Hey Guys, I setup OpenVPN (for the first time ever) on my router and I can connect just fine, and at first DNS didn't work at all when forcing all resolution queries through the VPN. After some searching I saw that a good way to check it to push a public DNS server out from the VPN server, so I set mine to 8.8.8.8, disconnected, and then reconnected and external DNS resolution worked perfectly (google and other sites).
VPN clients (which are on subnet 10.10.10.0/32) are allowed to contact my main network (192.168.1.0/24) and routing is correct since I can access my internal sites and clients via their IP addresses, but internal DNS resolution doesn't work at all when I push my internal DNS resolver at 192.168.1.1, nor does external DNS resolution (Google, yahoo, etc...). What's wrong here? I don't see any requests blocked by the firewall.
Here's my server config
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local [external IP]
tls-server
server 10.10.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/1
client-cert-not-required
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Time based One Time Password VPN Access Server' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'SSL+VPN+Server+Certificate' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DOMAIN mydomain.us"
push "dhcp-option DNS 192.168.1.1"
push "register-dns"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
Client Config
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote [external IP] 1194 udp
lport 0
auth-user-pass
ca router-udp-1194-ca.crt
tls-auth router-udp-1194-tls.key 1
ns-cert-type server
comp-lzo adaptive
Edit:After some more investigation, it seems that DNS queries are going to 10.10.10.1:53 instead of 192.168.1.1:53, even though I'm forcing 192.168.1.1!
No one can help?
There queries usually go where OpenVPN listens to (selected interface). Isn't that the case here? Are you using DNS resolver setups where "ALL" is not used for interface selections?
@brando56894 - have you been able to resolve your issue with DNS and OpenVPN?
I am in a similar situation that road-warriors can't resolve internal hostnames...
after some try and error I can give the answer to myself :)
when using DNS forwarder, the interface-option was set to "all" - after changing it to LAN and OpenVPN I am able to resolve hostnames from a road warrior!