By using AWS re:Post, you agree to the AWS re:Post Terms of Use

DNS not working after connecting to AWS VPN on MacOS

0

Hi everyone,

I had this setup working for a couple of weeks but now suddently it stopped working. Basically, I can connect to the AWS VPN using the AWS VPN Client, but as soon as I connect, the DNS stops working and I cannot resolve anymore. I can perfectly ping external IPs, so I do have connection. I can also ping EC2 instances in my VPN. The problem is that the DNS on my MacOS stopped working.

I have a co-worker using the Windows client and it works for him. Another co-worker, also on Mac and it works. So there is something in particular with my machine.

If I run scutil --dns I can see something like:

DNS configuration

resolver #1
  nameserver[0] : 10.0.2.1
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

Same IP is written in /etc/resolve.conf. Notice that it is not even the same IP every time I connect to the VPN. For example, once I got 10.0.0.1 as well. In that other coworker on Mac where it works, the /etc/resove.conf is not changed at all. It keeps the original value before connecting to the VPN.

The command nslookup www.amazon.com answers:

;; connection timed out; no servers could be reached

I also tried adding DNS servers on the VPN Client endpoint. I tried adding 10.0.0.2 as the DNS server. But still, nothing changed.

Of course, if I go to the Network settings on the Mac, I go to the Wifi connection, then to the DNS section and change 192.168.7.1 (my correct DNS before connecting to the VPN) to 8.8.8.8 (Google's DNS), then everything works. But this is a workaround. I want to understand what is going on and find a correct solution. Same thing if I execute in the terminal networksetup -setdnsservers "Wi-Fi" 8.8.8.8

I also got into the log directory and did a grep -R "DNS" and I got this:

./aws_vpn_client_20230510.log:; EDNS: version: 0, flags:; udp: 512
./aws_vpn_client_20230510.log:2023-05-10 10:24:46.907 -03:00 [DBG] Starting DNS monitoring thread for Mac
./aws_vpn_client_20230510.log:2023-05-10 10:24:46.913 -03:00 [DBG] DNS servers for OpenVPN with pid 7920: 
./aws_vpn_client_20230510.log:2023-05-10 10:24:46.914 -03:00 [DBG] DNS is not configured for this connection. Quit DNS monitoring thread
./aws_vpn_client_20230510.log:2023-05-10 10:24:46.922 -03:00 [DBG] Mac DNS monitoring is already in progress. Skip

Not sure if it is useful at all.

Some details of the VPN:

  • Split tunnel is enabled
  • The CIDR is 10.0.0.0/22
  • AWS VPN Client version is 3.3.0 (latest)
  • MacOS version 13.3.1

Any ideas of what may be happening?

Thanks in advance!

2 Answers
1
profile pictureAWS
answered 2 years ago
  • Thanks for your response!

    1. I already had that fix in place but didn't help
    2. Yes, if I manually change the DNS from my router's IP to...say, 8.8.8.8 then it works. But of course, this is no the solution I am looking for.
    3. I just look at the logs. I will update the question with such findings. Thanks!
0

We had the same experience. For us the issue was the client was not updating the DNS servers that it should use when you are VPN'ed in, so it couldn't reach internal resources.

It could be as simple as you manually adding DNS entries that won't resolve things that are internal to your private network. You can make sure that there are no entries in your network DNS settings. Set it to automatic.

However, we switched to the Viscosity Client (https://www.sparklabs.com/viscosity/) which has some additional capabilities like enforcing DNS changes etc.

Hope this helps.

profile picture
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions