DNS Server address not set when split DNS is turned on

Got a problem with Viscosity or need help? Ask here!

dteller

Posts: 2
Joined: Tue May 24, 2016 1:54 am

Post by dteller » Tue May 24, 2016 2:05 am
When I set the DNS to Remote Full, the DNS Server gets properly registered, but when I set it to split, it gets the DNS suffix but uses the loop back address. I am using OpenVPN Server

FULL

Ethernet adapter Viscosity:

Connection-specific DNS Suffix . : .ops.cibotechnologies.com
Description . . . . . . . . . . . : Viscosity Virtual Adapter V9.1
Physical Address. . . . . . . . . : 00-FF-79-19-F1-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.27.248.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Monday, May 23, 2016 11:37:22 AM
Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 11:37:22 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.27.255.254
DNS Servers . . . . . . . . . . . : 10.10.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled

May 23 11:37:18 AM: State changed to Connecting
May 23 11:37:18 AM: Viscosity Windows 1.6.4 (1448)
May 23 11:37:18 AM: Running on Microsoft Windows 10 Pro
May 23 11:37:18 AM: Bringing up interface...
May 23 11:37:19 AM: Checking reachability status of connection...
May 23 11:37:19 AM: Connection is reachable. Starting connection attempt.
May 23 11:37:19 AM: OpenVPN 2.3.11 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 11 2016
May 23 11:37:19 AM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
May 23 11:37:20 AM: Control Channel Authentication: using 'C:\Program Files\Common Files\Viscosity\OpenVPNConfig\dteller\3\ta.key' as a OpenVPN static key file
May 23 11:37:20 AM: UDPv4 link local: [undef]
May 23 11:37:20 AM: UDPv4 link remote: [AF_INET]52.1.99.194:1194
May 23 11:37:20 AM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 23 11:37:20 AM: [OpenVPN Server] Peer Connection Initiated with [AF_INET]52.1.99.194:1194
May 23 11:37:26 AM: Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
May 23 11:37:26 AM: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:21: block-ipv6 (2.3.11)
May 23 11:37:26 AM: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 23 11:37:26 AM: open_tun, tt->ipv6=0
May 23 11:37:26 AM: TAP-WIN32 device [Viscosity] opened: \\.\Global\{7919F146-74C7-4D6D-B614-0D65B0CEDD58}.tap
May 23 11:37:26 AM: Set TAP-Windows TUN subnet mode network/local/netmask = 172.27.248.0/172.27.248.71/255.255.248.0 [SUCCEEDED]
May 23 11:37:26 AM: Notified TAP-Windows driver to set a DHCP IP/netmask of 172.27.248.71/255.255.248.0 on interface {7919F146-74C7-4D6D-B614-0D65B0CEDD58} [DHCP-serv: 172.27.255.254, lease-time: 31536000]
May 23 11:37:26 AM: Successful ARP Flush on interface [12] {7919F146-74C7-4D6D-B614-0D65B0CEDD58}
May 23 11:37:31 AM: Initialization Sequence Completed
May 23 11:37:34 AM: DNS set to Full.
May 23 11:37:34 AM: State changed to Connected

SPLIT

Ethernet adapter Viscosity:

Connection-specific DNS Suffix . : .ops.cibotechnologies.com
Description . . . . . . . . . . . : Viscosity Virtual Adapter V9.1
Physical Address. . . . . . . . . : 00-FF-79-19-F1-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.27.248.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Monday, May 23, 2016 11:39:37 AM
Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 11:39:47 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.27.255.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Remote Split
May 23 11:39:20 AM: State changed to Connecting
May 23 11:39:20 AM: Viscosity Windows 1.6.4 (1448)
May 23 11:39:20 AM: Running on Microsoft Windows 10 Pro
May 23 11:39:20 AM: Bringing up interface...
May 23 11:39:20 AM: Checking reachability status of connection...
May 23 11:39:20 AM: Connection is reachable. Starting connection attempt.
May 23 11:39:20 AM: OpenVPN 2.3.11 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 11 2016
May 23 11:39:20 AM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
May 23 11:39:21 AM: Control Channel Authentication: using 'C:\Program Files\Common Files\Viscosity\OpenVPNConfig\dteller\3\ta.key' as a OpenVPN static key file
May 23 11:39:21 AM: UDPv4 link local: [undef]
May 23 11:39:21 AM: UDPv4 link remote: [AF_INET]52.1.99.194:1194
May 23 11:39:21 AM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 23 11:39:21 AM: [OpenVPN Server] Peer Connection Initiated with [AF_INET]52.1.99.194:1194
May 23 11:39:40 AM: Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
May 23 11:39:40 AM: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:21: block-ipv6 (2.3.11)
May 23 11:39:40 AM: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 23 11:39:40 AM: open_tun, tt->ipv6=0
May 23 11:39:40 AM: TAP-WIN32 device [Viscosity] opened: \\.\Global\{7919F146-74C7-4D6D-B614-0D65B0CEDD58}.tap
May 23 11:39:40 AM: Set TAP-Windows TUN subnet mode network/local/netmask = 172.27.248.0/172.27.248.72/255.255.248.0 [SUCCEEDED]
May 23 11:39:40 AM: Notified TAP-Windows driver to set a DHCP IP/netmask of 172.27.248.72/255.255.248.0 on interface {7919F146-74C7-4D6D-B614-0D65B0CEDD58} [DHCP-serv: 172.27.255.254, lease-time: 31536000]
May 23 11:39:40 AM: Successful ARP Flush on interface [12] {7919F146-74C7-4D6D-B614-0D65B0CEDD58}
May 23 11:39:40 AM: NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: The parameter is incorrect. (code=87)
May 23 11:39:45 AM: Initialization Sequence Completed
May 23 11:39:56 AM: DNS set to Split, report follows:
Server - 8.8.8.8:53; Lookup Type - Any; Domains - None
Server - 8.8.4.4:53; Lookup Type - Any; Domains - None
Server - 10.10.0.2:53; Lookup Type - Split; Domains - .ops.cibotechnologies.com.

OpenVPN Server Log
2016-05-23 11:36:19-0400 [-] OVPN 2 OUT: 'Mon May 23 15:36:19 2016 dteller/209.160.145.102:19461 SIGTERM[soft,remote-exit] received, client-instance exiting'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 TLS: Initial packet from [AF_INET]209.160.145.102:7369, sid=bef29d5d 976f3128'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 VERIFY OK: depth=1, /CN=OpenVPN CA'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 VERIFY OK: nsCertType=CLIENT'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 VERIFY OK: depth=0, /CN=dteller'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 peer info: IV_VER=2.3.11'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 peer info: IV_PLAT=win'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 peer info: IV_PROTO=2'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 peer info: IV_HWADDR=84:7b:eb:05:7c:4b'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 peer info: IV_SSL=OpenSSL_1.0.2h__3_May_2016'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:22 2016 209.160.145.102:7369 [dteller] Peer Connection Initiated with [AF_INET]209.160.145.102:7369'
2016-05-23 11:37:22-0400 [-] AUTH SUCCESS {'status': 0, 'reason': u'LDAP auth succeeded on ldaps://prod-ds1.ops.cibotechnologies.com:1636/', 'serial_list': [], 'user': u'dteller', 'proplist': {u'prop_autologin': u'false', u'prop_deny': u'false', u'prop_autogenerate': u'true', u'conn_group': u'Users', u'prop_superuser': u'false'}, 'common_name': u'dteller', 'serial': '6'} cli=u'win'/u'2.3.11'
2016-05-23 11:37:22-0400 [-] OVPN 2 OUT: "Mon May 23 15:37:22 2016 MANAGEMENT: CMD 'client-auth 66 0'"
2016-05-23 11:37:23-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:23 2016 dteller/209.160.145.102:7369 OPTIONS IMPORT: compression parms modified'
2016-05-23 11:37:23-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:23 2016 dteller/209.160.145.102:7369 MULTI: Learn: 172.27.248.71 -> dteller/209.160.145.102:7369'
2016-05-23 11:37:23-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:23 2016 dteller/209.160.145.102:7369 MULTI: primary virtual IP for dteller/209.160.145.102:7369: 172.27.248.71'
2016-05-23 11:37:25-0400 [-] OVPN 2 OUT: 'Mon May 23 15:37:25 2016 dteller/209.160.145.102:7369 send_push_reply(): safe_cap=940'
2016-05-23 11:37:25-0400 [-] OVPN 2 OUT: "Mon May 23 15:37:25 2016 dteller/209.160.145.102:7369 SENT CONTROL [dteller]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 172.27.248.1,route 172.27.224.0 255.255.240.0,route 10.10.0.0 255.255.0.0,dhcp-option DNS 10.10.0.2,dhcp-option DOMAIN .ops.cibotechnologies.com,register-dns,block-ipv6,ifconfig 172.27.248.71 255.255.248.0' (status=1)"
2016-05-23 11:37:58-0400 [-] WEB OUT: '2016-05-23 11:37:58-0400 [-] expired session 153937d3794011c7b71ea581b9433f2c'
2016-05-23 11:37:58-0400 [-] WEB OUT: '2016-05-23 11:37:58-0400 [-] Logout of portal <twisted.cred.portal.Portal instance at 0x7f0ca8fc7e60>'
2016-05-23 11:39:09-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:09 2016 dteller/209.160.145.102:7369 SIGTERM[soft,remote-exit] received, client-instance exiting'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 TLS: Initial packet from [AF_INET]209.160.145.102:44427, sid=303d27f2 cbac5cbc'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 VERIFY OK: depth=1, /CN=OpenVPN CA'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 VERIFY OK: nsCertType=CLIENT'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 VERIFY OK: depth=0, /CN=dteller'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 peer info: IV_VER=2.3.11'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 peer info: IV_PLAT=win'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 peer info: IV_PROTO=2'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 peer info: IV_HWADDR=84:7b:eb:05:7c:4b'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 peer info: IV_SSL=OpenSSL_1.0.2h__3_May_2016'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:24 2016 209.160.145.102:44427 [dteller] Peer Connection Initiated with [AF_INET]209.160.145.102:44427'
2016-05-23 11:39:24-0400 [-] AUTH SUCCESS {'status': 0, 'reason': u'LDAP auth succeeded on ldaps://prod-ds1.ops.cibotechnologies.com:1636/', 'serial_list': [], 'user': u'dteller', 'proplist': {u'prop_autologin': u'false', u'prop_deny': u'false', u'prop_autogenerate': u'true', u'conn_group': u'Users', u'prop_superuser': u'false'}, 'common_name': u'dteller', 'serial': '6'} cli=u'win'/u'2.3.11'
2016-05-23 11:39:24-0400 [-] OVPN 2 OUT: "Mon May 23 15:39:24 2016 MANAGEMENT: CMD 'client-auth 67 0'"
2016-05-23 11:39:25-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:25 2016 dteller/209.160.145.102:44427 OPTIONS IMPORT: compression parms modified'
2016-05-23 11:39:25-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:25 2016 dteller/209.160.145.102:44427 MULTI: Learn: 172.27.248.72 -> dteller/209.160.145.102:44427'
2016-05-23 11:39:25-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:25 2016 dteller/209.160.145.102:44427 MULTI: primary virtual IP for dteller/209.160.145.102:44427: 172.27.248.72'
2016-05-23 11:39:26-0400 [-] OVPN 2 OUT: 'Mon May 23 15:39:26 2016 dteller/209.160.145.102:44427 send_push_reply(): safe_cap=940'
2016-05-23 11:39:26-0400 [-] OVPN 2 OUT: "Mon May 23 15:39:26 2016 dteller/209.160.145.102:44427 SENT CONTROL [dteller]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-token SESS_ID,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,route-gateway 172.27.248.1,route 172.27.224.0 255.255.240.0,route 10.10.0.0 255.255.0.0,dhcp-option DNS 10.10.0.2,dhcp-option DOMAIN .ops.cibotechnologies.com,register-dns,block-ipv6,ifconfig 172.27.248.72 255.255.248.0' (status=1)"

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue May 24, 2016 9:51 am
Hi dteller,

This is the correct behaviour. Viscosity proxies DNS requests in Split mode by Domains set on your VPN connection (and other adapters) to best decide where to send DNS requests. Please see the following for more information - http://sparklabs.com/blog/upcoming-dns- ... osity-1-6/

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue May 24, 2016 9:54 am
Hi dteller,

I should also add your domain may be causing issues with lookups as it is invalid. Please remove the leading dot from the address to prevent any issues.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

dteller

Posts: 2
Joined: Tue May 24, 2016 1:54 am

Post by dteller » Tue May 24, 2016 12:12 pm
Fixing the domain solved the problem!

Thanks Much

Dave Teller
4 posts Page 1 of 1