OpenVPN client not getting DNS information
I had the same problem but managed to solve it using the following hack:
Instead of up /etc/openvpn/update-resolv-conf
I created a file named up.sh in /etc/openvpn.
Run the command sudo gedit /etc/openvpn/up.sh
and paste the following:
#! /bin/bash
DEV=$1
if [ ! -d /tmp/openvpn ]; then
mkdir /tmp/openvpn
fi
CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"
echo -n "" > $CACHE_NAMESERVER
dns=dns
for opt in ${!foreign_option_*}
do
eval "dns=\${$opt#dhcp-option DNS }"
if [[ $dns =~ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then
if [ ! -f /etc/resolv.conf.default ]; then
cp /etc/resolv.conf /etc/resolv.conf.default
fi
cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf
echo "nameserver $dns" >> /tmp/resolv.conf
echo $dns >> $CACHE_NAMESERVER
cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf
mv /tmp/resolv.conf /etc/resolv.conf
fi
done
Save it and run sudo chmod +x /etc/openvpn/up.sh
Then create another file /etc/openvpn/down.sh
and paste the following in it
#! /bin/bash
echo "Restoring original nameservers"
rm -f /etc/resolv.conf
ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
echo "Done restoring nameservers cheers"
Save it and run sudo chmod +x /etc/openvpn/down.sh
Now remove the lines:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
And replace them with:
script-security 2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
Related videos on Youtube
lorandsm
Updated on September 18, 2022Comments
-
lorandsm over 1 year
I'm using an OpenVPN server running on a router installed with DD-WRT and I'm using it to route all traffic through the VPN server. I'm connecting to it from several devices: Windows laptop, android devices and linux machines. The problem I have now is recent and previously everything worked fine. This problem happens only on the client machines with linux (ubuntu 16.04). The ubuntu client doesn't get the DNS server addresses automatically. After some research, I've found out that I should add the following to the end of the client config:
script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf
This didn't help so I've added also:
dhcp-option DNS a.b.c.d dhcp-option DNS e.f.g.h
The IP's are taken from the router and it makes things working. Until now it was enough to have "redirect-gateway def1" in the client config.
I don't like this solution of adding the "dhcp-option DNS" commands because I have to watch for any changes of the DNS server. Is there any way to get rid of adding "dhcp-option DNS" option?
-
Thomas Ward over 6 yearsThis is actually less of an issue with the 'client' not getting DNS than 16.04 not playing nice with OpenVPN. This is a known bug that's been on the radar for a long while and has yet to be resolved. (resolved in systemd does not behave right, and it's less a
resolv.conf
issue and more of adnsmasq
problem which actually handles handing data off to DNS servers from local requests, as well as caching) -
Richard Hurt over 6 yearsDo you have any more information on this bug? Is there an issue number I could follow? Are there any workarounds?
-
-
lorandsm over 6 yearsIt would have been a good idea to use such a script to update resolv.conf but when playing with it, I've realized that foreign_option_1, foreign_option_2 and foreign_option_3 contain nothing, so it seems to me that the vpn client is not receiving the DNS information but in that case I don't understand how it works on the other devices.
-
Garikai Dzoma over 6 yearsRemember the variables are not global, they are only available within the shell in which you run openvpn and during the time when the process is running so the script has to be called from within the openvpn configuration to demonstrate this I created a script
show_dns
with the following lines:#!/bin/bash echo $foreign_option_1 echo $foreign_option_2 echo $foreign_option_3
and it will show you the DNS servers being pushed by the server. Just remember to invoke it by appending the linesscript-security 2 up /etc/openvpn/show_dns
within your openvpn configuration