Open krzee opened 1 year ago
Hi,
On Wed, Mar 15, 2023 at 11:01:53AM -0700, krzee wrote:
Version information (please complete the following information): All openvpn2 versions. This was fixed in openvpn3 as of version 16_beta which was released October 2021
Additional context This would be super helpful for corp's openvpn cloud service. This affects us.
Send a patch...
gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany @.***
im ops, not a C dev. if i could send a patch i would. That's why i made a feature request. dazo told me that this is the right place to put it
This has only been discussed internally, we have fixes in OpenVPN 3 Core library which resolves this issue (https://github.com/OpenVPN/openvpn3/commit/e365c44b08658, https://github.com/OpenVPN/openvpn3/commit/2e3774c059705, https://github.com/OpenVPN/openvpn3/commit/397da52d3c29dad53dbfdfe796763ed3f484574f, https://github.com/OpenVPN/openvpn3/commit/0d32d45ab780cb36c88b149c4cd8a024c8f40f83).
We need to take a stance on the right behaviour for OpenVPN 2.x. I don't recall if this has been discussed in the OpenVPN 2.x context or not.
For the time being, OpenVPN 3 Linux and the next round of major updates to OpenVPN Connect clients are those which will handle this situation as described.
This can probably be seen more as a feature request than a bug, but it has to be a common problem. I know it affects users of corp's cloud service
Describe the bug When a user configures push-dns and persist-tun and then gets disconnected they cannot reach the DNS server to resolve --remote entries. If DNS has changed they will be stuck forever trying to reconnect until they restart the process. This is a common configuration as the same users who do not wish to leak DNS also want a "internet killswitch" which is persist-tun
To Reproduce use a DNS server that is only reachable over the VPN (push-dns and/or redirect-gateway) + persist-tun. Change DNS for the hostname(s) in --remote. Kill old server, simulating a server migration.
Expected behavior It would be nice if the client was able to refresh its DNS for --remote entries while still connected, so that if the VPN server migrates with the above config options in place it can still connect.
Version information (please complete the following information): All openvpn2 versions. This was fixed in openvpn3 as of version 16_beta which was released October 2021
Additional context This would be super helpful for corp's openvpn cloud service. This affects us.