OpenVPN
Name resolution not refreshed after "power hibernate-restore" on OpenVPN client PCs
I have an OpenVPN server inside a LAN, which accesses the Internet via a NAT router:
Server IP: 192.168.254.254
Router IP: 18.143.175.x
Server domain name: vpn.foo.com
Inside the LAN, the local DNS resolves vpn.foo.com to 192.168.254.254, while all outside DNSes resolve it to 18.143.175.x. The OpenVPN client configuration is like:
client
remote vpn.foo.com 81 tcp4
Note that inside the LAN, computers can also access 18.143.175.x:81-->192.168.254.254:81.
All OpenVPN clients can access each other(client-to-client) whether inside or outside the LAN. But in addition when a client is outside, the server will push a route to it via the "client-connect" script. Please see:
Server configuration file Server "client-connect" script Clent configuration file
Now is the problem: I have a laptop PC, after connected successfully with vpn.foo.com(18.143.175.x) ouside the LAN, directly set power hibernated. Then I moved the PC inside the LAN, having its power restored, and getting a LAN IP and DNS via DHCP. Now I hope OpenVPN could use the new DNS to resolve vpn.foo.com to 192.168.254.254, but it didn't, still using the old IP 18.143.175.x to make the connection. Thus the server still pushed the route to me, which made a confusion inside the LAN.
Server side: CentOS Stream 9, OpenVPN 2.6.10 Client side: Windows 11 23H2, OpenVPN GUI 11.48.0.0, OpenVPN 2.6.10 , DCO Virtual Adapter
Connected outside the LAN, then power hibernated, then went inside the LAN, then power restored: outside-hibernate-inside-restore.log
Inside the LAN, normally connected, the LOG should be: inside-normal.log
@schwabe Thanks!
I've finally figured out a way to solve this problem - setting a netfilter rule to reject connections from public IPs of local network! Thus when connection fails, OpenVPN will try to make a reconnection, which will resolve the server's domain name.
The nftables rule at the filter chain is like this:
ip saddr @LOCAL_PUB_ADDR tcp dport @VPN_PORT drop