One user is having DNS problems after connecting to VPN



  • I use the x64-win6 installer on all of my clients.  No one has any issues using the VPN except one user.  When he connects he loses all DNS abilities.  He can not reach anything via name only IP address.  He can't browse the web and he can't send/receive email in outlook (which uses the sever name).  As soon as he disconnects from the VPN, DNS starts working again.  The only thing that is different about this user is that he is using Windows 10 Home and all my other users are using Windows 7 pro or Windows 10 pro.

    He experiences this issued no matter what network he connects from.

    The only network adapters he has is the Wi-Fi network adapter and the TAP V9 adapter.

    I have tried uninstalling and reinstalling OpenVPN on his computer.  I also tried completely turning off his firewall.  I tried manually adding a DNS to both his wireless network adapter and the TAP adapter just to see but that did not work either.  I flushed his DNS every time I tried something new.

    I appreciate any thoughts you might have on this.



  • What are the DNS servers this user has active on his computer after the VPN connection is established?
    Are they reachable for that user, can he ping/traceroute them?



  • Like everyone else he is set to obtain DNS automatically.  No he cannot ping or traceroute the DNS server after he connects to the VPN.  Even when we test it here onsite he still can't get DNS while the VPN is connected.  When we I test other users onsite there is no problem.



  • @ajalele:

    he is set to obtain DNS automatically

    This does not answer the question asked - What are the DNS servers this user has active?
    In other words - what is the actual result of the settings you made?
    Please post the openvpn client log and 'ipconfig /all' output. You may need to increase verbosity in OpenVPN in order to see PUSH with DNS assignment.



  • I found the problem.  There was a line in his config file that said, "setenv opt block-outside-dns".  I am not sure how that got there.  I haven't changed any settings.  Though now that I think about it he is the first user I have installed OpenVPN for since the last pfsense update.  I wonder if there was something with that update.


  • Rebel Alliance Global Moderator

    I do believe that was an option added awhile back in the client export package.. But its not checked by default, you would of had to check it.




  • Mine is now checked by default.  Any idea how to get it back to "unchecked" by default?


  • Rebel Alliance Global Moderator

    Click the save default button on the bottom with it unchecked.



  • There is no save default button at the bottom.  Thanks though.