Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Android, OpenVPN, DNS Resolution

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mich04
      last edited by

      I have been having problems getting my Android device to resolve DNS addresses when connected to OpenVPN and using the "Always-on VPN" and "Block connections without VPN".

      My pfSense box is correctly resolving dns on my network with ExpressVPN. I can see the OpenVPN log entrey where port 53 was successfully accessed.

      OpenVPN Client---- 10.5.44.69
      LAN---------------------10.44.34.54:53

      I have firewall rules passing the OpenVPN network on both the LAN tab as well as the OpenVPN tab. I also have my DNS server set in the OpenVPN server config.

      I also tried using a public DNS. I tried using the push command as well as manually setting it in the OpenVPN app on the phone.

      I do redirect my LAN traffic using NAT port forwarding. It was successfully running earlier today I was able to vpn resolve address's and see that expressvpn was partially working. I have restarted my pfsense box as well as the device just in case their were residual changes pending.

      As of right now I can not even get the phone to resolve any website or have any of the apps connect to the internet while the "Block connections without VPN" is turned on. I can however access pfsense using the ip address as well as my other servers using just their ip addresses.

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8
        last edited by Bob.Dig

        It is working here.

        Yesterday I had a problem that my phone wouldn't be shown as online in android so I had to policy route my internet-traffic out to another vpn-server, don't know if this was a vpn-server or google problem...

        1 Reply Last reply Reply Quote 0
        • M
          mich04
          last edited by mich04

          Sorry realized I could post a client config

          #client config
          persist-tun
          persist-key
          ncp-disable
          cipher AES-256-CBC
          auth SHA512
          tls-client
          client
          remote blahblah.com 443 tcp4
          verify-x509-name "blahblah.com" name
          auth-user-pass
          remote-cert-tls server
          <ca>
          -----BEGIN CERTIFICATE-----
          snip
          -----END CERTIFICATE-----
          </ca>
          <cert>
          -----BEGIN CERTIFICATE-----
          snip
          -----END CERTIFICATE-----
          </cert>
          <key>
          -----BEGIN PRIVATE KEY-----
          snip
          -----END OpenVPN Static key V1-----
          </tls-auth>
          
          
          #server config
          dev ovpns3
          dev-type tun
          dev-node /dev/tun3
          writepid /var/run/openvpn_server3.pid
          #user nobody
          #group nobody
          script-security 3
          daemon
          keepalive 10 60
          ping-timer-rem
          persist-tun
          persist-key
          proto udp4
          cipher AES-256-CBC
          auth SHA512
          up /usr/local/sbin/ovpn-linkup
          down /usr/local/sbin/ovpn-linkdown
          client-connect /usr/local/sbin/openvpn.attributes.sh
          client-disconnect /usr/local/sbin/openvpn.attributes.sh
          learn-address "/usr/local/sbin/openvpn.learn-address.sh blahblah.com"
          local 46.60.70.50
          tls-server
          server 10.10.15.60 255.255.255.0
          client-config-dir /var/etc/openvpn-csc/server3
          username-as-common-name
          plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user tommy= fa
          lse server3 443
          tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.blahblah.com' 1"
          lport 443
          management /var/etc/openvpn/server3.sock unix
          max-clients 3
          push "dhcp-option DOMAIN blahblah.com"
          push "dhcp-option DNS 10.44.34.54"
          push "dhcp-option NTP 10.44.34.54"
          push "redirect-gateway def1"
          client-to-client
          ca /var/etc/openvpn/server3.ca
          cert /var/etc/openvpn/server3.cert
          
          

          ##DNS Resolver##

          Network Interfaces: ALL
          Outgoing Network Interfaces: ExpressVPN
          *(Enable DNSSEC Support
          *Register DHCP leases in the DNS Resolver
          *Register DHCP static mappings in the DNS Resolver
          *Register connected OpenVPN clients in the DNS Resolver

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.