Hi, For some time I have had an issue with openconnect on Windows (Windows 10 pro Version 1803 but also the previous Creators edition). I don't know if others are affected. The symptoms of this are slow browsing. Investigating further in developer tools I see that each DNS lookup was taking 8 seconds (until cached)! This was so annoying I used to disconnect the VPN to be able to use my browser but I eventually found the problem and a solution. Firstly I tried a number of things suggested on forums: disabling ipv6 (command line and in the TAP), removing vEthenerNet (DockerNAT) adapter and disabling hyper-v, and disabling smart DNS as described here https://www.ovpn.com/en/blog/deactivate-smart-multi-homed-name-resolution-in-windows-8-8-1-and-10/. Recreated the TAPs (worked for a while, you'll see why below) Apart for the temporary fix of recreating the TAPs, nothing worked. Looking more carefully at the TAP adapters there were two DNS Servers defined. One of which was unreachable! Apparently Windows is not smart enough to workout that a DNS server that can't be resolved should be ignored. Initially I thought this was our VPN setup but in fact it turned out we only had one DNS server per VPN (we have multiple separate VPNs: dev, test, prod etc ). What was happening was that when connecting, the script vpnc-script-win.js was adding the DNS entries. for (var i = 0; i < dns.length; i++) { run("netsh interface ip add dns \"" + env("TUNDEV") + "\" " + dns[i] + " index=" + (i+1)); And if a tap adapter was reused for another VPN the DNS entry remained and caused the problem. Manully removing the unresolvable address solved the slow DNS lookup. I guess most people won't see this because they have one VPN, don't use windows or a dedicated TAP for each VPN. With multiple VPNs the problem can happen at any time (I try to specify the TAP adapter to use in my windows bat files but if I connect with the GUI it is not specified and just chooses a free one - I guess there is a way to do it with the GUI as well). I think a better option is to modify the script to remove the DNS servers before adding the new one(s): e.g. if (env("INTERNAL_IP4_DNS")) { var dns = env("INTERNAL_IP4_DNS").split(/ /); for (var i = 0; i < dns.length; i++) { run("netsh interface ip add dns \"" + env("TUNDEV") + "\" " + dns[i] + " index=" + (i+1)); } } becomes: if (env("INTERNAL_IP4_DNS")) { var dns = env("INTERNAL_IP4_DNS").split(/ /); run("netsh interface ip delete dns \"" + env("TUNDEV") + " all"); for (var i = 0; i < dns.length; i++) { run("netsh interface ip add dns \"" + env("TUNDEV") + "\" " + dns[i] + " index=" + (i+1)); } } This seems to solve the issue permanently. Maybe something to add in the script? cheers Mark
