Change default DNS on openvpn connect

ubuntu dns vpn networkmanager openvpn
19,902

Solution 1

Lightweight DNS seems like a best option as noted by @peterph. This is because /etc/resolv.conf can only really handle one DNS.

So I think dnsmasq is the best option on Linux. I used this on CentOS 6, but configuration should be similar on anything.

  • Install with something like yum install dnsmasq (or apt-get install).
  • Start dnsmasq (just to test) service dnsmasq start. You might need to stop and disable other DNS servers if you have any (check what is running on DNS port: netstat -aonp | grep ":53").
  • Edit /etc/dnsmasq.conf
    • Nice to have (see man dnsmasq for description):
      • domain-needed
      • bogus-priv
      • strict-order
      • no-resolv
    • Setup servers for sepcifc URLs.
      • syntax is server=/some URL base/dns server IP
      • e.g: server=/example.com/192.168.0.1 -- ask DNS server on 192.168.0.1 for *.example.com.
    • Add other, generic servers. E.g. google servers:
      • server=8.8.8.8
      • server=8.8.4.4
    • Optionally disable lookup cache (to avoid caching problems when some server got disconnected or something):
      • cache-size=0
  • Reload configuration service dnsmasq restart.
  • Set DNS for NetworkManager (if you use that)
    • Edit /etc/sysconfig/network-scripts/ifcfg-* (change DNS1: DNS1=127.0.0.1).
    • Restart: /etc/init.d/network restart.
  • Test domains with dig or nslookup.
  • Run service on boot: chkconfig dnsmasq on (note that chkconfig is CentOS/RedHat specific, use update-rc.d for most others).

Solution 2

  1. As for the server configuration, OpenVPN server should issue something like

push dhcp-option DNS XXX.XXX.XXX.XXX

push dhcp-option DOMAIN mylocaldomain.local

(see more details here). XXX.XXX.XXX.XXX is your DNS-server, mylocaldomain.local is your local domain. Can be easily found in OpenVPN client output (dhcp-option DNS ...,dhcp-option DOMAIN ...) when you start it on your local machine.

  1. OpenVPN client should update the resolv.conf (tested on 14.04)

$ sudo openvpn --config client.ovpn --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --script-security 2

Solution 3

While this is something that is usually done on the server as mentioned in the comments, there might be cases where you only want to use the VPN's DNS for queries inside of the VPN. In that case you'd probably want to run a lightweight DNS daemon on your system and instruct it where to send what query. If you are in several VPNs at once this is basically a must.

Share:
19,902

Related videos on Youtube

Daniel
Author by

Daniel

Updated on September 18, 2022

Comments

  • Daniel
    Daniel over 1 year

    I am using Network Manager on Ubuntu 12.10 to connect to an openvpn server. The connection works without problems. However, when I connect, I would like to change my default DNS server to a server on the vpn network. That way I can use domain names that are only defined on the vpn network. Is there a way I can make this automatic with Network Manager?

    I can also change settings on the openvpn server if that is the way I need to go.

    Thanks!

  • Nux
    Nux over 4 years
    My vote would dnsmasq because it is very easy to setup and even pre-installed on some systems. Described in my answer in detail.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

List all DNS Servers, including those pushed by VPN
OpenVPN client not getting DNS information
openconnect is connected but does not use the right dns
Network only using one DNS when connected to VPN
Ubuntu 18.04 systemd-resolve doesn't read the /etc/resolv.conf properly
DNS issues on Ubuntu 12.04 with OpenVPN
How to configure ufw-firewall for OpenVPN
Resolve names on OpenVPN server side?
Enable DNS Hostname resolution with OpenVPN and DNSMasq
openvpn - How to set client to use local gateway? aka use connection for resources on its network only