Skip to content

Tag: openvpn

How to remove default route to vpn

Quite often especially on corporate networks, once connected to company VPN, all your traffic starts going via your company VPN, meaning – they watching what you do.
Most people may not even suspect that but it is quite simple to find out.
So I am gonna show how to do that on Mac with few commands everyone can run.

OK, lets check out routing tables when connected to VPN:

netstat -nr | grep '0/1\'
0/1                10.225.222.129     UGSc           70        0   utun3
default            192.168.0.1        UGSc           12       11     en0
128.0/1            10.225.222.129     UGSc            0        0   utun3
Comments closed

How to fix DNS issues when using OpenVPN.

How to fix DNS issues when using OpenVPN.

Sometimes you successfully connect to vpn server but nothing still seems to work. Well, one of the reasons could be the DNS.
Firstly, you should check your vpn logs, that would be for instance,
for MacOS:
/Library/Application Support/Tunnelblick/Logs
or Linux in:
journalctl -u NetworkManager.service on linux

2019-06-11 23:30:25.110048 MANAGEMENT: >STATE:1560292225,GET_CONFIG,,,,,,
2019-06-11 23:30:25.110251 SENT CONTROL [openvpn.example.com]: 'PUSH_REQUEST' (status=1)
2019-06-11 23:30:25.252005 PUSH: Received control message: 'PUSH_REPLY,route ....
dhcp-option DOMAIN dev.example.com,dhcp-option DOMAIN prod.example.com,dhcp-option DOMAIN int.example.com'
...
....
2019-06-11 23:30:25.252374 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:13: dhcp-option (2.4.7)

In the example above, openvpn client complaints about not recognising dhcp-options, because server pushes multiple ‘dhcp-option DOMAIN value’ config params whereas
client expects a single command with multiple values: ‘dhcp-option DOMAIN value1 value2’.

This normally happens when your client version doesn’t match with your server version, so you client doesn’t know what to do with them.

As a result you may not get correct settings in your ‘/etc/resolv.conf’, for example missing or incomplete ‘nameserver’ or ‘search’.
In this example we won’t get ‘search’ set up correctly meaning if there was a DNS record like something.int.example.com, we wouldn’t be able
to refer to it without FQDN like just ‘something’, that is what ‘search’ parameter does in ‘/etc/resolv.conf’.

If ‘nameserver’ was not configured then our DNS won’t work at all.

But there is a solution.

Comments closed