Il 02/07/20 19:54, Selva Nair ha scritto:
1. The DNS of my LAN (i.e. my home router's IP) has been set as
default gateway for the OpenVPN interface. But I'll need to
remember changing it if I connect from elsewhere.
That looks like a strange setting but probably doesn't hurt.
I'm not sure I understand myself how this setting is involved, but it is
actually required: if I remove it I'm back at the starting point with
the failed NCSI check.
I also captured network traffic to investigate, and with the gateway
setup I can see a successful DNS query to the VPN DNS (not my gateway)
for dns.msftncsi.com, while without it I see no trace of this query.
Such weakening of the server-side firewall shouldn't be required as
you are not sending any traffic to those IPs via the VPN. When you
use block-outside DNS, the DNS server pushed must be ready to do all
name resolutions for you. If it's doing that, and in particular
resolving those dns.msftncsi.com <http://dns.msftncsi.com/> etc
involved in ncsi, you should be good.
Probably Windows is doing something weird behind our backs. Have you
tried setting a direct route via your router to those two IPs on your
machine (instead of on the server-side firewall)? "route add
131.107.255.255 mask 255.255.255.255 192.168.1.1" etc.
Indeed this is weird.
I tried adding the routes (and deleted the equivalent ones to the other
gateway, pushed by the server), but it didn't work.
Marco
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
