Push DNS not working with OpenVPN Connect Client 3.5.0

[trixter]

Got back to the Lab and confirmed OpenVPN Connect Client 3.5.0 is a mess !!!

Client 3.5.0 does not insert DNS from OpenVPN-Server (Opnsense 24.7.6/Openvpn 2.6.12) propperly !!
Symptoms are  : nslookup works fine, other services like ping or browser are not able to resolve DNS-Names to IPs.

Solution:
Downgraded to 3.4.4 (3412) an it works like intended.

Sorry to say that the new one is buggy, but it looks better with the former one.

[klosz007]

Hi,

I thought OVPN Connect was primarily intended to be used with their OVPN Access Server, not with the open-source OVPN servers (the one being part of OPNsense) ?

Why just not use OVPN community client which works very well with OVPN open-source server (built into OPNsense) ?
My colleague once tried to use OVPN Connect to connect with OVPN server on my OPNsense and he could not make it work at all (I forgot to instruct him to use community OVPN client, not OVPN Connect).

Besides this complaint should be rather posted on OVPN forums :-)

[trixter]

As far as I'm informed OpenVPN Connect is the recommended Client for use with OpenVPN-Servers.

Besides this complaint should be rather posted on OVPN forums :-)

As long as OpnSense is so widly used as VPN-Server, as log concerns with those clients do belong in this forum. To inform other users, that failures might belong to these faulty clients.

[Patrick M. Hausen]

As far as I'm informed OpenVPN Connect is the recommended Client for use with OpenVPN-Servers.

As far as I know only if you also run their commercial server. Open source client for everything else.

[trixter]

As far as I'm informed OpenVPN Connect is the recommended Client for use with OpenVPN-Servers.

As far as I know only if you also run their commercial server. Open source client for everything else.

Okay, whats the "Open source" Client for Windows 11 then ?

[Patrick M. Hausen]

https://openvpn.net/community-downloads/

[klosz007]

As far as I'm informed OpenVPN Connect is the recommended Client for use with OpenVPN-Servers.

As long as OpnSense is so widly used as VPN-Server, as log concerns with those clients do belong in this forum. To inform other users, that failures might belong to these faulty clients.

I think your misunderstanding comes from the fact that OpenVPN Connect is in fact client dedicated to commercial OpenVPN solutions (Access Server etc.). It "should" work with "most" OpenVPN opensource solutions but that does not sound like "supported" or "guaranteed". It should not be your first go to option for OPNsense.

The dedicated client for opensource OVPN solutions (so the one in OPNsense for example) is the "communtity OVPN client" (available in Community downloads of OpenVPN), not OVPN Connect which is dedicated for their commercial solutions.

[trixter]

For sure, this was my first try in scale with OpenVPN.

Tried OpnSense with the OpenVPN Connect 3.4.4 an it worked perfectly.

Then came the CVE-notice, so we made the upgrade to 3.5.0 that killed it.

The OpenVPN 2.6.12. again, works totaly fine - so we will go with this.

In former days I made a replacement for anging cisco asa with OpenConnect VPN Servers.
Those Servers were a swapout-replacement for asa - clients stayed untouched.

So my hope was to replace an old Open-VPN-Server, by OpnSense without rolling out new Clientsoftware (OpenVPN Connect allready on those Clients) Just a new profile to import, and go.

It looks like, there are some differences in the commercial path.
Thats sad, because the community-client looks a bit dusty, and re-enginering the wheel makes not much sense to me.