Hi. It stops resolving DNS right after connection for me every time too, but that lasts 15 seconds at most, not the minutes. I've no idea what could be wrong. Lev has a similar issue. I can't reproduce it in Windows 7, Windows 8.1 and Windows 10 on both VMs and real hardware.
On 14.11.2015 23:01, Selva Nair wrote: > Hi, > > On Wed, Oct 28, 2015 at 3:47 AM, ValdikSS <i...@valdikss.org.ru > <mailto:i...@valdikss.org.ru>> wrote: > > I tested this on Windows 7 and ran into some problems. > > Blocking dns through all interfaces except the tun/tap works (tested by > sniffing the traffic etc.). > > But most often (see below) name resolution fails after the vpn is connected: > > openvpn: git-master + this patch locally compiled using mingw (64bit) > LAN: IP (dhcp): 192.168.0.110 dns (dhcp): 1192.168.0.30 > TUN/TAP: IP (automatic): 10.9.0.10 dns (fixed): 8.8.8.8 > Windows firewall: disabled > > openvpn --config some-config.ovpn --block-outside-dns --verb4 > --redirect-gateway def1 > > Name resolution times-out after connect (checked by ping and browser). But > nslookup continues to work, so direct connection to 8.8.8.8:53 > <http://8.8.8.8:53> via the tun is working. In this state, the only strange > thing I notice is > > ipconfig /displaydns > returns "Could not display the resolver cache". > as if the dnscache service is stopped, but it is running. > > Name resolution starts to work again after a > (i) ipconfig /registerdns > OR > (ii) sc stop dnscache (starting it again is also ok) > OR > (iii) wait for several minutes > /displaydns also displlays the cache correctly after that. > > On restarting the vpn (SIGHUP or SIGUSR1), it goes back to the non resolving > state again. Once start working there are no obvious delays with dns -- tested > only on a fast connection to the vpn server. > > I could not enable logging of the firewall without which its hard to say > what's going on. I can only guess the system continues to try only > 192.168.0.30 which > gets blocked by the filter. > > So, how to enable firewall logging? -- enabling via netsh or Windows firewall > UI (wf.msc) does not generate any logs. Also the firewall rules added by the > program does not show up in the firewall UI or in netsh advfirewall outputs. > How to make these filters visible in the UI and how to log the dropped > connections? The filters are in place and do work, but doesnt show up in the > UI -- is that expected? The UI continues to show firewall as disabled with no > filters in place. > > I couldn't find anything wrong with the code, but I'm not familiar with WFP. > > Thanks > ,
signature.asc
Description: OpenPGP digital signature
