Jump to content
Not connected, Your IP: 3.137.221.114

Recommended Posts

Guest

I am experiencing intermitting DNS problems, where noting gets resolved anymore. I am using Eddie 2.21.3beta and Wireguard. I have to connect to another server for DNS to work again. Which server doesn'tmatter, as after some time to problem reoccurs and I have to connect to yet another server to get it working again for some time. Rinse and repeat so to say.

I have no idea if it is either Eddie, Wireguard or something else related.

Share this post


Link to post

I am seeing the same for a while now on pfsense. Changing server or restarting the forwarder seems to fix this.

Share this post


Link to post
Guest

To rule out that Eddie is the cause, I'll be using Wireguard's own client for a while now. I pity the DNS leaks, but I cannot block traffic ouside the tunnnel because I am ddepending on iSCSI locally.

Share this post


Link to post
Posted ... (edited)

Same issue here on opnsense. I had to switch to Cloudflare DNS as sites would stop resolving randomly and when they did, it was quite slow.

Edited ... by QuarkZ

Share this post


Link to post

Same issue - also on openSUSE using Eddie 2.21.1beta

Edit - DNS starts working again if I wait long enough without changing the server or disconnecting/reconnecting.

Share this post


Link to post

I'm seeing the same. Complete nightmare it's happening that often. I have to disconnect from VPN, use the ISP's DNS to resolve the name, then reconnect VPN and name now resolved it works OK.

Been going on for quite some time and includes mainstream web sites e.g. just happened on www.theguardian.com - one of the main UK national press/newspaper web sites.

Is there any way to create ovpn configs specifying DNS server IP addresses (so I can switch to somebody else's)?

Share this post


Link to post
Guest

Probably too early to draw conclusions, but I am using Wireguard's own client for 24 hours and didn't have any DNS problems since. However, it could well be possible that, due to dns leaking, another dns server is used. (no blocking outside tunnel because I need local iSCSI).

Edit I should have checked before posting as indeed resolving is done through the dns servers leaking, not airvpn's dns server.

Share this post


Link to post
Posted ... (edited)

I've been experiencing the same for weeks now; happened out of nowhere without any config or hardware changes. Connection is alive, but DNS queries are not getting resolved. I tried two different version of Eddie on different machines and run a VPN client on an Asus AC86U as well.

About a month ago, the first VPN client set up on the router couldn't connect anymore after rebooting. Log reports the following:

Jan 3 01:07:02 ovpn-client1[5867]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org, serial=<numbers removed - not sure if necesssary>
Jan 3 01:07:02 ovpn-client1[5867]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)
Jan 3 01:07:02 ovpn-client1[5867]: TLS_ERROR: BIO read tls_read_plaintext error
Jan 3 01:07:02 ovpn-client1[5867]: TLS Error: TLS object -> incoming plaintext read error
Jan 3 01:07:02 ovpn-client1[5867]: TLS Error: TLS handshake failed

No changes on my side so I figured it's been a while since I set this up and upgraded to OpenVPN 2.5 when updating the Asus firmware so why not generate a new config file. New config file set up on new VPN client profile yielded the same results. Still had a backup VPN client configured (the router allows up to 5 VPN client profiles) which I set up the same day as the faulty one. Surprisingly enough it connected right away which led me to believe something must have gone wrong with the config of the faulty VPN client. However, without making any changes at all, that faulty profile connects after 10-15 minutes upon reboot. In summary, VPN#1 (old config) and VPN#3 (new config with same server as VPN#1) doesn't connect, VPN#2 connects immediately and VPN#1 connects after all albeit only a while after the router was rebooted.

DNS entries are defined on the router to avoid using an ISP DNS server. First DNS is 10.4.0.1 (AirVPN) while the second one is an openNIC one. While there was a speed improvement switching from 10.4.0.1 to an openNIC DNS, the issue remained all the same. There are no DNS leaks from what I can tell and after about 200 times refreshing ipleak.net I'm pretty confident traffic is going through the correct path.

Someone make it make sense, please!

Now, the systems I use Eddie on are split-tunneled so traffic is routed through WAN instead of a VPN connection to maximize speed. DNS issues were experienced on all systems regardless of using the router's VPN connection or Eddie. Sometimes the sites can't be reached for a few seconds other times it's minutes and a few times I was ready to throw a device out the window because it took even longer. It also works on one device while not on the other; two people simultaneously scroll through new content (think Reddit, Instragram, etc.) yet when two devices access the exact same content at the same time it might work on one but not the other.

I am not a network engineer by any stretch of the imagination but know enough to be dangerous and can hold my own in a conversation for the most part. This has been so increasingly frustrating that I broke down last night and tried a different VPN service. Hate to say it, but the connection has been flawless since I switched over. This is my 7th year with AirVPN and so far I was able to resolve any issue that arose (especially looking at you, Eddie!!), but I'm going to lose my mind if my wife keeps telling me that "the wifi has conked out again" several times a day.

Edited ... by root1337

Share this post


Link to post

Hello!

Can you please specify the exact servers where you can reliably reproduce the problem while you query VPN DNS? Note: if you cant' resolve names with other (not AirVPN's) public DNS, then the problem should be related to a broken connection, and not to VPN DNS:


@root1337

The error:
VERIFY ERROR: depth=1, error=certificate is not yet valid:

implies that the device date is incorrectly set to the past and the certificate is not yet valid in that date. It's possible that the router could not sync through NTP during the bootstrap. Actually the first DNS server you set (10.4.0.1) is accessible only from within the VPN, therefore it will not resolve any name, including NTP server names. The router will then fall back to the second DNS, the OpenNIC one. Since OpenNIC servers have been replaced and some of them suffered downtime, try a different DNS server (for example Quad9, address 9.9.9.9). Anyway this problem seems unrelated to the other DNS issue you report.

Kind regards
 

Share this post


Link to post
4 minutes ago, Staff said:

..... Since OpenNIC servers have been replaced and some of them suffered downtime, try a different DNS server (for example Quad9, address 9.9.9.9). Anyway this problem seems unrelated to the other DNS issue you report.


How do you replace the DNS with e.g. Quad9. I don't feel up to going through all my oVPN config files making edits (of through the OpenVPN client which requires editing each VPN config.

Share this post


Link to post
On 1/3/2022 at 8:58 PM, Psamathe said:

How do you replace the DNS with e.g. Quad9. I don't feel up to going through all my oVPN config files making edits (of through the OpenVPN client which requires editing each VPN config.

Hello!

That was a suggestion for another user as specified in the message, not for you. You can ignore it. 😋

Kind regards

Share this post


Link to post
Posted ... (edited)

 

1 hour ago, Staff said:

Hello!

We are currently unable to reproduce the reported DNS issues and we do not have tickets by users (not even one) that can help us investigate. Can you please specify the exact servers where you can reliably reproduce the problem while you query VPN DNS? Note: if you cant' resolve names with other (not AirVPN's) public DNS, then the problem should be related to a broken connection, and not to VPN DNS:


@root1337

The error:
VERIFY ERROR: depth=1, error=certificate is not yet valid:

implies that the device date is incorrectly set to the past and the certificate is not yet valid in that date. It's possible that the router could not sync through NTP during the bootstrap. Actually the first DNS server you set (10.4.0.1) is accessible only from within the VPN, therefore it will not resolve any name, including NTP server names. The router will then fall back to the second DNS, the OpenNIC one. Since OpenNIC servers have been replaced and some of them suffered downtime, try a different DNS server (for example Quad9, address 9.9.9.9). Anyway this problem seems unrelated to the other DNS issue you report.

Kind regards
 

Great point! This is indeed the case, the router reports May 5 before the NTP daemon starts and corrects to the current date. I still don't quite understand why Aludra doesn't connect while Alwaid does right away, but this certainly explains why it works after a while. Agreed, this is a separate "issue" altogether (not really an issue now that I know the actual root cause). Thank you! EDIT: Since I created the Alwaid config file a long time ago that probably explains why the old connection works (even without the NTP daemon providing the current date) while a newly created config file does not.

I've only grabbed the openNIC DNS two days ago to see if it makes any difference. All traffic is dropped without VPN connection so while 10.4.0.1 isn't accessible outside an AirVPN connection, it might not be the root cause of the failed DNS queries. Further, the systems using Eddie don't use the 10.4.0.1 DNS at all but rather the one provided by the server; Aludra, Alwaid, Angetenar, Gorgonea and Ross (which seems to be the most stable) are a few I tested.

So odd that not more users are reporting this issue. I figured it must be more widespread if other are posting about it here though a zero ticket count is very telling.

I was honestly surprised that staff hadn't commented before (saw a similar thread from a month or so ago on here) as I found AirVPN staff to be very responsive when it comes to legitimate issues. Good to see that hasn't changed. :good:
 
1 hour ago, Psamathe said:

How do you replace the DNS with e.g. Quad9. I don't feel up to going through all my oVPN config files making edits (of through the OpenVPN client which requires editing each VPN config.
That was for me as I manually define them on the router side. Sorry for any confusion this might have caused. Edited ... by root1337
Light bulb went off.

Share this post


Link to post
Guest
20 hours ago, Staff said:

Hello!

We are currently unable to reproduce the reported DNS issues and we do not have tickets by users (not even one) that can help us investigate. Can you please specify the exact servers where you can reliably reproduce the problem while you query VPN DNS? Note: if you cant' resolve names with other (not AirVPN's) public DNS, then the problem should be related to a broken connection, and not to VPN DNS:


Kind regards
 


Fait enough. I am using Eddie 2.21.3beta again and will report if the problem occurs again with specified details.

Share this post


Link to post

Was working much better last night for about ~7-8 hours or so. Issue started again around 0800 GMT (3 AM EST) with no connectivity for over five minutes. In the morning it was fine but issue arose again between 1230 GMT - 1330 GMT (7:30 AM - 8:30 AM EST). Doesn't matter which DNS I pick - happens on AirVPN and openNIC server(s).

When it works I've noticed that it's rather slow. I've started counting seconds in my head whenever I browse to a new page or click on a gif/video on Reddit, for example. While this is obviously far from a scientific approach, I usually wait 4 - 8 seconds before anything happens at which point I start wondering if it'll work at all or just take a while to load. The most frustrating part is that it only happens intermittently and nothing indicates why it's failing.

Used the same openNIC DNS server without VPN connection and it's all instantaneous, switched to a different VPN provider and zero wait times again; websites load with milliseconds, videos play right away, etc. I'll keep digging and report back if I find anything at all.

Share this post


Link to post
Guest

Short moment where DNS was not working at about 15:04, server Laraweg.

Share this post


Link to post

I had this problem also while using customized DNS blocking lists.  Turning off customization resolved the issue for me. 

Share this post


Link to post
Guest

I've decided to use my own dns server (Asus Merlin with Diversion blocklist and Cloudflare) because the dns problems are going on for a week now and I have enough of it.

I'll keep testing after all, but some guidance from the staff what I could try to tackle the issue would be helpful.

Share this post


Link to post

I'm experiencing the same issue. OpenVPN connection, stable Eddie v2.20.0 (Windows 8.1)
Nothing changed on my side for months and it already occurred about 5 times. Before the only server I noticed such behavior was Mirzam but today it also happened while I was using Crater. Wasn't able to resolve anything for about 5-10 seconds.

I thought this problem was only Mirzam-related but looks like there is something wrong with Air system-wide..

Yesterday opened support ticket - so far no reply.

Share this post


Link to post

Hello everybody!

Some guidelines to help us investigate. When you experience the problem please report here all the following information:

  • the fully qualified domain name you could not resolve
  • the server you were connected to
  • the connection mode and protocol (some OpenVPN mode or WireGuard)
  • the DNS block lists you had active, if any
  • the complete output of the command dig or nslookup pertaining to the "problematic" domain name

Kind regards
 

Share this post


Link to post
Guest

The only server working with asnbank.nl is Minchir in Ireland, so it is a problem with Airvpn. Not a DNS problem i think, because a nslookup could resolve the ip adress when connected to Laraweg.

Btw. I couldn't access Ebay either when this happened.
 

 

 

 

 

 

Share this post


Link to post
Guest

And now other servers can access https://www.asnbank.nl/home.html as well, and Ebay again. In my limited knowledge I think that there is another problem than dns, routing perhaps?

Share this post


Link to post
Guest
4 hours ago, Staff said:
@Karmatron

Hello!

You failed to follow the guidelines in your last messages. When you do so you don't help us effectively. Please follow the guidelines before publishing in this thread, thank you in advance.

About asnbank.nl we agree, the situation is probably caused by a block by the bank against VPN, Tor etc. and this event is alien to the topic issue.

Kind regards
 

That last port was a flollow up on the post before and te infor provided there was applicable. I should have made that clear.

Funny enough, on Alphirk I am able to connect to the ASNbank.nl right now. On Laraweg I am not. Both connected with Wireguard  DNS blocking list all off.

On Laraweg I get the following error fater a while.
 
Secure Connection Failed

An error occurred during a connection to www.asnbank.nl. PR_CONNECT_RESET_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.


NSlookup on Laraweg: nslookup asnbank.nl
Server:  UnKnown
Address:  10.128.0.1

Non-authoritative answer:
Name:    asnbank.nl
Address:  194.53.208.80

NSlookup on Alphirk: nslookup asnbank.nl
Server:  UnKnown
Address:  10.128.0.1

Non-authoritative answer:
Name:    asnbank.nl
Address:  194.53.208.80

No difference there, so no DNS problem imho.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...