client
dev tun
proto udp
remote vpn.xxx.com 1194
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
;pull dhcp-options
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
starting
root@xps-13:~# openvpn xxxVPN.ovpn
Wed Jan 1 12:35:11 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2019
Wed Jan 1 12:35:11 2020 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
Wed Jan 1 12:35:11 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 1 12:35:11 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jan 1 12:35:11 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]18.228.104.124:1194
Wed Jan 1 12:35:11 2020 UDP link local: (not bound)
Wed Jan 1 12:35:11 2020 UDP link remote: [AF_INET]x.x.x.x:1194
Wed Jan 1 12:35:13 2020 [server] Peer Connection Initiated with [AF_INET]18.228.104.124:1194
Wed Jan 1 12:35:14 2020 TUN/TAP device tun0 opened
Wed Jan 1 12:35:14 2020 /sbin/ip link set dev tun0 up mtu 1500
Wed Jan 1 12:35:14 2020 /sbin/ip addr add dev tun0 local 10.99.0.42 peer 10.99.0.41
Wed Jan 1 12:35:14 2020 /etc/openvpn/update-resolv-conf tun0 1500 1553 10.99.0.42 10.99.0.41 init
dhcp-option DNS 10.104.1.130
Wed Jan 1 12:35:19 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jan 1 12:35:19 2020 Initialization Sequence Completed
resolv.conf after connecting
root@xps-13:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 10.104.1.130
nameserver 127.0.0.53
search home tendawifi.com
root@xps-13:~# ping kibana-teahupoo.aws.xxx.com
ping: kibana-teahupoo.aws.xxx.com: Name or service not known
or browser
This site can’t be reached kibana-teahupoo.aws.xxx.com’s server IP address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN
systemd-resolve --status
root@xps-13:~$ systemd-resolve --status
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 10.104.1.130
DNS Servers: 10.104.1.130
DNS Domain: tendawifi.com
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (tun0)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (wlp2s0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.5.1
DNS Servers: 192.168.5.1
DNS Domain: ~.
tendawifi.com
Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
root@xps-13:/etc/openvpn# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-01-02 09:58:48 CET; 25min ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 12478 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 4915)
Memory: 3.1M
CGroup: /system.slice/systemd-resolved.service
└─12478 /lib/systemd/systemd-resolved
ene 02 10:17:07 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:17:07 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:17:15 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:18:41 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:18:41 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:18:41 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:19:02 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:19:02 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:19:02 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
ene 02 10:19:12 xps-13 systemd-resolved[12478]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
any clue ?
same config is running fine on a debian 10
this is a Ubuntu 19.10
package's version: openvpn-systemd-resolved: 1.3.0-3 openvpn: 2.4.7-1ubuntu2
config file
starting
resolv.conf after connecting
then some how DNS is resolved
but not for ping
or browser
systemd-resolve --status
Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
any clue ? same config is running fine on a debian 10 this is a Ubuntu 19.10