2

What setting causes openvpn to block third party DNS request, the windows client logs on connection: block IPv6 DNS requests from other apps

netsh interface ip set dnsservers 5 static 192.168.100.1 register=primary validate=no
NRPT::ActionCreate names=[.] dns_servers=[192.168.100.1]
ActionWFP openvpn_app_path=C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe tap_index=5 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 3c0f000000000000
⏎2/1/2021, 4:46:53 PM Connected via TUN_WIN

log in openvpn client Client configuration:

client
proto tcp-client
remote mydomain 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_xxx name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 2

I read the Troubleshooting DNS resolution problems but this seems to be a specific setting producing this log.

Jesus Marval
  • 21
  • 3
  • 1
    This has nothing to do with openvpn. openvpn itself does not have a mechanism to block specific requests (for that task, firewalls exist!). Sounds like the windows firewall, but that is a guess. I have no clue what programm could be causing this... – Martin Feb 02 '21 at 08:20
  • Where exactly did you find this text? – Michael Hampton Feb 02 '21 at 11:17
  • In windows the openvpn client has a a log tab...thee – Jesus Marval Feb 02 '21 at 17:27
  • I tested the same config file in ubuntu 18 and allows the DNS request from ping or a browser. There is NO "block IPv4 DNS requests from other apps" in the log. I wonder if it is "openvpn connect" windows client issue or windows issue. But is no longer a openvpn server issue. – Jesus Marval Feb 02 '21 at 21:14
  • This message is output by the `netsh` program, not OpenVPN. And why `netsh` says that is very different question. – Nikita Kipriyanov Feb 13 '21 at 09:11
  • This is an issue with OpenVPNConnect clinet, and has noting to do with openvpn configuration unless you are pushing "block-outside-dns" to the client. So the question is how to undo this behavior. – M0nZDeRR Jul 21 '21 at 20:37

0 Answers0