve_retry_seconds = 1000000000
Sun Mar 29 16:49:03 2020 us=94550 resolve_in_advance = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 username = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 groupname = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 chroot_dir = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 cd_dir = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 writepid = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 up_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 down_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 down_pre = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 up_restart = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 up_delay = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 daemon = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 inetd = 0
Sun Mar 29 16:49:03 2020 us=94550 log = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 suppress_timestamps = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 machine_readable_output = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 nice = 0
Sun Mar 29 16:49:03 2020 us=94550 verbosity = 4
Sun Mar 29 16:49:03 2020 us=94550 mute = 0
Sun Mar 29 16:49:03 2020 us=94550 gremlin = 0
Sun Mar 29 16:49:03 2020 us=94550 status_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 status_file_version = 1
Sun Mar 29 16:49:03 2020 us=94550 status_file_update_freq = 60
Sun Mar 29 16:49:03 2020 us=94550 occ = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 rcvbuf = 0
Sun Mar 29 16:49:03 2020 us=94550 sndbuf = 0
Sun Mar 29 16:49:03 2020 us=94550 sockflags = 0
Sun Mar 29 16:49:03 2020 us=94550 fast_io = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 comp.alg = 0
Sun Mar 29 16:49:03 2020 us=94550 comp.flags = 0
Sun Mar 29 16:49:03 2020 us=94550 route_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 route_default_gateway = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 route_default_metric = 0
Sun Mar 29 16:49:03 2020 us=94550 route_noexec = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 route_delay = 5
Sun Mar 29 16:49:03 2020 us=94550 route_delay_window = 30
Sun Mar 29 16:49:03 2020 us=94550 route_delay_defined = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 route_nopull = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 route_gateway_via_dhcp = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 allow_pull_fqdn = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 Pull filters:
Sun Mar 29 16:49:03 2020 us=94550 ignore "route-method"
Sun Mar 29 16:49:03 2020 us=94550 management_addr = '127.0.0.1'
Sun Mar 29 16:49:03 2020 us=94550 management_port = '25340'
Sun Mar 29 16:49:03 2020 us=94550 management_user_pass = 'stdin'
Sun Mar 29 16:49:03 2020 us=94550 management_log_history_cache = 250
Sun Mar 29 16:49:03 2020 us=94550 management_echo_buffer_size = 100
Sun Mar 29 16:49:03 2020 us=94550 management_write_peer_info_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 management_client_user = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 management_client_group = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 management_flags = 6
Sun Mar 29 16:49:03 2020 us=94550 shared_secret_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 key_direction = not set
Sun Mar 29 16:49:03 2020 us=94550 ciphername = 'AES-256-CBC'
Sun Mar 29 16:49:03 2020 us=94550 ncp_enabled = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun Mar 29 16:49:03 2020 us=94550 authname = 'SHA256'
Sun Mar 29 16:49:03 2020 us=94550 prng_hash = 'SHA1'
Sun Mar 29 16:49:03 2020 us=94550 prng_nonce_secret_len = 16
Sun Mar 29 16:49:03 2020 us=94550 keysize = 0
Sun Mar 29 16:49:03 2020 us=94550 engine = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 replay = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 mute_replay_warnings = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 replay_window = 64
Sun Mar 29 16:49:03 2020 us=94550 replay_time = 15
Sun Mar 29 16:49:03 2020 us=94550 packet_id_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 use_iv = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 test_crypto = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 tls_server = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 tls_client = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 key_method = 2
Sun Mar 29 16:49:03 2020 us=94550 ca_file = '[[INLINE]]'
Sun Mar 29 16:49:03 2020 us=94550 ca_path = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 dh_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 cert_file = '[[INLINE]]'
Sun Mar 29 16:49:03 2020 us=94550 extra_certs_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 priv_key_file = '[[INLINE]]'
Sun Mar 29 16:49:03 2020 us=94550 pkcs12_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 cryptoapi_cert = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 cipher_list = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 cipher_list_tls13 = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 tls_cert_profile = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 tls_verify = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 tls_export_cert = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 verify_x509_type = 2
Sun Mar 29 16:49:03 2020 us=94550 verify_x509_name = 'LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab'
Sun Mar 29 16:49:03 2020 us=94550 crl_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 ns_cert_type = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 65535
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_ku[i] = 0
Sun Mar 29 16:49:03 2020 us=94550 remote_cert_eku = 'TLS Web Server Authentication'
Sun Mar 29 16:49:03 2020 us=94550 ssl_flags = 192
Sun Mar 29 16:49:03 2020 us=94550 tls_timeout = 2
Sun Mar 29 16:49:03 2020 us=94550 renegotiate_bytes = -1
Sun Mar 29 16:49:03 2020 us=94550 renegotiate_packets = 0
Sun Mar 29 16:49:03 2020 us=94550 renegotiate_seconds = 3600
Sun Mar 29 16:49:03 2020 us=94550 handshake_window = 60
Sun Mar 29 16:49:03 2020 us=94550 transition_window = 3600
Sun Mar 29 16:49:03 2020 us=94550 single_session = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 push_peer_info = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 tls_exit = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 tls_auth_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 tls_crypt_file = '[[INLINE]]'
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_protected_authentication = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_private_mode = 00000000
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_cert_private = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_pin_cache_period = -1
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_id = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 pkcs11_id_management = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 server_network = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 server_netmask = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 server_network_ipv6 = ::
Sun Mar 29 16:49:03 2020 us=94550 server_netbits_ipv6 = 0
Sun Mar 29 16:49:03 2020 us=94550 server_bridge_ip = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 server_bridge_netmask = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 server_bridge_pool_start = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 server_bridge_pool_end = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_pool_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_pool_start = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_pool_end = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_pool_netmask = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_pool_persist_refresh_freq = 600
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_ipv6_pool_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_ipv6_pool_base = ::
Sun Mar 29 16:49:03 2020 us=94550 ifconfig_ipv6_pool_netbits = 0
Sun Mar 29 16:49:03 2020 us=94550 n_bcast_buf = 256
Sun Mar 29 16:49:03 2020 us=94550 tcp_queue_limit = 64
Sun Mar 29 16:49:03 2020 us=94550 real_hash_size = 256
Sun Mar 29 16:49:03 2020 us=94550 virtual_hash_size = 256
Sun Mar 29 16:49:03 2020 us=94550 client_connect_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 learn_address_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 client_disconnect_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 client_config_dir = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 ccd_exclusive = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 tmp_dir = 'C:UsersIGNACI~1AppDataLocalTemp'
Sun Mar 29 16:49:03 2020 us=94550 push_ifconfig_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 push_ifconfig_local = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar 29 16:49:03 2020 us=94550 push_ifconfig_ipv6_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 push_ifconfig_ipv6_local = ::/0
Sun Mar 29 16:49:03 2020 us=94550 push_ifconfig_ipv6_remote = ::
Sun Mar 29 16:49:03 2020 us=94550 enable_c2c = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 duplicate_cn = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 cf_max = 0
Sun Mar 29 16:49:03 2020 us=94550 cf_per = 0
Sun Mar 29 16:49:03 2020 us=94550 max_clients = 1024
Sun Mar 29 16:49:03 2020 us=94550 max_routes_per_client = 256
Sun Mar 29 16:49:03 2020 us=94550 auth_user_pass_verify_script = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 auth_user_pass_verify_script_via_file = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 auth_token_generate = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 auth_token_lifetime = 0
Sun Mar 29 16:49:03 2020 us=94550 client = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 pull = ENABLED
Sun Mar 29 16:49:03 2020 us=94550 auth_user_pass_file = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 show_net_up = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 route_method = 3
Sun Mar 29 16:49:03 2020 us=94550 block_outside_dns = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ip_win32_defined = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 ip_win32_type = 3
Sun Mar 29 16:49:03 2020 us=94550 dhcp_masq_offset = 0
Sun Mar 29 16:49:03 2020 us=94550 dhcp_lease_time = 31536000
Sun Mar 29 16:49:03 2020 us=94550 tap_sleep = 0
Sun Mar 29 16:49:03 2020 us=94550 dhcp_options = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 dhcp_renew = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 dhcp_pre_release = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 domain = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 netbios_scope = '[UNDEF]'
Sun Mar 29 16:49:03 2020 us=94550 netbios_node_type = 0
Sun Mar 29 16:49:03 2020 us=94550 disable_nbt = DISABLED
Sun Mar 29 16:49:03 2020 us=94550 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Sun Mar 29 16:49:03 2020 us=94550 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Mar 29 16:49:03 2020 us=94550 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Sun Mar 29 16:49:03 2020 us=94550 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 29 16:49:03 2020 us=94550 Need hold release from management interface, waiting...
Sun Mar 29 16:49:03 2020 us=389560 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 29 16:49:03 2020 us=514311 MANAGEMENT: CMD 'state on'
Sun Mar 29 16:49:03 2020 us=514311 MANAGEMENT: CMD 'log all on'
Sun Mar 29 16:49:03 2020 us=735235 MANAGEMENT: CMD 'echo all on'
Sun Mar 29 16:49:03 2020 us=749935 MANAGEMENT: CMD 'bytecount 5'
Sun Mar 29 16:49:03 2020 us=749935 MANAGEMENT: CMD 'hold off'
Sun Mar 29 16:49:03 2020 us=749935 MANAGEMENT: CMD 'hold release'
Sun Mar 29 16:49:03 2020 us=749935 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sun Mar 29 16:49:03 2020 us=749935 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Mar 29 16:49:03 2020 us=749935 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sun Mar 29 16:49:03 2020 us=749935 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Mar 29 16:49:03 2020 us=749935 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Sun Mar 29 16:49:03 2020 us=749935 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sun Mar 29 16:49:03 2020 us=749935 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Sun Mar 29 16:49:03 2020 us=749935 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Sun Mar 29 16:49:03 2020 us=749935 TCP/UDP: Preserving recently used remote address: [AF_INET]a.b.c.d:1194
Sun Mar 29 16:49:03 2020 us=749935 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Mar 29 16:49:03 2020 us=749935 UDP link local: (not bound)
Sun Mar 29 16:49:03 2020 us=749935 UDP link remote: [AF_INET]a.b.c.d:1194
Sun Mar 29 16:49:03 2020 us=749935 MANAGEMENT: >STATE:1585511343,WAIT,,,,,,
Sun Mar 29 16:49:03 2020 us=828850 MANAGEMENT: >STATE:1585511343,AUTH,,,,,,
Sun Mar 29 16:49:03 2020 us=828850 TLS: Initial packet from [AF_INET]a.b.c.d:1194, sid=4cb41c8c 3f370c0f
Sun Mar 29 16:49:03 2020 us=858377 VERIFY OK: depth=1, CN=ChangeMe
Sun Mar 29 16:49:03 2020 us=858377 VERIFY KU OK
Sun Mar 29 16:49:03 2020 us=858377 Validating certificate extended key usage
Sun Mar 29 16:49:03 2020 us=858377 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Mar 29 16:49:03 2020 us=858377 VERIFY EKU OK
Sun Mar 29 16:49:03 2020 us=858377 VERIFY X509NAME OK: CN=LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab
Sun Mar 29 16:49:03 2020 us=858377 VERIFY OK: depth=0, CN=LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab
Sun Mar 29 16:49:03 2020 us=905442 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Sun Mar 29 16:49:03 2020 us=905442 [LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab] Peer Connection Initiated with [AF_INET]a.b.c.d:1194
Sun Mar 29 16:49:04 2020 us=951755 MANAGEMENT: >STATE:1585511344,GET_CONFIG,,,,,,
Sun Mar 29 16:49:04 2020 us=951755 SENT CONTROL [LS00005_0965fef4-6b54-462a-ba28-485f1a1ac5ab]: 'PUSH_REQUEST' (status=1)
Sun Mar 29 16:49:04 2020 us=982805 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS e.f.g.h,dhcp-option DNS i.j.k.l,dhcp-option DNS w.x.y.z,route 10.0.220.0 255.255.255.0,route 10.0.100.0 255.255.255.0,block-outside-dns,route-gateway 10.8.1.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.1.93 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: route options modified
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: route-related options modified
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: peer-id set
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Mar 29 16:49:04 2020 us=982805 OPTIONS IMPORT: data channel crypto options modified
Sun Mar 29 16:49:04 2020 us=982805 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Mar 29 16:49:04 2020 us=982805 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Sun Mar 29 16:49:04 2020 us=982805 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 29 16:49:04 2020 us=982805 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Mar 29 16:49:04 2020 us=982805 interactive service msg_channel=600
Sun Mar 29 16:49:04 2020 us=999462 ROUTE_GATEWAY 192.168.80.1/255.255.255.0 I=7 HWADDR=08:00:27:77:2b:b9
Sun Mar 29 16:49:04 2020 us=999462 open_tun
Sun Mar 29 16:49:04 2020 us=999462 TAP-WIN32 device [Conexión de área local] opened: \.Global{B7A0DF0F-F70E-47FF-A551-D43AF6B72B57}.tap
Sun Mar 29 16:49:04 2020 us=999462 TAP-Windows Driver Version 9.24
Sun Mar 29 16:49:04 2020 us=999462 TAP-Windows MTU=1500
Sun Mar 29 16:49:04 2020 us=999462 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.1.0/10.8.1.93/255.255.255.0 [SUCCEEDED]
Sun Mar 29 16:49:04 2020 us=999462 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.1.93/255.255.255.0 on interface {B7A0DF0F-F70E-47FF-A551-D43AF6B72B57} [DHCP-serv: 10.8.1.254, lease-time: 31536000]
Sun Mar 29 16:49:04 2020 us=999462 DHCP option string: 060c0808 08080909 09099570 7070
Sun Mar 29 16:49:05 2020 us=16355 Successful ARP Flush on interface [14] {B7A0DF0F-F70E-47FF-A551-D43AF6B72B57}
Sun Mar 29 16:49:05 2020 us=16355 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Mar 29 16:49:05 2020 us=16355 MANAGEMENT: >STATE:1585511345,ASSIGN_IP,,10.8.1.93,,,,
Sun Mar 29 16:49:05 2020 us=16355 Blocking outside DNS
Sun Mar 29 16:49:05 2020 us=16355 Using service to add block dns filters
Sun Mar 29 16:49:05 2020 us=55742 Blocking outside dns using service succeeded.
Sun Mar 29 16:49:10 2020 us=389182 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sun Mar 29 16:49:10 2020 us=389182 MANAGEMENT: >STATE:1585511350,ADD_ROUTES,,,,,,
Sun Mar 29 16:49:10 2020 us=389182 C:Windowssystem32route.exe ADD 10.0.220.0 MASK 255.255.255.0 10.8.1.1
Sun Mar 29 16:49:10 2020 us=389182 Route addition via service succeeded
Sun Mar 29 16:49:10 2020 us=389182 C:Windowssystem32route.exe ADD 10.0.100.0 MASK 255.255.255.0 10.8.1.1
Sun Mar 29 16:49:10 2020 us=389182 Route addition via service succeeded
Sun Mar 29 16:49:10 2020 us=389182 Initialization Sequence Completed
Sun Mar 29 16:49:10 2020 us=389182 MANAGEMENT: >STATE:1585511350,CONNECTED,SUCCESS,10.8.1.93,a.b.c.d,1194,,
Server log:
Code: Select all
Mar 29 16:49:03 LS00005 ovpn-server[5188]: MULTI: multi_create_instance called
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Re-using SSL/TLS context
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysi$e 256,key-method 2,tls-server'
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SH$256,keysize 256,key-method 2,tls-client'
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 TLS: Initial packet from [AF_INET]m.n.o.p:30459, sid=15f300e3 e59950f0
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 VERIFY OK: depth=1, CN=ChangeMe
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 VERIFY KU OK
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Validating certificate extended key usage
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 VERIFY EKU OK
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 VERIFY OK: depth=0, CN=oneclient
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_VER=2.4.8
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_PLAT=win
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_PROTO=2
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_NCP=2
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_LZ4=1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_LZ4v2=1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_LZO=1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_COMP_STUB=1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_COMP_STUBv2=1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_TCPNL=1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 peer info: IV_GUI_VER=OpenVPN_GUI_11
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Mar 29 16:49:03 LS00005 ovpn-server[5188]: m.n.o.p:30459 [oneclient] Peer Connection Initiated with [AF_INET]m.n.o.p:30459
Mar 29 16:49:03 LS00005 ovpn-server[5188]: MULTI: new connection by client 'oneclient' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn
option if you want multiple clients using the same certificate or username to concurrently connect.
Mar 29 16:49:03 LS00005 ovpn-server[5188]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/oneclient
Mar 29 16:49:03 LS00005 ovpn-server[5188]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/oneclient
Mar 29 16:49:03 LS00005 ovpn-server[5188]: MULTI: Learn: 10.8.1.93 -> oneclient/m.n.o.p:30459
Mar 29 16:49:03 LS00005 ovpn-server[5188]: MULTI: primary virtual IP for oneclient/m.n.o.p:30459: 10.8.1.93
Mar 29 16:49:05 LS00005 ovpn-server[5188]: oneclient/m.n.o.p:30459 PUSH: Received control message: 'PUSH_REQUEST'
Mar 29 16:49:05 LS00005 ovpn-server[5188]: oneclient/m.n.o.p:30459 SENT CONTROL [oneclient]: 'PUSH_REPLY,dhcp-option DNS e.f.g.h,dhcp-option DNS i.j.k.l,dhcp-option DNS w.x.y.z,ro
ute 10.0.220.0 255.255.255.0,route 10.0.100.0 255.255.255.0,block-outside-dns,route-gateway 10.8.1.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.1.93 255.255.255.0,peer-id 1,c
ipher AES-256-GCM' (status=1)
Mar 29 16:49:05 LS00005 ovpn-server[5188]: oneclient/m.n.o.p:30459 Data Channel: using negotiated cipher 'AES-256-GCM'
Mar 29 16:49:05 LS00005 ovpn-server[5188]: oneclient/m.n.o.p:30459 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mar 29 16:49:05 LS00005 ovpn-server[5188]: oneclient/m.n.o.p:30459 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mar 29 16:49:05 LS00005 ovpn-server[5188]: oneclient/m.n.o.p:30459 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
The problem is dns resolution does not work, however I can ping beyond of tunnel, If I comment block-outside-tunnel, however, everything works fine.
I’ve read a lot of posts about such as viewtopic.php?t=25827 , I’ve tried even disabling smart multi-homed name resolution and windows firewall, didn’t work either… by the way in Windows using OpenVPN GUI 11.14.0.0
Any idea? Is a openvpn misconfiguration?
Thanks in advance!
Возникли трудности при подключение к OpenVPN в Windows 10 и не как не найдете как все исправить? Тогда попробуйте выполнить следующие действия!
Если у вас постоянно возникает проблема подключению к VPN в Windows 10 по протоколу OpenVPN и в журнале подключения процесс замирает на
Blocking outside dns using service succeeded. TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down Route: Waiting for TUN/TAP interface to come up...
Тогда попробуйте выполнить следующие действия, чтобы все заработало!
- В “ПУСК” в поиске напишите команду “ncpa.cpl” и нажмите на клавиатуре “Enter” для перехода
- В меню “Сетевых подключений” выбираем сеть VPN. Определить какое подключение является VPN вам поможет зрительный анализ, у виртуального подключения не будет реального адаптера (Ralink, TP-Link, Atheros, Realtek, Intel)
- Кликните по компоненту IP версии 4 (TCP/IPv4) или IP версии 6 (TCP/IPv6)
- Далее «Дополнительно»
- Снимите галочку с «Автоматическое назначение метрики» и установите собственное значение «1»
- Перезагрузите компьютер, чтобы все изменения вступили в силу
Теперь у вас не должно возникать проблем с подключением к протоколу OpenVPN в Windows 10.
У вас еще остались вопросы? Пишите их в комментариях, рассказывайте, что у вас получилось или наоборот!
Вот и все! Больше полезных статей и инструкций читайте в разделе Статьи и Хаки Android. Оставайтесь вместе с сайтом Android +1, дальше будет еще интересней!
Содержание
- OpenVPN Support Forum
- [SOLVED] DNS resolution fails with «block-ouside-dns» on Windows client
- [SOLVED] DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- Re: DNS resolution fails with «block-ouside-dns» on Windows client
- OpenVPN Support Forum
- Openvpn and vpnbook and —block-outside-dns
- Openvpn and vpnbook and —block-outside-dns
- Re: Openvpn and —block-outside-dns
- Re: Openvpn and vpnbook and —block-outside-dns
- Re: Openvpn and vpnbook and —block-outside-dns
- Re: Openvpn and vpnbook and —block-outside-dns
- Re: Openvpn and vpnbook and —block-outside-dns
- OpenVPN Support Forum
- block-outside-dns in Advanced VPN settings
- block-outside-dns in Advanced VPN settings
- Re: block-outside-dns in Advanced VPN settings
- Re: block-outside-dns in Advanced VPN settings
- Re: block-outside-dns in Advanced VPN settings
- Re: block-outside-dns in Advanced VPN settings
- OpenVPN Support Forum
- [Solved] block-outside-dns and cannot resolve host address issue
- [Solved] block-outside-dns and cannot resolve host address issue
- Re: block-outside-dns and cannot resolve host address issue
- Re: block-outside-dns and cannot resolve host address issue
- Re: block-outside-dns and cannot resolve host address issue
- Re: block-outside-dns and cannot resolve host address issue
- OpenVPN Support Forum
- [Solved] Windows 10 — block-outside-dns — wpad issues
- [Solved] Windows 10 — block-outside-dns — wpad issues
OpenVPN Support Forum
Community Support Forum
[SOLVED] DNS resolution fails with «block-ouside-dns» on Windows client
[SOLVED] DNS resolution fails with «block-ouside-dns» on Windows client
Post by sebelk » Sun Mar 29, 2020 9:16 pm
My problem is that Linux clients work but Windows 10 Pro ones don’t.
My server configuration is:
For client that I’m testing I have /etc/openvpn/ccd/oneclient with this content:
The problem is dns resolution does not work, however I can ping beyond of tunnel, If I comment block-outside-tunnel, however, everything works fine.
I’ve read a lot of posts about such as viewtopic.php?t=25827 , I’ve tried even disabling smart multi-homed name resolution and windows firewall, didn’t work either. by the way in Windows using OpenVPN GUI 11.14.0.0
Any idea? Is a openvpn misconfiguration?
Thanks in advance!
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by Pippin » Sun Mar 29, 2020 9:25 pm
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by TinCanTech » Sun Mar 29, 2020 9:26 pm
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by Pippin » Sun Mar 29, 2020 9:27 pm
I will move myself to Doh!
Edit:
No wait, it’s possible those Linux clients do not set DNS.
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by sebelk » Sun Mar 29, 2020 10:05 pm
Finally I’ve found this one https://community.openvpn.net/openvpn/ticket/882 that helped to fix it!
The solution is
And so for every IP DNS Server you want to push
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by TinCanTech » Sun Mar 29, 2020 10:17 pm
Finally I’ve found this one https://community.openvpn.net/openvpn/ticket/882 that helped to fix it!
The solution is
And so for every IP DNS Server you want to push
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by Pippin » Sun Mar 29, 2020 10:19 pm
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by sebelk » Sun Mar 29, 2020 10:33 pm
Thanks Pippin, I’ve just fixed and delete the typo «/32»
If you wish the post can be marked as «solved»
Re: DNS resolution fails with «block-ouside-dns» on Windows client
Post by sebelk » Sun Mar 29, 2020 10:35 pm
Finally I’ve found this one https://community.openvpn.net/openvpn/ticket/882 that helped to fix it!
The solution is
And so for every IP DNS Server you want to push
Источник
OpenVPN Support Forum
Community Support Forum
Openvpn and vpnbook and —block-outside-dns
Openvpn and vpnbook and —block-outside-dns
Post by elboppo » Sun Jan 24, 2016 2:50 am
As the subject line says I am trying to get openvpn and vpnbook to stop the dns leak so my question is as follows:
where do I put the «—block-outside-dns»??
any help would be greatly appreciated
Re: Openvpn and —block-outside-dns
Post by phousen » Sun Mar 27, 2016 7:29 am
Me too, I would like some help with this.
I have upgraded openvpn to version 2.3.10 on my ubuntu server and on my win10 client.
When I add —block-outside-dns or block-outside-dns to the config file on the ubuntu server and restart the openvpn service, it fails. So since I cannot push that option to the client, I tried configuring it on the client.
When I add —block-outside-dns or block-outside-dns to the configuration file on the client, it has no effect. The tunnel interface has google DNS set, but nslookup still uses my ISPs DNS.
Here are the configs that I have tried:
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
push «dhcp-option DNS 8.8.8.8»
push «dhcp-option DNS 8.8.4.4»
block-outside-dns
on the client:
client
dev tun
tun-ipv6
proto udp
remote x.x.x
pull
block-outside-dns
Re: Openvpn and vpnbook and —block-outside-dns
Post by rseiler » Mon Mar 28, 2016 12:47 am
That’s interesting, since adding it to the opvn on the Win10 client here (I have no control over the server) definitely has an effect: no DNS at all, so the connection is basically useless.
My theory is that another change needs to be made to the file beyond just that addition.
Re: Openvpn and vpnbook and —block-outside-dns
Post by phousen » Tue Apr 05, 2016 5:31 am
Re: Openvpn and vpnbook and —block-outside-dns
Post by agbelang » Tue Jul 26, 2016 12:05 am
Is this thread still alive?
My experience is that Win10 clients are still not working. The block-outside-dns command does stop all traffic because the DNS leak is plugged and there is no default gateway assigned on the VPN tunnel. I have tried everything I can think of to assign the gateway but nothing works. I have run the openvpn GUI as administrator, tried pushing various commands from the server, running those same various commands directly on the client; but everything results in no default gateway assigned.
I have read that win10 doesn’t like to accept manually assigned gateways. Is there another way to do this in openvpn? Maybe through DHCP or something?
Re: Openvpn and vpnbook and —block-outside-dns
Post by TinCanTech » Tue Jul 26, 2016 4:08 pm
This thread was for using —block-outside-dns with vpnbook.
Please post your problem, with the correct details, in this forum:
viewforum.php?f=6
Please see the Forum rules (top of that page)
Источник
OpenVPN Support Forum
Community Support Forum
block-outside-dns in Advanced VPN settings
block-outside-dns in Advanced VPN settings
Post by csmithhelena » Wed Apr 27, 2016 11:48 pm
Re: block-outside-dns in Advanced VPN settings
Post by Traffic » Thu Apr 28, 2016 11:06 am
Re: block-outside-dns in Advanced VPN settings
Post by Pippin » Thu Apr 28, 2016 11:47 am
Re: block-outside-dns in Advanced VPN settings
Post by csmithhelena » Thu Apr 28, 2016 7:23 pm
Re: block-outside-dns in Advanced VPN settings
Post by csmithhelena » Fri Apr 29, 2016 7:23 am
OK, I have not tried the Config directives box yet. But I did try the standalone 2.3.10 client and used the «—block-outside-dns» parameter and it didn’t seem to do anything when connecting from home to our OpenVPN Access Server 2.0.25 at work. The problem that I am trying to fix is that on most Windows 10 PCs (but not all? Maybe always 10 Pro but not 10 Home? I am not sure) that it always uses my local DNS server resolution instead of the one pushed by the VPN server (we have the setting enabled to tell clients to use certain DNS servers).
The only around it that I know of so far without setting the actual DNS servers on my local network adapters when connected to the VPN was to disable my Wi-Fi and do the netsh thing for both IPv4 and IPv6, e.g. (what I actually did):
netsh int ipv4 set int «Ethernet» metric=110
netsh int ipv6 set int «Ethernet» metric=110
And that worked beautifully.
But, I should say that I am on Time Warner Roadrunner and my computer is plugged directly into the cable modem and I wonder if there is something strange there. The only VPN I use is OpenVPN but my internet seems fine.
The beginning of the post here discusses my same problem: https://community.openvpn.net/openvpn/ticket/605
I don’t think «block-outside-dns» is going to fix my problem. So I still need help?
Источник
OpenVPN Support Forum
Community Support Forum
[Solved] block-outside-dns and cannot resolve host address issue
[Solved] block-outside-dns and cannot resolve host address issue
Post by SGWW » Thu May 26, 2016 2:28 pm
I’ve noticed an unpleasant issue which is caused by block-outside-dns and realy need advice how to overcome it.
The issue occurs on the latest 2.3.11 daemon on windows OS when block-outside-dns is used in server config
and remote dns name (not IP address) is used in client config.
As it write in documentation —block-outside-dns prevents Windows from accessing TCP or UDP port 53 except one inside the tunnel. However, when the reconnection occurs (because of bad link or —resolv-retry 3600) the windows client software fails to resolve the hostname of vpn server obviously because of —block-outside-dns.
I can not to disable —block-outside-dns cause want to have a protection against DNS-leak.
The only «solution» I found is —resolv-retry 0 which unfortunatly force user to initiate connection from scrach and to provide it’s credentials again.
Might be someone can give a good recomendation how to fix this behaviour?
Thanks in advanced
Re: block-outside-dns and cannot resolve host address issue
Post by Traffic » Thu May 26, 2016 7:41 pm
Re: block-outside-dns and cannot resolve host address issue
Post by SGWW » Fri May 27, 2016 9:04 am
Thank you for the reply.
Sure, static IP is a fix, however we need DNS round-robin and the ability to change servers’s IPs (don’t want to resend client’s configs every time this happen).
PS I am not a professional developer but this issue looks like a software feature or bug. The simple solution is just to keep the remote IP (after the first success dns query) in some variable and then uses it when need to reconnect. Is it worth to create a bug/feature request?
Re: block-outside-dns and cannot resolve host address issue
Post by Traffic » Fri May 27, 2016 5:54 pm
The filters that block external dns are removed at reconnect, so this
should not happen — provided the client detects the connection drop and
restarts (by say ping-restart).
Need to look at the logs to see what the real issue is.
Re: block-outside-dns and cannot resolve host address issue
Post by SGWW » Sun May 29, 2016 9:13 am
System DNS does not work too until the current openvpn connection manyally close.
Источник
OpenVPN Support Forum
Community Support Forum
[Solved] Windows 10 — block-outside-dns — wpad issues
[Solved] Windows 10 — block-outside-dns — wpad issues
Post by lexios » Wed Jun 20, 2018 6:30 am
Hello to the community.
Using Windows 10 1803 (and 1709) and trying to make OpenVPN work properly as a client.
I imported «setenv opt block-outside-dns» on the client configs and the results are as expted, thus, the OpenVPN interface is automatically set to InterfaceMetric = 3 and DNS queries on other interfaces is blocked.
Up to this point everything works as expected, the clients connect to the BSD OpenVPN server fine.
BUT, this setup works properly only when connecting over the Wifi interface.
If we connect via Ethernet, again the client properly connects and routing works fine.
1. I can ping internal and external hosts
2. I can nslookup properly any hostname
But what I can’t do is to browse the Internet via Edge or IE or PS Invoke-WebRequest.
* IE
When opened, it remains in an «opening state» where we see the IE window but nothing is loaded.
In addition, we can’t even get to IE menus as the browser seems not be fully loaded.
* Edge
Opens up and nothing is loading. When entering any hostname,IP the browser doesn’t even try to load the page.
It’s like it just stays there.
* Invoke-WebRequest -uri xxx.xxx.xx
Huings without erroring out
* Firefox
WORKS FINE
All of the above will never timeout and will just stay in that state indefinitely.
At that point, if I kill the OpenVPN client service, everything is waken up and functions properly.
Now the above behavior does not happen if I don’t use the block-outside-dns
At that point, I tried to disable the wpad script on IE (that would affect the OS as well) and the issue was resolved.
Summarizing when the issue occurs:
1. When connected to Ethernet only AND
2. When using the native software (not Firefox) AND
3. When wpad script is in use AND
4. When block-outside-dns is used
I know this is a possible scenario for many enterprises (using a wpad script) and also -block-outside-dns is avoiding DNS leakage which is also necessary from a security perspective.
It seems like the problem has something to do with resolving something on DNS (dnscache ?) and not being able to do so.
Since the wpad script is the first DNS lookup a browser will do in Windows there could be an issue where this lookup is killed by block-outside-dns.
I have noticed that there is a strange lookup being made repeatedly when the browsers open for the first time after a reboot
What I am thinking of trying is to disable Multi-Homed DNS resolution.
Anyone else has faced this strange issue?
—
Alex
Источник
(Moved from ‘DHCP and DNS’ as this is OpenVPN issue)
I am having an issue with one of our remote users who can no longer access our LAN.
I have a couple of others who also access the servers from overseas with no issue.
This has only occurred in the last few weeks and nothing has been knowingly changed at either end.
On Friday an attempt was made to create a new connection for the user and doing a clean install of the client using the ‘Client Export’ created installer.
The log appears to show everything starting ok until the Blocking DNS service tried to start.
Quote
Fri Nov 03 15:07:08 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Fri Nov 03 15:07:08 2017 Windows version 6.1 (Windows 7) 64bit
Fri Nov 03 15:07:08 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Fri Nov 03 15:07:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.x.xx.xxx:1194
Fri Nov 03 15:07:08 2017 Attempting to establish TCP connection with [AF_INET]xx.x.xx.xxx:1194 [nonblock]
Fri Nov 03 15:07:09 2017 TCP connection established with [AF_INET]xx.x.xx.xxx:1194
Fri Nov 03 15:07:09 2017 TCP_CLIENT link local (bound): [AF_INET][undef]:0
Fri Nov 03 15:07:09 2017 TCP_CLIENT link remote: [AF_INET]xx.x.xx.xxx:1194
Fri Nov 03 15:07:11 2017 [server] Peer Connection Initiated with [AF_INET]xx.x.xx.xxx:1194
Fri Nov 03 15:07:12 2017 open_tun
Fri Nov 03 15:07:12 2017 TAP-WIN32 device [Local Area Connection 9] opened: .Global{0971897D-033D-4511-868E-2D97DD43E0BF}.tap
Fri Nov 03 15:07:12 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.171.0/192.168.171.8/255.255.255.0 [SUCCEEDED]
Fri Nov 03 15:07:12 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.171.8/255.255.255.0 on interface {0971897D-033D-4511-868E-2D97DD43E0BF} [DHCP-serv: 192.168.171.254, lease-time: 31536000]
Fri Nov 03 15:07:12 2017 Successful ARP Flush on interface [26] {0971897D-033D-4511-868E-2D97DD43E0BF}
Fri Nov 03 15:07:12 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Nov 03 15:07:12 2017 Block_DNS: adding block dns filters using service failed: There are no more endpoints available from the endpoint mapper. [status=0x6d9 if_index=26]
Fri Nov 03 15:07:12 2017 Blocking DNS failed!
Fri Nov 03 15:07:12 2017 Exiting due to fatal error
Any advice on the cause and how to rectify this would be greatly appreciated.
I’ve been struggling with this exact issue for 2 days before finding the solution that worked for me here:
https://unix.stackexchange.com/a/470940
TL;DR
$ cd /etc/NetworkManager/system-connections
This is where connections created with the Network Manager are stored.
$ sudo nmcli connection modify <vpn-connection-name> ipv4.dns-priority -42
Simple command to modify the connection config file. Could be done manually as well but this way I believe is easier.
$ sudo service network-manager restart
Make the changes apply to your system.
Basically copy pasted from the link above, credit to original author.
If your system doesn’t know nmcli, or adding connections using the Network Manager GUI throws an error, I recommend this link
Now for what’s less of an explanation and more of a comment (rather clueless myself).
I tried many of the solutions including resolv.conf, dnsmasq and dnscrypt, all of which lead to my internet being blocked either entirely or when the vpn connection was turned off. None of them solved the dns leak, according to dnsleaktest.com.
If any of these are attempted, each step along the way should be tracked as to be able to reverse them in case of an undesired outcome. It took me no short amount of time to fix my broken internet time and time again without, guess what, internet. I am not claiming that these solutions do not work period, I very possibly made some mistake somewhere.
The solution I linked to however has the imho huge advantage that it does not mess with general network settings, but just with the one connection you’re modifying.
Next, block-outside-dns, as mentioned in here before, is a windows only solution and threw some sort of not recognized option error on my ubuntu system.
Using ovpn cli commands did not solve the leak either for me.
The link I provided mentions an explanation (here) about some version inconsistencies that are fixed in ubuntu 18.10, maybe someone with more expertise on this topic cares to explain further. If that’s true, LTS users will have to wait for april next year afaik.
Lastly I want to point out that for residents of countries with internet censorship, dns leak poses a heavy issue because allowing the local isp access to your traffic can and will lead to censored domains being blocked despite being connected to a vpn. So for future visits to china etc., this is something you want to take care of beforehand.
Hope this helps.