i´m new to pritunl and like to setup an OpenVPN-Server with pritunl. I´m quite astonished by the ease of use and the support for 2FA for OpenVPN.
However, one small problem occured during OpenVPN-Configuration. This might be an edge case:
We have three different DNS-Search domains within our network (domain1.tld, domain2.tld, domain3.tld) - these settings are not correctly pushed to the OpenVPN-Client.
If i click under “Add Server” → “DNS Search Domain” this is what happens when the client connects:
If i configure just one Domain (domain1.tld), the client is able to resolve dns queries for domain1.tld. So this works as expected. Under Windows the ip configuration shows under “connection-specific DNS suffix” the domain1.tld.
If i configure all three domains (domain1.tld,domain2.tld,domain3.tld) the client is just able to resolve dns queries for “domain2.tld” - Under Windows the ip configuration shows under “connection-specific DNS suffix” the domain2.tld.
The documentation states for the “DOMAIN”-parameter: Set Connection-specific DNS Suffix
For multiple entries one would need the “DOMAIN-SEARCH” statement. The documentation states: Add name to the domain search list. Repeat this option to add more entries. Up to 10 domains are supported.
Thank you for your feedback - now i know the limitations and can handle accordingly.
Sidenote / Feedback: The command “pritunl set app.server_search_domain domain.tld” does not seem to work - on the cli i get the response:
app.server_search_domain = “domain.tld” Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.
However, even after restarting the server (not just the service, even the whole debian system) i´ll receive the old dns suffix for my client.
I need to delete the server and reinstall it with new settings.
There seems to be no way in the web server gui to reconfigure a server. Which is very, very odd. This is real downer and i can´t imagine bringing this software “in production”.
Which is sad, because it has really nice features and has been easy to setup.
The CLI set command is primarily an undocumented function used for testing, it doesn’t report errors. There is no app.server_search_domain option. The search domain option is in the server settings that is unique to each server.
The server settings are available by clicking on the name of the server.
The DOMAIN-SEARCH option has been added to codebase and will be used when multiple DNS search domains are included. This change will be included in the next release.
my bad: You´re right. Settings can be changed easily - i did not find that way to change the settings. This changes my view quite a bit. I can live with the restriction to one DNS Search Domain.
And thanks for explaining the details from the CLI management and the outlook from the roadmap.
just want to give some feedback: I just installed the version “v1.32.3660.72 dbfaf5” from the “Ubuntu Jammy unstable” repository and now the option for multiple dns suffixes is working like a charm!
