Windows 7 not using VPN DNS Server

1

I'm connecting to my company VPN using OpenVPN. My VPN network is 192.168.32.x and it resolves to the company network which uses 10.0.x.x. My home network users 192.168.1.x.

When I connect, Open VPN adds the routes and installs the primary DNS, which is what is supposed to happen. I've verified that this is the case by using ipconfig /all, and route print.

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix  . : xxxxx.net <-I've xxx'd the actual domain
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-35-83-90-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc01:9ac9:695f:87e2%32(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.32.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Wednesday, April 23, 2014 9:08:21 PM
Lease Expires . . . . . . . . . . : Thursday, April 23, 2015 9:08:35 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.32.5
DHCPv6 IAID . . . . . . . . . . . : 453050165
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-E0-67-2F-A0-B3-CC-20-FC-87

DNS Servers . . . . . . . . . . . : xxx.x.xxx.xx <-I've xxx'd the actual public IP
Primary WINS Server . . . . . . . : 10.0.0.82
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : lan
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Con
troller (NDIS 6.20)
Physical Address. . . . . . . . . : A0-B3-CC-20-FC-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e86f:e3f8:585b:2be6%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 23, 2014 9:08:20 PM
Lease Expires . . . . . . . . . . : Thursday, April 24, 2014 9:08:20 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 295744460
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-E0-67-2F-A0-B3-CC-20-FC-87

DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Here is my route print:

C:\Users\Phil>route print
===========================================================================
Interface List
 32...00 ff 35 83 90 6d ......TAP-Windows Adapter V9
 17...c4 85 08 07 68 aa ......Microsoft Virtual WiFi Miniport Adapter #2
 16...c4 85 08 07 68 aa ......Microsoft Virtual WiFi Miniport Adapter
 15...c4 85 08 07 68 a9 ......Intel(R) Centrino(R) Advanced-N 6235
 13...a0 b3 cc 20 fc 87 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (
NDIS 6.20)
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.116     10
         10.0.0.0    255.255.255.0     192.168.32.5     192.168.32.6     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.116    266
    192.168.1.116  255.255.255.255         On-link     192.168.1.116    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.116    266
     192.168.32.1  255.255.255.255     192.168.32.5     192.168.32.6     30
     192.168.32.4  255.255.255.252         On-link      192.168.32.6    286
     192.168.32.6  255.255.255.255         On-link      192.168.32.6    286
     192.168.32.7  255.255.255.255         On-link      192.168.32.6    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.116    266
        224.0.0.0        240.0.0.0         On-link      192.168.32.6    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.116    266
  255.255.255.255  255.255.255.255         On-link      192.168.32.6    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
...
Persistent Routes:
  None

When I use nslookup (nslookup somehost.somedomain.com), I'm able to resolve the hostname on the VPN to the correct VPN IP address. So this works as expected.

When I ping the same hostname (ping somehost.somedomain.com) I get an error: Ping request could not find host somehost.somedomain.com. Please check the name and try again. If I try to use any other services, the hostnames do not resolve.

Using NetMon, when I ping the VPN hostname, the only DNS server it checks is my home network DNS server (which is my home router, 192.168.1.1, running dd-wrt). So it's ignoring the VPN dns server all together.

I'm kind of at a loss. This configuration has worked for me for some time up until about 2 weeks ago, and is still working on other clients, so it's something local to my machine or my home network. I'm not sure what changed, other than possibly my wireless router during that time.

Phil Freeman

Posted 2014-04-24T03:55:08.460

Reputation: 11

I don't fully understand your issue, however, as it is related to DNS perhaps the new OpenVPN directive --block-outside-dns may be useful to you.

– dotvotdot – 2016-02-17T13:27:58.067

I'm pretty sure you can't use the ping command over a VPN connection. – wbeard52 – 2014-04-24T04:00:15.047

I've always been able to before, and other clients on our network are able to. Thanks for the response though. – Phil Freeman – 2014-04-24T04:03:06.493

So ping is using the DNS server bound to the local area network, and nslookup is using the DNS server on the TAP. Surely this isn't about ping not working? Is the probem that other services aren't working either? – Paul – 2014-04-24T04:11:48.837

Yes. Ping was just to test. I do a lot of database work from home, and my programs that try to connect to our database servers don't resolve so I'm having to go in and change them to IP addresses. The VPN dns is also a public DNS, so another workaround would be to change the dns server for my regular network adapter to the VPN dns, but if I did that I'd be using that dns even off VPN, which isn't ideal. – Phil Freeman – 2014-04-24T04:16:54.580

No answers

Asked: 2014-04-24T03:55:08.460

Viewed: 1 069 times

Active: 2014-04-24T03:55:08.460