SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004532: 2.5.1 DNS issue openvpn - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004532Endian FirewallOpenVPN Client and Serverpublic2013-02-19 05:312013-04-07 16:40
0004532: 2.5.1 DNS issue openvpn
I have installed 2.5.1 several times now on different hardware and version 2.5.1 will not push DNS serves to clients. Clients can ping and get to servers by IP but not FQDN. If I install 2.5.0 it pushes the DNS servers every time. It looks to us that the OpenVPN version is the same in both versions so why does one version push DNS and the other does not?

Any suggestions before I rebuild to 2.5.0?
Install 2.5.1 with same OpenVPN settings and firewall rules as 2.5.0.
No tags attached.
Issue History
2013-02-19 05:31d072330New Issue
2013-02-20 18:33d072330Note Added: 0008384
2013-03-27 17:09richardskNote Added: 0008405
2013-03-27 17:13richardskNote Edited: 0008405bug_revision_view_page.php?bugnote_id=8405#r27
2013-03-27 17:14richardskNote Edited: 0008405bug_revision_view_page.php?bugnote_id=8405#r28

2013-02-20 18:33   
Work around:

Add these lines for each DNS server you want to push to


push "dhcp-option DNS 10.X.X.X"
push "dhcp-option DNS 10.X.X.X"

Then when you restart the OpenVPN server the changes stick in /etc/openvpn/openvpn.conf
2013-03-27 17:09   
(edited on: 2013-03-27 17:14)
Where are these client authenticating from, locally or thru LDAP?
I've found that the username characters case is a issue for VPN and also using # character as the first character in your password.


Username- Doej vs doej - Doej gets no DNS options while doej gets a different IP address and gets DNS options. Theoretically they are the same user but Endian doesn't see it that way, just the beauty of unix at work.

Password- #Joedoe1 - Pound/Number sign causes Endian to ignore password submitted. Maybe because pound is the character to notify system to ignore or treat following as a comment.