Gert, am Wed, Oct 16, 2013 at 03:37:01PM +0200 hast du folgendes geschrieben:
As expected, connecting using OpenVPN profiles that have IPv4-literals in there ("server 1.2.3.4") fail. Don't do that, then.
there is one instance where this is actually needed: if split DNS is in use and the resolvers are not available from outside the tunnel and if you're on Linux (the latter is a guess, and I only tested with resolvconf present). In this case, when the client loses its tunnel, the DNS servers are not reset to the non-VPN ones. OpenVPN will do a fresh DNS lookup for the VPN server to a now unreachable DNS server, which fails. Hence the tunnel will not come back up. That's the reason why we opted for IPv4 literals in the OpenVPN deployment at my alma mater. Kind regards Philipp Kern