OpenVPN with Adguard

Jenova

@girish ok. I just did this and my computer cannot connect to any site.

girish

To add, I see the DNS being set nicely via systemd-resolve --status

Link 15 (tun0)
      Current Scopes: DNS                   
DefaultRoute setting: yes                   
       LLMNR setting: yes                   
MulticastDNS setting: no                    
  DNSOverTLS setting: no                    
      DNSSEC setting: no                    
    DNSSEC supported: no                    
  Current DNS Server: 173.255.211.103       
         DNS Servers: 173.255.211.103       
          DNS Domain: ~.                    
                      openvpn.cloudron.space

Jenova

@girish do you think I need to reinstall both?

girish

@Jenova which OS/client are you using ? I think it's probably some networking related issue we have to debug step by step.

Are you able to ping by IP address? Can you ping Cloudron server by IP ?
Then, host cloudron.io adguard-ip-address . Does this work ?
Then, we have to figure if the openvpn client configured the OS with the right DNS server.

To test a couple of more things:

Can you try with setting the DNS server as 8.8.8.8 (this is the Google DNS). Does that work?

Jenova

I'm confused. Do you want me to run that host command in my server? Is adguard-ip-address what I should put or should I put the ip address of my server?

Ping? How do I do that?

Where am I putting the Google DNS? In my OpenVPN Settings page?

Sorry, I have literally no idea what I'm doing here and I'm actually kinda frustrated.

Jenova

@Jenova said in OpenVPN with Adguard:

I'm confused. Do you want me to run that host command in my server? Is adguard-ip-address what I should put or should I put the ip address of my server?

Ping? How do I do that?

Where am I putting the Google DNS? In my OpenVPN Settings page?

Sorry, I have literally no idea what I'm doing here and I'm actually kinda frustrated.

Ok, so to update, i put the Google DNS inside of OpenVPN's settings and still no connection was being made

girish

@Jenova Let's take a step back, I feel I made too many assumptions here.

Without any of this DNS stuff, does the OpenVPN app work for you with the defaults? I assumed it does, but I want to double check this. If it does work, can you tell me

a) where is your server hosted? Intranet or public cloud ? Anything special I need to know about the network?

b) which OS and vpn client are you connecting from ? This is important to debug further because all the commands I am giving you are for linux desktop.

Jenova

@girish said in OpenVPN with Adguard:

@Jenova Let's take a step back, I feel I made too many assumptions here.

Without any of this DNS stuff, does the OpenVPN app work for you with the defaults? I assumed it does, but I want to double check this. If it does work, can you tell me

a) where is your server hosted? Intranet or public cloud ? Anything special I need to know about the network?

b) which OS and vpn client are you connecting from ? This is important to debug further because all the commands I am giving you are for linux desktop.

I assume Intranet. Its a VPS with HostWorld. I have no idea if there is anything you need to know about the network.

The OS on my VPS is ubuntu-20.04-x86_64 and im using Windows 11 (Insider Edition, if that makes a difference).

girish

@Jenova thanks.

With the default OpenVPN app settings, please connect from Windows. After connecting, can you please check what it says the DNS server is? https://askleo.com/find-dns-server-used-pc/ says if you run ipconfig /all , it will display the DNS servers. Can you post what that command returns?

Also, I am not a Windows expert. TBH, I haven't even used Windows in many years, but I will try my best and let's see how far we get

Jenova

@girish said in OpenVPN with Adguard:

@Jenova thanks.

With the default OpenVPN app settings, please connect from Windows. After connecting, can you please check what it says the DNS server is? https://askleo.com/find-dns-server-used-pc/ says if you run ipconfig /all , it will display the DNS servers. Can you post what that command returns?

Also, I am not a Windows expert. TBH, I haven't even used Windows in many years, but I will try my best and let's see how far we get

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAPTOP-6ELGD60J
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Unknown adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Physical Address. . . . . . . . . : 00-FF-AD-F9-6D-8C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a5dd:8a2a:5344:20e8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 184614829
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-BC-70-C5-8C-C8-4B-15-8E-95
   DNS Servers . . . . . . . . . . . : 10.8.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 8E-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : CE-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8821CE 802.11ac PCIe Adapter
   Physical Address. . . . . . . . . : 8C-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 17, 2022 7:51:32 AM
   Lease Expires . . . . . . . . . . : Wednesday, May 18, 2022 7:03:45 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 8C-C8-4B-15-8E-96
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

girish

@Jenova said in OpenVPN with Adguard:

DNS Servers . . . . . . . . . . . : 10.8.0.1

So, the above line tells us that it got the internal DNS server correctly. So, far so good!

Next step: Disconnect from VPN. Then, go to the OpenVPN settings and put '8.8.8.8' as the DNS server. (https://docs.cloudron.io/apps/openvpn/#custom-dns-server) . Now, connect again.

Are you able to connect to VPN or is it that you are able to connect to VPN but unable to connect to any website? If you run ipconfig /all again now like before, what is the output ? (I am expecting the DNS Severs to be 8.8.8.8).

Jenova

@girish said in OpenVPN with Adguard:

@Jenova said in OpenVPN with Adguard:

DNS Servers . . . . . . . . . . . : 10.8.0.1

So, the above line tells us that it got the internal DNS server correctly. So, far so good!

Next step: Disconnect from VPN. Then, go to the OpenVPN settings and put '8.8.8.8' as the DNS server. (https://docs.cloudron.io/apps/openvpn/#custom-dns-server) . Now, connect again.

Are you able to connect to VPN or is it that you are able to connect to VPN but unable to connect to any website? If you run ipconfig /all again now like before, what is the output ? (I am expecting the DNS Severs to be 8.8.8.8).

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAPTOP-6ELGD60J
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Unknown adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Physical Address. . . . . . . . . : 00-FF-AD-F9-6D-8C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a5dd:8a2a:5344:20e8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 184614829
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-BC-70-C5-8C-C8-4B-15-8E-95
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 8E-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : CE-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8821CE 802.11ac PCIe Adapter
   Physical Address. . . . . . . . . : 8C-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 17, 2022 7:51:32 AM
   Lease Expires . . . . . . . . . . : Wednesday, May 18, 2022 7:03:45 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 8C-C8-4B-15-8E-96
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

It's funny cuz now i can connect. I actually uninstalled Edge and all related software to Edge and installed Brave instead and i can connect to literally everything. I'm going to try my server again and see if i can connect now.

Edit: As expected, i cant connect.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAPTOP-6ELGD60J
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Unknown adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Physical Address. . . . . . . . . : 00-FF-AD-F9-6D-8C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a5dd:8a2a:5344:20e8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 184614829
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-BC-70-C5-8C-C8-4B-15-8E-95
   DNS Servers . . . . . . . . . . . : 23.237.137.11
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 8E-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : CE-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8821CE 802.11ac PCIe Adapter
   Physical Address. . . . . . . . . : 8C-C8-4B-15-8E-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 17, 2022 7:51:32 AM
   Lease Expires . . . . . . . . . . : Wednesday, May 18, 2022 7:03:44 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 8C-C8-4B-15-8E-96
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

girish

@Jenova said in OpenVPN with Adguard:

DNS Servers . . . . . . . . . . . : 8.8.8.8

Ah nice, it does get the configuration correctly!

Its funny cuz now i can connect.

One thing to know is that these days browsers also have all sorts of DNS caching going on. So, best to restart browser to make sure we are testing things afresh.

Jenova

@girish said in OpenVPN with Adguard:

@Jenova said in OpenVPN with Adguard:

DNS Servers . . . . . . . . . . . : 8.8.8.8

Ah nice, it does get the configuration correctly!

Its funny cuz now i can connect.

One thing to know is that these days browsers also have all sorts of DNS caching going on. So, best to restart browser to make sure we are testing things afresh.

Edited my response.

girish

@Jenova said in OpenVPN with Adguard:

It's funny cuz now i can connect. I actually uninstalled Edge and all related software to Edge and installed Brave instead and i can connect to literally everything. I'm going to try my server again and see if i can connect now.
Edit: As expected, i cant connect.

Can you tell me what happened between being able to connect initially and not being able to later?

In the output where you can't connect, the DNS server is wrong 23.237.137.11 .

Also, out of curiosity, maybe you can also try to connect from your phone and see if you are able to connect. This will help identify if this is some openvpn client issue or some server side issue. I suspect something with Windows OpenVPN client.

Jenova

@girish said in OpenVPN with Adguard:

@Jenova said in OpenVPN with Adguard:

It's funny cuz now i can connect. I actually uninstalled Edge and all related software to Edge and installed Brave instead and i can connect to literally everything. I'm going to try my server again and see if i can connect now.
Edit: As expected, i cant connect.

Can you tell me what happened between being able to connect initially and not being able to later?

In the output where you can't connect, the DNS server is wrong 23.237.137.11 .

Also, out of curiosity, maybe you can also try to connect from your phone and see if you are able to connect. This will help identify if this is some openvpn client issue or some server side issue. I suspect something with Windows OpenVPN client.

I added the IP address of where my AdGuard is hosted.

23.237.137.11 is the ip of which both Adguard and OpenVPN are hosted at so i assumed it would be what i would put in OpenVPN's DNS.

I will try tho and report back

Edit: It works flawlessly on my phone.

girish

@Jenova I guess that's good news and bad news

I have to leave you on your own here, since I have no clue how Windows DNS works. See http://woshub.com/dns-resolution-via-vpn-not-working-windows/ and https://serverfault.com/questions/356115/vpn-connection-causes-dns-to-use-wrong-dns-server for maybe some ideas.

Jenova

@girish said in OpenVPN with Adguard:

@Jenova I guess that's good news and bad news

I have to leave you on your own here, since I have no clue how Windows DNS works. See http://woshub.com/dns-resolution-via-vpn-not-working-windows/ and https://serverfault.com/questions/356115/vpn-connection-causes-dns-to-use-wrong-dns-server for maybe some ideas.

Unfortunate but I'll ask on Adguard and OpenVPN forums then. Thanks for your time.

ApplegateR

@Jenova it happen to me when I didn't add my secondary Server IP(Adguard) on primary vpn server with cloudron.

So I went to my adguard server and I had go to setting on webgui->setting->dns-> allow client so I added primary IP on there and now it working.

Jenova

@ApplegateR said in OpenVPN with Adguard:

@Jenova it happen to me when I didn't add my secondary Server IP(Adguard) on primary vpn server with cloudron.

So I went to my adguard server and I had go to setting on webgui->setting->dns-> allow client so I added primary IP on there and now it working.

I don't have a secondary IP. The VPS with which OpenVPN is hosted on is also the one Adguard is hosted on. There is only one IP for that server.

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

OpenVPN with Adguard