Android, OpenVPN, DNS Resolution
-
I have been having problems getting my Android device to resolve DNS addresses when connected to OpenVPN and using the "Always-on VPN" and "Block connections without VPN".
My pfSense box is correctly resolving dns on my network with ExpressVPN. I can see the OpenVPN log entrey where port 53 was successfully accessed.
OpenVPN Client---- 10.5.44.69
LAN---------------------10.44.34.54:53I have firewall rules passing the OpenVPN network on both the LAN tab as well as the OpenVPN tab. I also have my DNS server set in the OpenVPN server config.
I also tried using a public DNS. I tried using the push command as well as manually setting it in the OpenVPN app on the phone.
I do redirect my LAN traffic using NAT port forwarding. It was successfully running earlier today I was able to vpn resolve address's and see that expressvpn was partially working. I have restarted my pfsense box as well as the device just in case their were residual changes pending.
As of right now I can not even get the phone to resolve any website or have any of the apps connect to the internet while the "Block connections without VPN" is turned on. I can however access pfsense using the ip address as well as my other servers using just their ip addresses.
Thank you in advance.
-
It is working here.
Yesterday I had a problem that my phone wouldn't be shown as online in android so I had to policy route my internet-traffic out to another vpn-server, don't know if this was a vpn-server or google problem...
-
Sorry realized I could post a client config
#client config persist-tun persist-key ncp-disable cipher AES-256-CBC auth SHA512 tls-client client remote blahblah.com 443 tcp4 verify-x509-name "blahblah.com" name auth-user-pass remote-cert-tls server <ca> -----BEGIN CERTIFICATE----- snip -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- snip -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- snip -----END OpenVPN Static key V1----- </tls-auth>#server config dev ovpns3 dev-type tun dev-node /dev/tun3 writepid /var/run/openvpn_server3.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-CBC auth SHA512 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh learn-address "/usr/local/sbin/openvpn.learn-address.sh blahblah.com" local 46.60.70.50 tls-server server 10.10.15.60 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server3 username-as-common-name plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user tommy= fa lse server3 443 tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.blahblah.com' 1" lport 443 management /var/etc/openvpn/server3.sock unix max-clients 3 push "dhcp-option DOMAIN blahblah.com" push "dhcp-option DNS 10.44.34.54" push "dhcp-option NTP 10.44.34.54" push "redirect-gateway def1" client-to-client ca /var/etc/openvpn/server3.ca cert /var/etc/openvpn/server3.cert##DNS Resolver##
Network Interfaces: ALL
Outgoing Network Interfaces: ExpressVPN
*(Enable DNSSEC Support
*Register DHCP leases in the DNS Resolver
*Register DHCP static mappings in the DNS Resolver
*Register connected OpenVPN clients in the DNS Resolver
