cancel
Showing results for 
Search instead for 
Did you mean: 

Android VPN - DNS woes

FIXED
Highlighted
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Android VPN - DNS woes

Yo

 

I got my VPN setup on my phone using the default android VPN setup and it works well enough in that I can access my local intranet by IP address and my file shares. Using the x-plore app on android I am able to access the LAN and my files so I'm happy with that.

The VPN endpoint is my Win7 Home Premium desktop machine.

The VPN endpoint shows an IP of 192.168.1.200
My phone shows an IP of 192.168.1.201

 

Now the problem I have is that I am unable to access any part of my intranet by domain name - eg 7up.lan and various others ending with .;lan.

I have a nameserver running on the same machine which hosts these internal intranet names and also acts as a resolver to the outside world.

When  I try to access an intranet domain there is no DNS request seen by my name server yet when I try to visit something like mail.yahoo.com my phone opens the page with no problem.

So.. clearly I need my dns requests to go to my Win7 machine but despite being connected by VPN it's not working and is somehow using it's usual 4G to the normal internet - which I understood to be completely overridden by VPN.

 

Any ideas please?

I need a new signature... i'm bored of the old one!
16 REPLIES
RichardB
Pro
Posts: 419
Thanks: 131
Fixes: 5
Registered: ‎19-11-2008

Re: Android VPN - DNS woes

Hi 7up,

Have you tried a DNS leak test on the phone?

https://www.dnsleaktest.com/

Ít should show which DNS the phone is using.

Is your VPN server pushing the LAN DNS to the clients?

Openvpn cetrainly  requires that you push a DNS address, for example the following link shows opendns servers being pushed.

https://serverfault.com/questions/318563/how-to-push-my-own-dns-server-to-openvpn

Regards

Richard

 

 

 

Superuser
Superuser
Posts: 6,951
Thanks: 989
Fixes: 60
Registered: ‎30-07-2007

Re: Android VPN - DNS woes

So.. clearly I need my dns requests to go to my Win7 machine but despite being connected by VPN it's not working and is somehow using it's usual 4G to the normal internet - which I understood to be completely overridden by VPN.

@7up the default setting for the Android VPN client only seems to route VPN traffic down the VPN.

If you want to route ALL traffic down the VPN , check Advanced options and enter 0.0.0.0/0 in the Forwarding Routes box. You might also need to enter a DNS server IP. At least that's how I do it to get all traffic routed through a VPN to the office when I need to...

RobPN
Seasoned Pro
Posts: 1,293
Thanks: 278
Fixes: 4
Registered: ‎17-05-2013

Re: Android VPN - DNS woes


@MisterW wrote:
... the default setting for the Android VPN client only seems to route VPN traffic down the VPN.

If you want to route ALL traffic down the VPN , check Advanced options and enter 0.0.0.0/0 in the Forwarding Routes box. You might also need to enter a DNS server IP. At least that's how I do it to get all traffic routed through a VPN to the office when I need to...


@MisterW

Hmm ...

That's interesting and something I didn't realise.

I've just recently set up a couple of 'private' VPNs (to mine and my brothers DrayTek routers) using 'L2TP/IPsec PSK' on my Samsung phone (with Android 7) using the stock VPN client in the belief that I would then be safe using any unsecured public Wi-Fi I may come across.

Simply checking my IP address using a browser shows it to be that of whichever DrayTek VPN I select.

I've not used it yet other than for testing purposes, but it seems I'd better do some more research on this.  Undecided

Superuser
Superuser
Posts: 6,951
Thanks: 989
Fixes: 60
Registered: ‎30-07-2007

Re: Android VPN - DNS woes

That's interesting and something I didn't realise.

Neither did I at first.

I discovered it (well certainly using the PPTP client) when I was trying to use the office VPN from Portugal. It was still using the DHCP (router) allocated DNS. Adding the route to forward basically everything and forcing the DNS server for the office ISP fixed it

Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes


@RichardB wrote:

Hi 7up,

Have you tried a DNS leak test on the phone?

https://www.dnsleaktest.com/

Ít should show which DNS the phone is using.

Is your VPN server pushing the LAN DNS to the clients?

Openvpn cetrainly  requires that you push a DNS address, for example the following link shows opendns servers being pushed.

https://serverfault.com/questions/318563/how-to-push-my-own-dns-server-to-openvpn

Regards

Richard 


Done the leak test (thanks) all the dns servers show up as google. Additionally when i fired up wireshark using the filter (ip.addr == 192.168.1.206) && (dns) I saw that all the dns requests were being sent to 8.8.8.8 - google.

So.. I changed the dns on my phone to the plusnet router - 192.168.1.254 and suddenly dns requests were going straight to the router. So then i changed that to 192.168.1.253 to see what would happen. DNS started going back to 8.8.8.8 again showing that android is somehow aware of dns servers that don't exist - not a single request went there according to wireshark.

When I tried using my nameserver on the same machine as the vpn endpoint - 192.168.1.2 - lookups fail completely - using a dns query app.

 

So android is doing something interesting. It's seems that it's detecting the default gateway in the reply to the stock vpn clients dhcp broadcast and using that as the nameserver (completely ignoring the dhcp broadcast's dns) and defaulting to 8.8.8.8 for anything other than the default gateway. Wireshark didn't see a single request to 192.168.1.253.

Also I have a hunch that windows itself as the vpn endpoint is bypassing its own local access to the ethernet / windows sockets and redirecting it all out to the router because even using the IP Tools app on my phone and manually querying my own dns server see's a failure yet it will happily query the router. On Wifi it will successfully query my dns server.

As for my vpn server pushing the DNS.. no idea, it's the windows 7 stock offering but i would assume so as it does offer DHCP ip assignment so I would assume that it also supplies the windows dns settings (or maybe it's sending the gateway instead? - as seen in network and sharing..). Even then, I have a custom DHCP server too and when opting to use that instead and that definitely does supply dns in it's reply but again, android ignores that.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes


@MisterW wrote:

So.. clearly I need my dns requests to go to my Win7 machine but despite being connected by VPN it's not working and is somehow using it's usual 4G to the normal internet - which I understood to be completely overridden by VPN.

@7up the default setting for the Android VPN client only seems to route VPN traffic down the VPN.

If you want to route ALL traffic down the VPN , check Advanced options and enter 0.0.0.0/0 in the Forwarding Routes box. You might also need to enter a DNS server IP. At least that's how I do it to get all traffic routed through a VPN to the office when I need to...


Like RobPN I also didn't realise that - I did once ask about VPNs ages ago here on the PN forum asking exactly how the traffic routing works and from memory, was assured by a couple of folks that ALL traffic was automatically routed via the VPN once it was active. Anyhow i've input that routing address you've given me but sadly android STILL refuses to use the specified DNS. With that said, when i manually query my dns server from my phone the IP Tools app still can't get a reply from my dns server - which works fine for every other machine that isn't VPN connected.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes

Ok I've made some progress with this after re-reading something i found on google which made me stop and think about packet forwarding..

Packet forwarding is active on my PC (windows network bridge took care of that automatically as i have a wifi card used for AP mode sometimes which is bridged to my ethernet adapter). Anyway.. I suddenly wondered what would happen if i ran my dns server on another machine on the network - would VPN dns lookups work / reach that?

So.. I fired up the vacuum cleaner that resides on 192.168.1.1 and started my custom dns server on that. Tested dns requests using IP Tools on my phone - successful - I wasn't expecting that. So.. modified the VPN to use that dns.. that also works!

So.. It IS NOT android at fault after all. It's either the Microsoft VPN server that is bundled with windows OR my dns server needs has a problem with it's bindings. I will investigate further and keep you updated but in the meantime for the googlers that are reading, it wasn't android at fault.

 

EDIT: After installing simpleDNS on 192.168.1.2 and firing up the vpn on my phone, DNS still does not work so its looking to be a MS VPN server hiccup.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes

Now tested with netbook tethered to phone, VPN established on netbook, still no dns resolution on 192.168.1.2 so definitely not android's fault.

I'm pretty certain now that this is a MS glitch as the dns running on that machine is a commercial one - simpleDNS - with my custom written one running on 192.168.1.1 - which does reply.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes

Looks like this is a definite (and undocumented) MS bug. I've just swapped around.. setup the vpn server on 192.168.1.1 and adjusted the router... VPN'd in ok, get an internal lan IP.. but then cannot perform dns resolution on that same machine.

If I do a DNS request to 192.168.1.2 (the original machine) it works - the vice versa of the previous attempts.

Now I'm stumped! What is the point of a VPN that doesn't allow you to access internal intranet names? Bonkers. I can't have two machines running just on the off chance i need to access one site... that's madness.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes

In an act of desperation i've now tried connecting the phone via Wifi.

Same useless results.

MS have a VPN server bundled with windows that is only really good for file sharing and a basic proxy to the internet and nothing else.

Hopefully this thread might save someone else out there via google, hours of frustration.

I need a new signature... i'm bored of the old one!
RobPN
Seasoned Pro
Posts: 1,293
Thanks: 278
Fixes: 4
Registered: ‎17-05-2013

Re: Android VPN - DNS woes

@7up

Out of my depth here regarding running VPN servers, but could it be firewall issue?  If you think that suggestion's possible, maybe try disabling your firewall temporarily on the problematic PC?

Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes

I did try disabling the firewall but that made no difference.

From what I can work out, windows VPN / PPTP server doesn't like routing udp packets to the machine it's on but prefers to spit them out onto the network and forget about them rather than analyze them and act on them. It's odd considering MS are experts in networking and virtual networking but there you go.

In theory I could use a raspberry pi as the vpn endpoint so my dns and dhcp solutions still work but again it's a second machine powered up to bodge a - which isn't ideal.

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 14,439
Thanks: 728
Fixes: 12
Registered: ‎01-08-2007

Re: Android VPN - DNS woes

UPDATE:

 

I've just got a power supply for my mini-itx board which (thanks to an old noisy ATX PSU) has windows XP installed on it. So now i've got it completely quiet, i've turned that on and setup the VPN and dns server on that.

Guess what? It kind of works.

My DNS server is able to see packets being sent in and it even sends replies back.. BUT.. the replies are not seen by the phone - more investigation clearly needed there..

Anyway for whatever reason, after a bit of random tinkering (eg going into windows firewall and cancelling back out etc) WinXP decided that it would allow dns packets to be seen on the local system instead of ignoring them and spitting them out onto the network.

So it looks like there is definitely a hiccup with Windows7 - switched back to that and tried there and nothing again.

Now i just need to find out what is happening to the replies as they're not making it back down the VPN to my phone despite being broadcast..

I need a new signature... i'm bored of the old one!
Moderator
Moderator
Posts: 19,219
Thanks: 2,140
Fixes: 341
Registered: ‎11-01-2008

Re: Android VPN - DNS woes

Have you tried setting up an OpenVPN server on your Win 7 machine?

Customer / Moderator / If it helped click the thumb / If it fixed it click 'This fixed my problem'