Re: [Openvpn-users] reconnecting and block-outside-dns conflict ?

Fri, 03 Jun 2016 22:49:04 -0700 

On Tue, May 31, 2016 at 8:48 AM, debbie10t <debbie...@gmail.com> wrote:

> On 27/05/16 16:50, Selva Nair wrote:
>
>> On Fri, May 27, 2016 at 7:56 AM, debbie10t <debbie...@gmail.com> wrote:
>>
>> Hi,
>>>
>>> This is the original question:
>>> https://forums.openvpn.net/viewtopic.php?f=4&t=21797
>>>
>>> The gist is:
>>> If a connection is dropped and --block-outside-dns is
>>> blocking access to local DNS then how can the client
>>> reconnect if it cannot resolve a host name ?
>>>
>>> The filters that block external dns are removed at reconnect, so this
>> should not happen --- provided the client detects the connection drop and
>> restarts (by say ping-restart).
>>
>> Need to look at the logs to see what the real issue is.
>>
>
> Configs revealed the cause to be --persist-key/--persist-tun
> On a windows client with --block-outside-dns.
>
> Testing shows that while "Preserving recently used remote address"
> works for one retry, after that the address is re-resolved but ..
> due to persist options --block-outside-dns is *not* torn down and
> so the client ends up in endless "cannot resolve host address" loop.
>

You are right, the WFP filters are not removed if tunnel is not re-opened.
I do not think this was by design, probably no one noticed it before. I
have been running master which has a "bug" that forces the tun to re-open
even if persist-tun is specified, so fortuitously this issue never showed
up.

I'll provide a patch to make block-outside-dns work with persist-tun.

Selva

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to