Jump to content


Photo

IP does not resolve on macOS OpenVPN client unless I have to manually add public DNS servers in network interface.

MacOS DNS

  • Please log in to reply
4 replies to this topic

#1 nva

nva

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 20 November 2018 - 07:35 PM

Hello everyone, new AirVPN user here.
 
On my Macbook Pro, I use OpenVPN CLI client from Homebrew package manager instead of Eddie or Tunnelblick. I can connect to AirVPN server but can't browse any thing. From the terminal I can ping IP addresses but can't ping any website. This led me to think that something wrong with DNS.

Some excerpts from CLI log:

Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
Opened utun device utun1
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure

sudo route flush after turning off Wifi on my machine does not solve the problem.

I can fix this by manually adding Google DNS (8.8.8.8 and 8.8.4.4) to my network preference. It is weird because I already set these DNS servers on my home router.
 
In contrast, on my Windows machine, with official OpenVPN GUI client, I have no problem at all. And I don't need to manually config DNS server on the network adapter as I have to with my Mac.
 
As far as I know, all AirVPN exit nodes enforce their own DNS server on their side, so I don't know why not setting DNS servers on my network interface causes the problem.
 
Would using public DNS servers in my fix undermine my privacy, such as DNS leak? Also, is there any other fix for my Mac that does not require me to change DNS server on the network interface?



#2 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 20 November 2018 - 09:55 PM

As far as I know, all AirVPN exit nodes enforce their own DNS server on their side, so I don't know why not setting DNS servers on my network interface causes the problem.

 

Nothing is forced. It's pushed to the clients by PUSH_REPLY, but you can set your own in Eddie. Which answers:

 

Also, is there any other fix for my Mac that does not require me to change DNS server on the network interface?

 

 

 

Would using public DNS servers in my fix undermine my privacy, such as DNS leak?

 

Using Google DNS sure does that. Use OpenNIC servers for example instead of these.


  • nva likes this

Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#3 nva

nva

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 21 November 2018 - 09:40 AM


Nothing is forced. It's pushed to the clients by PUSH_REPLY, but you can set your own in Eddie. Which answers:

I'm little confused here. As I understand, for best privacy I should use DNS servers built into AirVPN exit nodes? If that's correct, what do I need to do with OpenVPN CLI client on my Mac, without changing DNS servers in my network interface? I mean how should I change .ovpn files or alter sudo openvpn --config <AirVPN_config_file> command?



#4 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 21 November 2018 - 10:25 AM

It doesn't matter, really, all DNS lookups are done inside the tunnel, anyway. It's your "responsibility" to use DNS servers you trust, for example with anonymized or no logging at all. Lookups to AirDNS simply don't leave the VPN and are, by that definition, "quieter".

 

If that's correct, what do I need to do with OpenVPN CLI client on my Mac, without changing DNS servers in my network interface?

 

There is no other way but to change the DNS servers of your network interface as the network interface is the physical bond between you and the internet, so to speak, using its configuration.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#5 rprimus

rprimus

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 21 November 2018 - 12:24 PM

Wed Nov 21 12:14:45 GMT 2018

 

@nva:

 

0.  To assist you best,  if would be good to include the complete connection log.

1.  You need an external script to set the system-wide DNS servers on macOS.  See on github: andrewgdotcom/openvpn-mac-dns

2.  The advantage of using Eddie is that it sets up DNS for you.

 

HTH







Similar Topics Collapse


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 15321 - BW: 56943 Mbit/sYour IP: 3.82.52.91Guest Access.