OpenVPN is a free to use open-source VPN protocol which uses the infrastructure of virtual private network (VPN) techniques to establish safe site-to-site or point-to-point connections.
It helps to ensure that any data sent over the internet is encrypted and private.
Sometimes, when the setup of OpenVPN is not done properly, an error such as "cannot resolve host address" is triggered.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to solve OpenVPN connection errors.
In this context, we shall look into this what causes this error and how to get rid of it in a snap.
What triggers OpenVPN error "Cannot resolve host address" ?
Sometimes, VPN users experiences this error in the process of establishing a connection to OpenVPN. This error signifies that the DNS servers refused to resolve the hostname. When you check the server logs, you will see a more detailed message which explains the nature of the problem as shown below;
2020-01-25 20:19:01 MANAGEMENT: >STATE:1489260308,RESOLVE,,,
2020-01-25 20:19:01 RESOLVE: Cannot resolve host address: vpn.xx.xx.xx.xx.com: nodename nor servname provided, or not known
Now let us look at the causes of this error and possible fixes.
Causes and fixes of OpenVPN error "Cannot resolve host address"?
Below are the possible causes and solution to this error;
i. Firewall restrictions
A common reason for this error is in a case where the local firewall is blocking the connection to the OpenVPN server. However, the set firewall rules can hinder the DNS connections on the system. In the same way, the system antivirus program can also be determining factor which can distrupt the VPN functionality.
In this case, our Support Experts temporary disable the security applications and the Antivirus program one by one. Thus, we can determine which application is blocking the connections and fix its settings.
Additionally, we ensure to allow the following in firewall.
Loop backup interface or hostname itself.
Interface created by OpenVPN.
UDP packets on port 53 for DNS queries.
Finally, we ensure that the ports required for the OpenVPN to communicate are open and added in the router's settings.
ii. Incorrect hostname
In other case, a typo in the hostname or an inactive host specified in the OpenVPN settings can result to this error.
To start, our Support Experts confirm whether the host is active by running the ping command;
Next, we check the DNS connectivity of the hostname by running the dig and nslookup commands;
Now, we confirm that whether the customer uses a valid and correct hostname.
If we find any problems with the hostname, we will ensure that the hostname is accurate. Alternatively, ensure that the explicit IP address is used in place of the domain name.
iii. DNS servers
If the above methods does not work then this error can be as a result to the DNS settings.
This happens when DNS servers does not resolve to the server name which is suppose to translate it to the IP address. This can be due to DNS spoofing in some countries that censor websites. This means that DNS servers in these countries refuse to resolve the hostname or provide the wrong IP address leading to a dead link.
To fix this, you need to switch the DNS servers on the computer to the ones outside the censored country. There are many free DNS servers available such as Google, OpenDNS, many others which you can easily do a research about. Below are Google and OpenDNS DNS;
Google DNS : 126.96.36.199 and 188.8.131.52
OpenDNS server : 184.108.40.206 and 220.127.116.11
For Instance on a Mac system, we can change the DNS servers from "System Preferences > Network > Select the connections through which you connect > Advanced > DNS > DNS servers > Update the new DNS servers > OK > Apply".
It is also important to change the network adapter settings as well.
iv. OpenVPN client configuration
Also, this error can also be caused by misconfigured OpenVPN client configuration. A sample OpenVPN configuration looks like this.
remote vpn.xx.xx.xx.xx.com 1194
A single wrong entry in this file can affect the functionality of the VPN service. In this case, try to implement the correct entries to this file to fix this error. Alternatively, you can switch the protocol from TCP to UDP in the configuration to solve the issue.
v. Incorrect host file entry
In other cases, Errors in the "/etc/hosts" file of your system may result in this error. Originally, the localhost entry should be in the "/etc/hosts" file of your system, so that localhost name can be resolved. Missing localhost entry or typo mistakes in this file will create problems.
Therefore, you need to use the correct "/etc/hosts" entry details with the format below;