Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

block outside dns

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
User avatar

Topic Author
marzametal
Posts: 431
Joined: Mon Aug 05, 2013 11:39 am

block outside dns

Post by marzametal » Sat Oct 20, 2018 2:33 am

Any chance of disabling server-side dns blocking?

I am still on 3.17.0.200 to avoid this issue, but it is back.

Widget eventually connects but there is no internet access after because of this server side setting. I have "# block-outside-dns" in custom.conf and ZERO options ticked and still nothing.

Please!

-----
Fri Oct 19 16:47:19 2018 us=52274 Blocking outside DNS

User avatar

parityboy
Site Admin
Posts: 1208
Joined: Wed Feb 05, 2014 3:47 am

Re: block outside dns

Post by parityboy » Sat Oct 20, 2018 6:56 am

@marza

I can't really help you on the Windows side of things, but would you ever consider delegating VPN duty to a router? That way you wouldn't have to deal with all the weirdness. :)

User avatar

Topic Author
marzametal
Posts: 431
Joined: Mon Aug 05, 2013 11:39 am

Re: block outside dns

Post by marzametal » Sun Oct 21, 2018 3:20 am

:( :(

User avatar

df
Site Admin
Posts: 406
Joined: Thu Jan 01, 1970 5:00 am

Re: block outside dns

Post by df » Thu Jan 03, 2019 8:44 pm

I'm sure you already have, but if not, you need to upgrade to the latest v3.36 widget. It fixes most DNS issues.
The --block-outside-dns option is now pushed from the server if you connect from Windows (either via the widget or OpenVPN GUI).

To tell your client to ignore that pushed setting, in the widget just disable the DNS leak prevention option, or in OpenVPN GUI add to your config:
pull-filter ignore "block-outside-dns"

EDIT:
Oh yea, the pull-filter option was added in OpenVPN 2.4.0, so if you're using an earlier version the above won't work.
But the only reason you would be using OpenVPN < 2.4.0 is if you're on 32-bit Windows, and if that's the case you should really upgrade to a 64-bit Windows.

User avatar

Topic Author
marzametal
Posts: 431
Joined: Mon Aug 05, 2013 11:39 am

Re: block outside dns

Post by marzametal » Thu Mar 21, 2019 11:40 am

Thought I'd ask a question in my old thread...

Where abouts is the list of exit nodes? I think it was called whitelist.txt?

User avatar

df
Site Admin
Posts: 406
Joined: Thu Jan 01, 1970 5:00 am

Re: block outside dns

Post by df » Thu Mar 21, 2019 11:46 am

@marzametal
The node list used by the widget is at https://cryptostorm.nu/nodelist4.txt
and an easier to read version is at https://cryptostorm.nu/nodes.txt

The whitelist that contains all the VPN IPs is at https://cryptostorm.is/whitelist.txt
and the one with all the DNS IPs is at https://cryptostorm.is/dns.txt

Post Reply