OpenVPN dhcp-option DNS not working

[bazbaz]

Hi,
I have an OpenVPN access server to allow road warriors to establish a dialup VPN, validating credentials via LDAP+MFA.

All work well: tunnel is up and traffic is ok.

The only problem is that I need to assign an internal DNS Server resolver to connected clients. So I specified server's IP in instance settings, and in log I can find "SENT CONTROL []: 'PUSH_REPLY,register-dns,[.....]dhcp-option DNS 10.77.3.2,dhcp-option NTP 10.77.3.2[....]".

But this does not work, and client still is using only DNS servers it has before to start VPN. Any idea? I tried both with old "servers" settings and new "instances".
The client is OpenVPN Connect on Windows 11

[newsense]

Have a port forward on the VPN interface redirecting all DNS queries to your chosen resolver.

[bazbaz]

the problem is not on the firewall: if try manually to

nslookup
server x.x.x.x
mydomain.local

where x.x.x.x is the IP behind the tunnel, it works.

However, after many other tests, I discovered that "it work but I don't know why". If I run nslookup, I see that it points to local DNS server as resolver, and cannot solve internal names from DNS behind the VPN.
If I perform a "ping mydomain.local".. it works.

ipconfig /all does not reports the DNS server assigned by the VPN

so.. it works but I cannot understand why and how

[meschmesch]

add

Code Select Expand

block-outside-dns
to your client.ovpn

[bazbaz]

strange: it reports "unknown/unsupported options" when I try to connect

[meschmesch]

The client should be able to use it (I assume the client is so outdated). Irrespective make sure you indicate the correct DNS server in the server settings. In my case since I'm using adguard I additionally have a port forwarding that forwards any DNS requests originating from OpenVPN and not directed to the indicated DNS Server to the correct (internal) DNS server.

[bazbaz]

but your "ipconfig /all" and "nslookup" report the IP address of DNS server you assign from the VPN setting?

[meschmesch]

YES!