Jump to content
Not connected, Your IP: 18.222.20.30
nva

IP does not resolve on macOS OpenVPN client unless I have to manually add public DNS servers in network interface.

Recommended Posts

Hello everyone, new AirVPN user here.
 
On my Macbook Pro, I use OpenVPN CLI client from Homebrew package manager instead of Eddie or Tunnelblick. I can connect to AirVPN server but can't browse any thing. From the terminal I can ping IP addresses but can't ping any website. This led me to think that something wrong with DNS.

Some excerpts from CLI log:

Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
Opened utun device utun1
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

sudo route flush after turning off Wifi on my machine does not solve the problem.

I can fix this by manually adding Google DNS (8.8.8.8 and 8.8.4.4) to my network preference. It is weird because I already set these DNS servers on my home router.
 
In contrast, on my Windows machine, with official OpenVPN GUI client, I have no problem at all. And I don't need to manually config DNS server on the network adapter as I have to with my Mac.
 
As far as I know, all AirVPN exit nodes enforce their own DNS server on their side, so I don't know why not setting DNS servers on my network interface causes the problem.
 
Would using public DNS servers in my fix undermine my privacy, such as DNS leak? Also, is there any other fix for my Mac that does not require me to change DNS server on the network interface?

Share this post


Link to post

As far as I know, all AirVPN exit nodes enforce their own DNS server on their side, so I don't know why not setting DNS servers on my network interface causes the problem.

 

Nothing is forced. It's pushed to the clients by PUSH_REPLY, but you can set your own in Eddie. Which answers:

 

Also, is there any other fix for my Mac that does not require me to change DNS server on the network interface?

 


 

 

Would using public DNS servers in my fix undermine my privacy, such as DNS leak?

 

Using Google DNS sure does that. Use OpenNIC servers for example instead of these.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

 

Nothing is forced. It's pushed to the clients by PUSH_REPLY, but you can set your own in Eddie. Which answers:

I'm little confused here. As I understand, for best privacy I should use DNS servers built into AirVPN exit nodes? If that's correct, what do I need to do with OpenVPN CLI client on my Mac, without changing DNS servers in my network interface? I mean how should I change .ovpn files or alter sudo openvpn --config <AirVPN_config_file> command?

Share this post


Link to post

It doesn't matter, really, all DNS lookups are done inside the tunnel, anyway. It's your "responsibility" to use DNS servers you trust, for example with anonymized or no logging at all. Lookups to AirDNS simply don't leave the VPN and are, by that definition, "quieter".

 

If that's correct, what do I need to do with OpenVPN CLI client on my Mac, without changing DNS servers in my network interface?

 

There is no other way but to change the DNS servers of your network interface as the network interface is the physical bond between you and the internet, so to speak, using its configuration.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Wed Nov 21 12:14:45 GMT 2018

 

@nva:

 

0.  To assist you best,  if would be good to include the complete connection log.

1.  You need an external script to set the system-wide DNS servers on macOS.  See on github: andrewgdotcom/openvpn-mac-dns

2.  The advantage of using Eddie is that it sets up DNS for you.

 

HTH

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...