Default DNS Server not switched after connecting to OpenVPN
Add to the client configuration file (the file with extension .ovpn) downloaded from the OpenVPN server the line:
dhcp-option DOMAIN-ROUTE .
As you know, before adding this line, in Ubuntu 18.04 you must install update-systemd-resolved
scripts as described in https://github.com/jonathanio/update-systemd-resolved
If it still does not work, perhaps you must add your internal DNS server too. Check the lines you add at the end of the .ovpn file looks like:
script-security 2
dhcp-option DNS 10.1.0.1 # replace this IP with your DNS server IP.
dhcp-option DOMAIN yourinternaldomain.local # replace this with your internal domain name.
dhcp-option DOMAIN-ROUTE .
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
If you use the UI (gnome) to connect
Last, if you are using the UI VPN Icons to connect to your VPN, you must re-import the .ovpn modified file.
To do that execute in a terminal:
sudo apt install openvpn openvpn-systemd-resolved resolvconf
sudo apt install network-manager-openvpn network-manager-openvpn-gnome
Click in Ubuntu start menu:
Type the word "network" and click on Network. It should show somthing like:
Click in the "+" sign on VPN and click in "import from file" option:
Once imported, add a name and click the "add" button at the top right of the dialog.
You are all set!
To connect to the VPN, click in the network icon and after that in the lock icon.
Related videos on Youtube
Sven Eppler
Updated on September 18, 2022Comments
-
Sven Eppler over 1 year
I'm using a OpenVPN connection between my laptop and my server. The configuration was working until today (i simply ran
apt update && apt upgrade
), but since then my DNS settings are "wrong" after connecting to the OpenVPN.After connecting to the OpenVPN Server, i have two "catch all" DNS Domain entries (
DNS Domain: ~.
) in mysystemd-resolve
configuration.Stripped output of
systemd-resolve --status
:Link 11 (tun0) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 192.168.X.Y DNS Domain: ~. Link 2 (enp0s25) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 10.16.X.Y 10.16.X.Y DNS Domain: ~.
Therefore DNS queries now aren't savely tunneled through the VPN but also may be transfered via the normal network.
This leads to a DNSLeak and even worse: VPN-Internal Hostnames aren't resolved correctly (every now and then).
I only know of options to add the
DNS Domain: ~.
entry to the tun0-Interface for resolved. But how do i remove an already existing one from the real interface?I'm already using this config to update systemd-resolved in my OpenVPN client.conf:
# Upate systemd-resolvd up /etc/openvpn/update-systemd-resolved down /etc/openvpn/update-systemd-resolved down-pre dhcp-option DOMAIN-ROUTE .
Anybody got an idea how to solve this?
// Update: Looks like this is a longer known problem with NetworkManager starting to attach the root DNS Domain to links at random. There is an interesting discussion about it in a GitHub Issue in the repo of the developer of the
update-systemd-resolved
script.// Probably this commit to NetworkManager broke it. Since it introduced the default dns route for all interfaces behavior.
-
Jose Armesto over 4 yearsdid you solve it? I'm having the same issue
-
Sven Eppler over 4 yearsThe original issue seems to be still pending on Network-Manager. But they even may never fix this. I just added a script which overwrites the DNS-Settings via the
systemd-resolved --set-domain "XXX" --interface enp0s25
in my Connect-To-Vpn-Script. -
Jose Armesto over 4 yearsis your script invoking openvpn? would you share it?
-
-
Sven Eppler over 4 yearsThanks for your elaborated answer. But as stated with updates in my original post, this is not an issue of OpenVPN Configuration and/or the
update-systemd-resolved
script. It's just NetworkManager misbehaving by adding the default Route randomly to interfaces. See this discussion: github.com/jonathanio/update-systemd-resolved/issues/59 -
pabloa98 over 4 yearsIndeed it is. The fix was not backported to Ubuntu 18.04. Until that is done we will have to deal with workarounds. I hope they fix it in 18.04 soon.
-
Mohammed almost 3 yearsActually, this helped me, by enabling resolved config so that it does not fall back to /etc/resolv for DNS lookup was a nice fix after modifying the
/etc/nsswitch.conf
. I don't have a ton of networking experience but after setting up an OpenVPN client-server the DNS route for some reason would break on a RasPI.