Jump to content
Not connected, Your IP: 3.90.56.90
nva

IP does not resolve on macOS OpenVPN client unless I have to manually add public DNS servers in network interface.

Recommended Posts

Hello everyone, new AirVPN user here.
 
On my Macbook Pro, I use OpenVPN CLI client from Homebrew package manager instead of Eddie or Tunnelblick. I can connect to AirVPN server but can't browse any thing. From the terminal I can ping IP addresses but can't ping any website. This led me to think that something wrong with DNS.

Some excerpts from CLI log:

Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
Opened utun device utun1
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

sudo route flush after turning off Wifi on my machine does not solve the problem.

I can fix this by manually adding Google DNS (8.8.8.8 and 8.8.4.4) to my network preference. It is weird because I already set these DNS servers on my home router.
 
In contrast, on my Windows machine, with official OpenVPN GUI client, I have no problem at all. And I don't need to manually config DNS server on the network adapter as I have to with my Mac.
 
As far as I know, all AirVPN exit nodes enforce their own DNS server on their side, so I don't know why not setting DNS servers on my network interface causes the problem.
 
Would using public DNS servers in my fix undermine my privacy, such as DNS leak? Also, is there any other fix for my Mac that does not require me to change DNS server on the network interface?

Share this post


Link to post

As far as I know, all AirVPN exit nodes enforce their own DNS server on their side, so I don't know why not setting DNS servers on my network interface causes the problem.

 

Nothing is forced. It's pushed to the clients by PUSH_REPLY, but you can set your own in Eddie. Which answers:

 

Also, is there any other fix for my Mac that does not require me to change DNS server on the network interface?

 


 

 

Would using public DNS servers in my fix undermine my privacy, such as DNS leak?

 

Using Google DNS sure does that. Use OpenNIC servers for example instead of these.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

 

Nothing is forced. It's pushed to the clients by PUSH_REPLY, but you can set your own in Eddie. Which answers:

I'm little confused here. As I understand, for best privacy I should use DNS servers built into AirVPN exit nodes? If that's correct, what do I need to do with OpenVPN CLI client on my Mac, without changing DNS servers in my network interface? I mean how should I change .ovpn files or alter sudo openvpn --config <AirVPN_config_file> command?

Share this post


Link to post

It doesn't matter, really, all DNS lookups are done inside the tunnel, anyway. It's your "responsibility" to use DNS servers you trust, for example with anonymized or no logging at all. Lookups to AirDNS simply don't leave the VPN and are, by that definition, "quieter".

 

If that's correct, what do I need to do with OpenVPN CLI client on my Mac, without changing DNS servers in my network interface?

 

There is no other way but to change the DNS servers of your network interface as the network interface is the physical bond between you and the internet, so to speak, using its configuration.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

Wed Nov 21 12:14:45 GMT 2018

 

@nva:

 

0.  To assist you best,  if would be good to include the complete connection log.

1.  You need an external script to set the system-wide DNS servers on macOS.  See on github: andrewgdotcom/openvpn-mac-dns

2.  The advantage of using Eddie is that it sets up DNS for you.

 

HTH

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...