Blocking Outside DNS Using Service Succeeded

Technolust

When I login to the OpenVPN Client, I see this in the status:

Blocking outside dns using service succeeded.

I'm not able to go to any websites on the inter tubes and only able to access local devices.

Thoughts?

viragomann

@technolust
So you might have enabled "Block Outside DNS" in the server settings.

If there are any reasons for this did you provide a DNS server, which is responsible to resolve public host name and did you allow access to it?
Also did you push the route to the DNS server to the clients?

Technolust

@viragomann I'm not sure where the setting is to enable "Blocked Outside DNS" is.
Is this what you are referring to?

VPN/OpenVPN/Servers/Edit -> Scroll down to Advanced Client Settings

DNS Server enable
Provide a DNS server list to clients. Addresses may be IPv4 or IPv6.
1.1.1.1
1.0.0.1

I did noticed this is checked below it.

Block Outside DNS
Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers. Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.

• I'm running the client on Windows 11 so I wasn't sure if this is needs to be off or on.

Technolust

@viragomann Well, I just unchecked this:

Block Outside DNS
Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers. Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.

Now I'm getting DNS to pass through... I'm assuming since I'm on Windows 11 it is not prone to DNS leakage (Hopefully)...

viragomann

@technolust
"Block outside DNS" forces the client to use no other DNS servers then you provide in the VPN.

But I don't know if this functions works properly in Windows 11.

Technolust

@viragomann I unchecked it for now and it seems to work in Windows 11. I'm just concerned about DNS leaks. I'm not sure how to tell or test for that either.

viragomann

@technolust
So you're forcing the whole clients upstream traffic over the VPN (redirect gateway checked)?

If so your outbound NAT should be configured properly and also access to the provided DNS servers should work.

The reason for the issue when having "Block Outside DNS" checked might be on the client side.
There are already threads regarding that as far as I remember. Maybe you can do some search.