1
I'm connecting to my company VPN using OpenVPN. My VPN network is 192.168.32.x and it resolves to the company network which uses 10.0.x.x. My home network users 192.168.1.x.
When I connect, Open VPN adds the routes and installs the primary DNS, which is what is supposed to happen. I've verified that this is the case by using ipconfig /all, and route print.
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : xxxxx.net <-I've xxx'd the actual domain
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-35-83-90-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc01:9ac9:695f:87e2%32(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.32.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Wednesday, April 23, 2014 9:08:21 PM
Lease Expires . . . . . . . . . . : Thursday, April 23, 2015 9:08:35 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.32.5
DHCPv6 IAID . . . . . . . . . . . : 453050165
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-E0-67-2F-A0-B3-CC-20-FC-87
DNS Servers . . . . . . . . . . . : xxx.x.xxx.xx <-I've xxx'd the actual public IP
Primary WINS Server . . . . . . . : 10.0.0.82
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Con
troller (NDIS 6.20)
Physical Address. . . . . . . . . : A0-B3-CC-20-FC-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e86f:e3f8:585b:2be6%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 23, 2014 9:08:20 PM
Lease Expires . . . . . . . . . . : Thursday, April 24, 2014 9:08:20 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 295744460
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-E0-67-2F-A0-B3-CC-20-FC-87
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Here is my route print:
C:\Users\Phil>route print
===========================================================================
Interface List
32...00 ff 35 83 90 6d ......TAP-Windows Adapter V9
17...c4 85 08 07 68 aa ......Microsoft Virtual WiFi Miniport Adapter #2
16...c4 85 08 07 68 aa ......Microsoft Virtual WiFi Miniport Adapter
15...c4 85 08 07 68 a9 ......Intel(R) Centrino(R) Advanced-N 6235
13...a0 b3 cc 20 fc 87 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (
NDIS 6.20)
1...........................Software Loopback Interface 1
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.116 10
10.0.0.0 255.255.255.0 192.168.32.5 192.168.32.6 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.116 266
192.168.1.116 255.255.255.255 On-link 192.168.1.116 266
192.168.1.255 255.255.255.255 On-link 192.168.1.116 266
192.168.32.1 255.255.255.255 192.168.32.5 192.168.32.6 30
192.168.32.4 255.255.255.252 On-link 192.168.32.6 286
192.168.32.6 255.255.255.255 On-link 192.168.32.6 286
192.168.32.7 255.255.255.255 On-link 192.168.32.6 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.116 266
224.0.0.0 240.0.0.0 On-link 192.168.32.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.116 266
255.255.255.255 255.255.255.255 On-link 192.168.32.6 286
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
...
Persistent Routes:
None
When I use nslookup (nslookup somehost.somedomain.com), I'm able to resolve the hostname on the VPN to the correct VPN IP address. So this works as expected.
When I ping the same hostname (ping somehost.somedomain.com) I get an error: Ping request could not find host somehost.somedomain.com. Please check the name and try again. If I try to use any other services, the hostnames do not resolve.
Using NetMon, when I ping the VPN hostname, the only DNS server it checks is my home network DNS server (which is my home router, 192.168.1.1, running dd-wrt). So it's ignoring the VPN dns server all together.
I'm kind of at a loss. This configuration has worked for me for some time up until about 2 weeks ago, and is still working on other clients, so it's something local to my machine or my home network. I'm not sure what changed, other than possibly my wireless router during that time.
I don't fully understand your issue, however, as it is related to DNS perhaps the new OpenVPN directive
– dotvotdot – 2016-02-17T13:27:58.067--block-outside-dns
may be useful to you.I'm pretty sure you can't use the ping command over a VPN connection. – wbeard52 – 2014-04-24T04:00:15.047
I've always been able to before, and other clients on our network are able to. Thanks for the response though. – Phil Freeman – 2014-04-24T04:03:06.493
So ping is using the DNS server bound to the local area network, and nslookup is using the DNS server on the TAP. Surely this isn't about ping not working? Is the probem that other services aren't working either? – Paul – 2014-04-24T04:11:48.837
Yes. Ping was just to test. I do a lot of database work from home, and my programs that try to connect to our database servers don't resolve so I'm having to go in and change them to IP addresses. The VPN dns is also a public DNS, so another workaround would be to change the dns server for my regular network adapter to the VPN dns, but if I did that I'd be using that dns even off VPN, which isn't ideal. – Phil Freeman – 2014-04-24T04:16:54.580