Laptop with OpenVPN client has the VPN's DNS blocked

nyxz · March 25, 2020, 12:07am

Hi,
I have recently flashed my router with OpenWRT and everything worked great with the default settings.
Now I need to use my company's OpenVPN through a client on my laptop. I connect successfully to the VPN and I have ping to other machines in the network but the VPN's DNS seems blocked by the router. Ex. I need to access gitlab.mycompany.com which is only accessible through the VPN and the domain is not resolved.
I switched my laptop's wifi connection from my router to a hotspot on my Android device (using LTE network) and the DNS worked - the domain gitlab.mycompany.com was successfully resolved.

The settings for the OpenVPN are standard - there are no fancy port numbers, etc.

How should I configure my router so that I enable the VPN's DNS to work properly without messing other devices on the network that use the same router? Should I add Firewall rule or something?

Router: TP-Link TL-WR841N/ND v9
Firmware Version: OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)

trendy · March 25, 2020, 7:57am

This is not connected to OpenWrt from my understanding.
As long as you are connected to the VPN, you get the routes and the NS advertised from the server, then all traffic to your company, including the NS queries, will go tunneled.
Can you confirm that?

nyxz · March 25, 2020, 3:24pm

@trendy I'm not sure how to confirm it. I used dig +trace gitlab.mycompany.com and the result looks the same no matter if I am using the VPN through my Wifi router or through the Android hotspot LTE.

bill888 · March 25, 2020, 3:54pm

I have to agree with @trendy. Issue more likely to be with the way the openvpn client software is set up on your computer.

If you are having same issue using your android phone as a hotspot via your mobile provider, it confirms it is not an openwrt router issue.

I would suggest contacting your company's IT department who supplied the client software and configuration.

nyxz · March 25, 2020, 3:58pm

@bill888 Sorry if I didn't make this clear - when I use my Android hotspot via my mobile provider everything works as expected. The issue is just when I'm using the router.

trendy · March 25, 2020, 3:59pm

Just to verify, can you post the routing table of your laptop and the nameserver configuration before and after the OpenVPN is connected? Also some log from the OpenVPN when connecting to confirm the NS push.

nyxz · March 25, 2020, 4:55pm

@trendy

Before VPN connected

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.43.83   0.0.0.0         UG    600    0        0 wlp3s0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.43.0    0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

After VPN Connected

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.90.0.190     0.0.0.0         UG    50     0        0 tun0
0.0.0.0         192.168.43.83   0.0.0.0         UG    600    0        0 wlp3s0
10.90.0.0       10.90.0.190     255.255.0.0     UG    50     0        0 tun0
10.90.0.190     0.0.0.0         255.255.255.255 UH    50     0        0 tun0
10.91.0.0       10.90.0.190     255.255.0.0     UG    50     0        0 tun0
10.92.0.0       10.90.0.190     255.255.0.0     UG    50     0        0 tun0
10.136.0.0      10.90.0.190     255.255.0.0     UG    50     0        0 tun0
26.229.115.84   10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
70.86.145.201   10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
67.129.25.3     10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
67.129.25.4     10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
67.129.25.5     192.168.43.83   255.255.255.255 UGH   600    0        0 wlp3s0
143.85.223.0    10.90.0.190     255.255.224.0   UG    50     0        0 tun0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.31.0.0      10.90.0.190     255.255.0.0     UG    50     0        0 tun0
192.168.43.0    0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
192.168.43.83   0.0.0.0         255.255.255.255 UH    600    0        0 wlp3s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
187.193.155.32  10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
213.182.212.129 10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
213.182.212.200 10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
213.182.212.201 10.90.0.190     255.255.255.255 UGH   50     0        0 tun0
211.222.189.128 10.90.0.190     255.255.255.224 UG    50     0        0 tun0

Here is some log on OpenVPN when connecting:

Mar 25 18:33:15 myhost openvpn[224940]: Current Parameter Settings:
Mar 25 18:33:15 myhost openvpn[224940]:   config = '/home/myuser/myuser@mycompany.com.ovpn'
Mar 25 18:33:15 myhost openvpn[224940]:   mode = 0
Mar 25 18:33:15 myhost openvpn[224940]:   persist_config = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   persist_mode = 1
Mar 25 18:33:15 myhost openvpn[224940]:   show_ciphers = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   show_digests = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   show_engines = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   genkey = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   key_pass_file = '[UNDEF]'
Mar 25 18:33:15 myhost openvpn[224940]:   show_tls_ciphers = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   connect_retry_max = 0
Mar 25 18:33:15 myhost openvpn[224940]: Connection profiles [0]:
Mar 25 18:33:15 myhost openvpn[224940]:   proto = udp
Mar 25 18:33:15 myhost openvpn[224940]:   local = '[UNDEF]'
Mar 25 18:33:15 myhost openvpn[224940]:   local_port = '[UNDEF]'
Mar 25 18:33:15 myhost openvpn[224940]:   remote = 'vpn.mycompany.com'
Mar 25 18:33:15 myhost openvpn[224940]:   remote_port = '1194'
Mar 25 18:33:15 myhost openvpn[224940]:   remote_float = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]:   bind_defined = DISABLED
Mar 25 18:33:15 myhost openvpn[224940]: NOTE: --mute triggered...
Mar 25 18:33:15 myhost openvpn[224940]: 263 variation(s) on previous 20 message(s) suppressed by --mute
Mar 25 18:33:15 myhost openvpn[224940]: OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019
Mar 25 18:33:15 myhost openvpn[224940]: library versions: OpenSSL 1.1.1d FIPS  10 Sep 2019, LZO 2.08
Mar 25 18:33:15 myhost openvpn[224940]: PKCS#11: pkcs11_initialize - entered
Mar 25 18:33:15 myhost openvpn[224940]: PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Mar 25 18:33:15 myhost openvpn[224940]: PO_INIT maxevents=4 flags=0x00000002
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: __pkcs11h_forkFixup entry pid=224941, activate_slotevent=0
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: __pkcs11h_forkFixup return
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: pkcs11h_terminate entry
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: Terminating openssl
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: _pkcs11h_openssl_terminate
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: Removing providers
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: Releasing sessions
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: Terminating slotevent
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: _pkcs11h_slotevent_terminate entry
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: _pkcs11h_slotevent_terminate return
Mar 25 18:33:15 myhost openvpn[224941]: PKCS#11: Marking as uninitialized
Mar 25 18:33:18 myhost openvpn[224940]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 25 18:33:18 myhost openvpn[224940]: PRNG init md=SHA1 size=36
Mar 25 18:33:18 myhost openvpn[224940]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 25 18:33:18 myhost openvpn[224940]: Outgoing Control Channel Authentication: HMAC KEY: 9d00b00c aaadbdbd f1f1f1f1 aaefc0b5 d3d2d1d0
Mar 25 18:33:18 myhost openvpn[224940]: Outgoing Control Channel Authentication: HMAC size=20 block_size=20
Mar 25 18:33:18 myhost openvpn[224940]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 25 18:33:18 myhost openvpn[224940]: Incoming Control Channel Authentication: HMAC KEY: 9d00b00c d1d2d3d4 f1f2f3f4 15151515 22565656
Mar 25 18:33:18 myhost openvpn[224940]: Incoming Control Channel Authentication: HMAC size=20 block_size=20
Mar 25 18:33:18 myhost openvpn[224940]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 28 bytes
Mar 25 18:33:18 myhost openvpn[224940]: LZO compression initializing
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_session_init: entry
Mar 25 18:33:18 myhost openvpn[224940]: PID packet_id_init seq_backtrack=64 time_backtrack=15
Mar 25 18:33:18 myhost openvpn[224940]: PID packet_id_init seq_backtrack=64 time_backtrack=15
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_session_init: new session object, sid=8fd4b4e5 149c3fef
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_session_init: entry
Mar 25 18:33:18 myhost openvpn[224940]: PID packet_id_init seq_backtrack=64 time_backtrack=15
Mar 25 18:33:18 myhost openvpn[224940]: PID packet_id_init seq_backtrack=64 time_backtrack=15
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_session_init: new session object, sid=d43a7e13 6f93bcdd
Mar 25 18:33:18 myhost openvpn[224940]: Control Channel MTU parms [ L:1626 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Mar 25 18:33:18 myhost openvpn[224940]: MTU DYNAMIC mtu=1400, flags=2, 1626 -> 1400
Mar 25 18:33:18 myhost openvpn[224940]: MTU DYNAMIC mtu=1400, flags=2, 1626 -> 1400
Mar 25 18:33:18 myhost openvpn[224940]: GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Mar 25 18:33:18 myhost openvpn[224940]: RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0
Mar 25 18:33:18 myhost openvpn[224940]: Data Channel MTU parms [ L:1626 D:1400 EF:126 EB:407 ET:0 EL:3 ]
Mar 25 18:33:18 myhost openvpn[224940]: Fragmentation MTU parms [ L:1626 D:1400 EF:125 EB:407 ET:1 EL:3 ]
Mar 25 18:33:18 myhost openvpn[224940]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Mar 25 18:33:18 myhost openvpn[224940]: calc_options_string_link_mtu: link-mtu 1626 -> 1562
Mar 25 18:33:18 myhost openvpn[224940]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Mar 25 18:33:18 myhost openvpn[224940]: calc_options_string_link_mtu: link-mtu 1626 -> 1562
Mar 25 18:33:18 myhost openvpn[224940]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mar 25 18:33:18 myhost openvpn[224940]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mar 25 18:33:18 myhost openvpn[224940]: nice -20 succeeded
Mar 25 18:33:18 myhost openvpn[224940]: TCP/UDP: Preserving recently used remote address: [AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Mar 25 18:33:18 myhost openvpn[224940]: UDP link local: (not bound)
Mar 25 18:33:18 myhost openvpn[224940]: UDP link remote: [AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: FRAG_OUT len=17 type=0 seq_id=0 frag_id=0 frag_size=0 flags=0x00000000
Mar 25 18:33:18 myhost openvpn[224940]: TLS Warning: no data channel send key available:  [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
Mar 25 18:33:18 myhost openvpn[224940]: SENT PING
Mar 25 18:33:18 myhost openvpn[224940]: TIMER: coarse timer wakeup 1 seconds
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=8fd4b4e5 149c3fef, stored-sid=00000000 00000000, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_INITIAL lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK mark active outgoing ID 0
Mar 25 18:33:18 myhost openvpn[224940]: TLS: Initial Handshake, sid=8fd4b4e5 149c3fef
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=1 current=1 : [1] 0
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send ID 0 (size=4 to=2)
Mar 25 18:33:18 myhost openvpn[224940]: ENCRYPT HMAC: 7a210123 caffdd13 47664d1c 7c685713 83578181
Mar 25 18:33:18 myhost openvpn[224940]: ENCRYPT TO: 7a210123 caffdd13 47664d1c 7c685713 83578181 00000001 5e7b87ce 388fd4b[more...]
Mar 25 18:33:18 myhost openvpn[224940]: Reliable -> TCP/UDP
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send_timeout 2 [1] 0
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: timeout set to 2
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=d43a7e13 6f93bcdd, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: RANDOM USEC=221759
Mar 25 18:33:18 myhost openvpn[224940]: PO_CTL rwflags=0x0003 ev=4 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT T?|T?|SR|SW [1/221759]
Mar 25 18:33:18 myhost openvpn[224940]: NOTE: --mute triggered...
Mar 25 18:33:18 myhost openvpn[224940]: 3 variation(s) on previous 20 message(s) suppressed by --mute
Mar 25 18:33:18 myhost openvpn[224940]: UDP WRITE [42] to [AF_INET]67.128.42.42:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=8fd4b4e5 149c3fef tls_hmac=7a210123 caffdd13 47664d1c 7c685713 83578181 pid=[ #1 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ ] pid=0 DATA
Mar 25 18:33:18 myhost openvpn[224940]: UDP write returned 42
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=8fd4b4e5 149c3fef, stored-sid=00000000 00000000, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=1 current=0 : [1] 0
Mar 25 18:33:18 myhost openvpn[224940]: SSL state (connect): before SSL initialization
Mar 25 18:33:18 myhost openvpn[224940]: SSL state (connect): SSLv3/TLS write client hello
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send_timeout 2 [1] 0
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: timeout set to 2
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=d43a7e13 6f93bcdd, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: PO_CTL rwflags=0x0001 ev=4 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT T?|T?|SR|Sw [1/221759]
Mar 25 18:33:18 myhost openvpn[224940]: PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]:  event_wait returned 1
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT status=0x0001
Mar 25 18:33:18 myhost openvpn[224940]: UDP read returned 54
Mar 25 18:33:18 myhost openvpn[224940]: UDP READ [54] from [AF_INET]67.128.42.42:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=21814692 4576a1b8 tls_hmac=87ca29e1 85108fcc 55f24d46 193a7e5e 4cf6667a pid=[ #1 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ 0 sid=8fd4b4e5 149c3fef ] pid=0 DATA
Mar 25 18:33:18 myhost openvpn[224940]: TLS: control channel, op=P_CONTROL_HARD_RESET_SERVER_V2, IP=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: initial packet test, i=0 state=S_PRE_START, mysid=8fd4b4e5 149c3fef, rec-sid=21814692 4576a1b8, rec-ip=[AF_INET]67.128.42.42:1194, stored-sid=00000000 00000000, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: initial packet test, i=1 state=S_INITIAL, mysid=d43a7e13 6f93bcdd, rec-sid=21814692 4576a1b8, rec-ip=[AF_INET]67.128.42.42:1194, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: initial packet test, i=2 state=S_UNDEF, mysid=00000000 00000000, rec-sid=21814692 4576a1b8, rec-ip=[AF_INET]67.128.42.42:1194, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: Initial packet from [AF_INET]67.128.42.42:1194, sid=21814692 4576a1b8
Mar 25 18:33:18 myhost openvpn[224940]: DECRYPT FROM: 87ca29e1 85108fcc 55f24d46 193a7e5e 4cf6667a 00000001 5e7b87ce 4021814[more...]
Mar 25 18:33:18 myhost openvpn[224940]: PID_TEST [0] [TLS_WRAP-0] [] 0:0 1585153998:1 t=1585153998[0] r=[0,64,15,0,1] sl=[0,0,64,528]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: received control channel packet s#=0 sid=21814692 4576a1b8
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_schedule_now
Mar 25 18:33:18 myhost openvpn[224940]: ACK received for pid 0, deleting from send buffer
Mar 25 18:33:18 myhost openvpn[224940]: ACK read ID 0 (buf->len=0)
Mar 25 18:33:18 myhost openvpn[224940]: ACK RWBS rel->size=8 rel->packet_id=00000000 id=00000000 ret=1
Mar 25 18:33:18 myhost openvpn[224940]: ACK mark active incoming ID 0
Mar 25 18:33:18 myhost openvpn[224940]: ACK acknowledge ID 0 (ack->len=1)
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=8fd4b4e5 149c3fef, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=0 current=0 : [1]
Mar 25 18:33:18 myhost openvpn[224940]: Incoming Ciphertext -> TLS
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=1 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=0 current=0 : [1]
Mar 25 18:33:18 myhost openvpn[224940]: ACK write ID 0 (ack->len=1, n=1)
Mar 25 18:33:18 myhost openvpn[224940]: ENCRYPT HMAC: cedde4b5 02b88f46 f69c8417 67d43258 5db7889a
Mar 25 18:33:18 myhost openvpn[224940]: ENCRYPT TO: cedde4b5 02b88f46 f69c8417 67d43258 5db7889a 00000002 5e7b87ce 288fd4b[more...]
Mar 25 18:33:18 myhost openvpn[224940]: Dedicated ACK -> TCP/UDP
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send_timeout 604800 [1]
Mar 25 18:33:18 myhost openvpn[224940]: NOTE: --mute triggered...
Mar 25 18:33:18 myhost openvpn[224940]: 8 variation(s) on previous 20 message(s) suppressed by --mute
Mar 25 18:33:18 myhost openvpn[224940]: UDP WRITE [50] to [AF_INET]67.128.42.42:1194: P_ACK_V1 kid=0 sid=8fd4b4e5 149c3fef tls_hmac=cedde4b5 02b88f46 f69c8417 67d43258 5db7889a pid=[ #2 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ 0 sid=21814692 4576a1b8 ]
Mar 25 18:33:18 myhost openvpn[224940]: UDP write returned 50
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=8fd4b4e5 149c3fef, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: STATE S_START
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=0 current=0 : [1]
Mar 25 18:33:18 myhost openvpn[224940]: STATE S_SENT_KEY
Mar 25 18:33:18 myhost openvpn[224940]: BIO read tls_read_ciphertext 279 bytes
Mar 25 18:33:18 myhost openvpn[224940]: ACK mark active outgoing ID 1
Mar 25 18:33:18 myhost openvpn[224940]: Outgoing Ciphertext -> Reliable
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=1 current=1 : [2] 1
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send ID 1 (size=283 to=2)
Mar 25 18:33:18 myhost openvpn[224940]: ENCRYPT HMAC: b38be325 43988202 8b28e2f1 60dcf7c5 42be729c
Mar 25 18:33:18 myhost openvpn[224940]: ENCRYPT TO: b38be325 43988202 8b28e2f1 60dcf7c5 42be729c 00000003 5e7b87ce 208fd4b[more...]
Mar 25 18:33:18 myhost openvpn[224940]: Reliable -> TCP/UDP
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send_timeout 2 [2] 1
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: timeout set to 2
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=d43a7e13 6f93bcdd, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: PO_CTL rwflags=0x0003 ev=4 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]: NOTE: --mute triggered...
Mar 25 18:33:18 myhost openvpn[224940]: 4 variation(s) on previous 20 message(s) suppressed by --mute
Mar 25 18:33:18 myhost openvpn[224940]: UDP WRITE [321] to [AF_INET]67.128.42.42:1194: P_CONTROL_V1 kid=0 sid=8fd4b4e5 149c3fef tls_hmac=b38be325 43988202 8b28e2f1 60dcf7c5 42be729c pid=[ #3 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ ] pid=1 DATA 16030101 12010001 0e0303c2 c7262fc1 168a2a22 f7cc9164 cc61486b 693c2e0[more...]
Mar 25 18:33:18 myhost openvpn[224940]: UDP write returned 321
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=8fd4b4e5 149c3fef, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=1 current=0 : [2] 1
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send_timeout 2 [2] 1
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: timeout set to 2
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=d43a7e13 6f93bcdd, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: PO_CTL rwflags=0x0001 ev=4 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT T?|T?|SR|Sw [1/221759]
Mar 25 18:33:18 myhost openvpn[224940]: PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]:  event_wait returned 1
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT status=0x0001
Mar 25 18:33:18 myhost openvpn[224940]: UDP read returned 1172
Mar 25 18:33:18 myhost openvpn[224940]: UDP READ [1172] from [AF_INET]67.128.42.42:1194: P_CONTROL_V1 kid=0 sid=21814692 4576a1b8 tls_hmac=aaaaf188 fefefe83 bcbcdddd fafafafa dededede pid=[ #2 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ 1 sid=8fd4b4e5 149c3fef ] pid=1 DATA 16030300 31020000 2d030363 2bf7927c e34d4e5d 28db1b0f 3ed2c7b4
Mar 25 18:33:18 myhost openvpn[224940]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=8fd4b4e5 149c3fef, rec-sid=21814692 4576a1b8, rec-ip=[AF_INET]67.128.42.42:1194, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: found match, session[0], sid=21814692 4576a1b8
Mar 25 18:33:18 myhost openvpn[224940]: DECRYPT FROM: aaaaf188 fefefe83 bcbcdddd fafafafa dededede 00000002 5e7b87ce 2021814[more...]
Mar 25 18:33:18 myhost openvpn[224940]: PID_TEST [0] [TLS_WRAP-0] [0] 1585153998:1 1585153998:2 t=1585153998[0] r=[0,64,15,0,1] sl=[63,1,64,528]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: received control channel packet s#=0 sid=21814692 4576a1b8
Mar 25 18:33:18 myhost openvpn[224940]: ACK received for pid 1, deleting from send buffer
Mar 25 18:33:18 myhost openvpn[224940]: ACK read ID 1 (buf->len=1118)
Mar 25 18:33:18 myhost openvpn[224940]: ACK RWBS rel->size=8 rel->packet_id=00000001 id=00000001 ret=1
Mar 25 18:33:18 myhost openvpn[224940]: ACK mark active incoming ID 1
Mar 25 18:33:18 myhost openvpn[224940]: ACK acknowledge ID 1 (ack->len=1)
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=8fd4b4e5 149c3fef, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=0 current=0 : [2]
Mar 25 18:33:18 myhost openvpn[224940]: BIO write tls_write_ciphertext 1118 bytes
Mar 25 18:33:18 myhost openvpn[224940]: Incoming Ciphertext -> TLS
Mar 25 18:33:18 myhost openvpn[224940]: SSL state (connect): SSLv3/TLS write client hello
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=0 current=0 : [2]
Mar 25 18:33:18 myhost openvpn[224940]: ACK write ID 1 (ack->len=1, n=1)
Mar 25 18:33:18 myhost openvpn[224940]: NOTE: --mute triggered...
Mar 25 18:33:18 myhost openvpn[224940]: 12 variation(s) on previous 20 message(s) suppressed by --mute
Mar 25 18:33:18 myhost openvpn[224940]: UDP WRITE [50] to [AF_INET]67.128.42.42:1194: P_ACK_V1 kid=0 sid=8fd4b4e5 149c3fef tls_hmac=ffffffff ee1b1695 acacacac db805aac bababbaa pid=[ #4 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ 1 sid=21814692 4576a1b8 ]
Mar 25 18:33:18 myhost openvpn[224940]: UDP write returned 50
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=8fd4b4e5 149c3fef, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_can_send active=0 current=0 : [2]
Mar 25 18:33:18 myhost openvpn[224940]: ACK reliable_send_timeout 604800 [2]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_process: timeout set to 60
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=d43a7e13 6f93bcdd, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Mar 25 18:33:18 myhost openvpn[224940]: PO_CTL rwflags=0x0001 ev=4 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT T?|T?|SR|Sw [1/221759]
Mar 25 18:33:18 myhost openvpn[224940]: PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x559445756198
Mar 25 18:33:18 myhost openvpn[224940]:  event_wait returned 1
Mar 25 18:33:18 myhost openvpn[224940]: I/O WAIT status=0x0001
Mar 25 18:33:18 myhost openvpn[224940]: UDP read returned 1160
Mar 25 18:33:18 myhost openvpn[224940]: UDP READ [1160] from [AF_INET]67.128.42.42:1194: P_CONTROL_V1 kid=0 sid=21814692 4576a1b8 tls_hmac=ccc74ccc 22220165 b165eeee 6dddded 6b6e3415 pid=[ #3 / time = (1585153998) Wed Mar 25 18:33:18 2020 ] [ ] pid=2 DATA 227d9c4f 488ec44e b80ebbd3 70ba28bb 98343081 d7060355 1d230481 cf3081c[more...]
Mar 25 18:33:18 myhost openvpn[224940]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=8fd4b4e5 149c3fef, rec-sid=21814692 4576a1b8, rec-ip=[AF_INET]67.128.42.42:1194, stored-sid=21814692 4576a1b8, stored-ip=[AF_INET]67.128.42.42:1194
Mar 25 18:33:18 myhost openvpn[224940]: TLS: found match, session[0], sid=21814692 4576a1b8
Mar 25 18:33:18 myhost openvpn[224940]: DECRYPT FROM: ccc74ccc 22220165 b165eeee 6dddded 6b6e3415

I've tried to hide/change most sensitive info.

Is this what you needed?

trendy · March 25, 2020, 5:56pm

Yes, the nameservers before and after the connection.
However it is clear that everything gets tunneled.

nyxz · March 26, 2020, 10:24am

So you're saying there is some misconfiguration in my client or in the server?

trendy · March 26, 2020, 10:44am

I don't know, you didn't post the nameservers before and after the connection to vpn. Nor could I find anything relevant in the logs.

nyxz · March 26, 2020, 6:57pm

Right, I'm not sure how to give you this info (the nameservers before and after). They are configured automatically on my router.

nyxz · March 26, 2020, 7:44pm

BTW I just flashed my router with the TP Link stock firmware, did no further configuration and everything worked perfectly. I'm now able to access my company's private websites.

trendy · March 26, 2020, 10:38pm

If the VPN pushes an internal nameserver to resolve internal names and addresses, then it doesn't have to do at all with the configured nameservers of the router.
Which OS are you using on the laptop?

nyxz · March 27, 2020, 9:05am

I'm using Fedora 31.

trendy · March 27, 2020, 11:16am

Check /etc/resolv.conf
If there is only 127.0.0.1 in there it means that dnsmasq or network manager is taking care of the resolving.
There might be also some clue in the /etc/resolvconf/run/interface/ if there is some tun interface in there.

nyxz · March 27, 2020, 12:09pm

Here is the /etc/resolv.conf

$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.0.1

I do not have the /etc/resolvconf/run/interface/.

trendy · March 27, 2020, 12:22pm

What is this address? (wild guess, it's the TP Link stock IP address)
I don't see it in neither of the routing tables before or after the connection to vpn.

nyxz · March 27, 2020, 4:34pm

It is TP Link's stock IP address, yes. Before flushing back to the stock firmware I imagine this address must have been 192.168.1.1 - the OpenWRT one.

trendy · March 27, 2020, 4:37pm

Why do you set it static and not let the PC acquire the settings from DHCP?

nyxz · March 28, 2020, 12:23pm

I haven't set anything. It must be one from the DHCP.
Without touching my PC config I do have internet connection even with a brand new firmware on my router - I don't even configure the router - it gets the config automatically from the ISP I guess.
I literally flashed OpenWRT to my router and I got internet connection on my PC. Then I flashed back to TP Link firmware and again I had internet connection. The only difference was with OpenWRT my IP was 192.168.1.*** and with the TP Link it was 192.168.0.*** (I do not remember the exact numbers in the 4th octet).