Hi,
Copying the -devel list:
On Sun, May 28, 2017 at 10:16 AM, ValdikSS <valdi...@gmail.com> wrote:
> Pavel, a friend of mine, made a service to circumvent Ukrainian blocks of
> Russian websites. He configured OpenVPN TCP without persist-tun on the
> client side and pushes block-outside-dns from server.
>
> When he restarts OpenVPN server, DNS no longer works on the clients.
> Neither with or without VPN. Users say this can be fixed only with
> rebooting, I believe restarting service would help too.
>
Is this only with 2.4.2 or is 2.4.1 also affected? As you imply, the
filters won't persist after the process ends (in this case the service),
restarting service should be enough to clear them. Further, even if the
openvpn client process terminates without removing the filters, the service
should clean up all filters added in that session during the undo()
processing. However, that wont happen if the openvpn.exe process fails to
exit. Verify that a stale client process is not hanging around.
>
> I tried to do exactly what he did with Windows 7 and OpenVPN 2.4.2 and I
> can't reproduce this bug. I think service in some cases loses TAP adapter
> index before unblocking DNS.
>
The tap adapter index is used to allow dns traffic through it, not block
it, so I would think the failure is in unblocking dns through non-tap
adapters. If that is the case, dns should start working again through the
tunnel when the client reconnects.
Anyway, we need to see the client logs and any error event logged by the
service when this happens. Can you get the user to open a ticket with logs?
>
> Works fine with persist-tun on client side.
>
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
