block-outside-dns problem

[EverCurse]

in my client : this show an error below

2017-11-11 02:45:31 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: block-outside-dns (2.3.18)

and my config in docker like this:

Push Configurations Below

push "block-outside-dns" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"

so how can i resolve this problem ?

thank u

[jonathanfoster]

@EverCurse: What client are you using? I ran into a similar issue running from a terminal on Linux Mint. I was able to get around it by sudoing the command.

[buchdag]

The block-outside-dns is a Windows specific option:

--block-outside-dns Block DNS servers on other network adapters to prevent DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel. It uses Windows Filtering Platform (WFP) and works on Windows Vista or later. This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error. You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error. Note that pushing unknown options from server does not trigger fatal errors.

So you can safely ignore the error.

[EverCurse]

@jonathanfoster i use Tunnelblick client on mac, such as @buchdag said, when i delete this option,everything is ok. thanks

[jsolla]

I can confirm this issue using an OPENWRT router as client of the VPN.

Openvpn version on the router is the following: OpenVPN 2.3.11 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] library versions: OpenSSL 1.0.2m 2 Nov 2017, LZO 2.09 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sales@openvpn.net

The issue doesn't occur when using ubuntu 16 as client. This is the version used by ubuntu 16: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08

Also I can confirm deleting the block-outside-dns option from the server configuration works fine.

[EverCurse]

@jsolla yeah , you are right. thx

[psytechno604]

Meet the same problem. Want to disable it in config. How to do it? Any instructions? I am new to Linux/Docker etc., I made everything by instruction, but don't clearly understand, what exactly happens...

[jonathanfoster]

@psytechno604 I didn't run into this problem myself so I can't confirm, but I would try setting OVPN_DISABLE_PUSH_BLOCK_DNS to 1 in the ovpn_genconfig https://github.com/kylemanna/docker-openvpn/blob/30fcd3c6daa0de6dfb9f044f4a57d2cfad528b3c/bin/ovpn_genconfig#L153 Looks like you can do this by passing the argument -b https://github.com/kylemanna/docker-openvpn/blob/master/bin/ovpn_genconfig#L96. The Advanced doc has some examples of how to pass arguments using Docker (https://github.com/kylemanna/docker-openvpn/blob/master/bin/ovpn_genconfig#L96).

[amit-k-yadav]

@jonathanfoster using -b while docker run, helped me get rid of the issue. Thanks a lot.

[DaCHack]

The block-outside-dns is a Windows specific option:

--block-outside-dns Block DNS servers on other network adapters to prevent DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel. It uses Windows Filtering Platform (WFP) and works on Windows Vista or later. This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error. You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error. Note that pushing unknown options from server does not trigger fatal errors.

So you can safely ignore the error.

@buchdag But how do you ensure on linux, Android and iOS clients that no outside DNS can be used and DNS leaks are inhibited?

[buchdag]

@DaCHack that message is seven years old and I stopped using Open VPN a long time ago, sorry but I won't be able to provide any help.