Setting DNS servers using OpenVPN client config file

windows networking vpn openvpn
148,521

Solution 1

You can use batch script to do this, something like the following. It assumes your home DNS servers are 1.1.1.1 and 2.2.2.2 and your VPN DNS servers are 8.8.8.8 9.9.9.9:

vpn-connect.bat:

netsh interface ip set dns "Local Area Connection" static 8.8.8.8

netsh interface ip add dns "Local Area Connection" 9.9.9.9

vpn-disconnect.bat

netsh interface ip set dns "Local Area Connection" static 1.1.1.1

netsh interface ip add dns "Local Area Connection" 2.2.2.2

I was going to include in these scripts methods of connecting and disconnecting, however I do not see an option in OpenVPN to disconnect via command line. If you wish to automate connection, this should work:

C:\Program Files\bin\openvpn.exe C:\Program Files\conf\client.ovpn

Solution 2

You can add the following to the client config file. 

dhcp-option DNS <dns_server_ip_address>

On the server side it would have been :

push "dhcp-option DNS <dns_server_ip_address>"

It seems it's using dhcp-option on both sides. You can do the same with route.

Solution 3

In addition to either of the two below:

dhcp-option DNS <dns_server_ip_address>          (add to client config)

or

push "dhcp-option DNS <dns_server_ip_address>"   (add to server config)

Add these to the client config as well, to force Windows to use the configured DNS:

register-dns
block-outside-dns

The 1st forces Windows to prefer the configured DNS server over any other it may have received from DHCP. The 2nd prevents DNS leakage to any DNS server other than the configured one.

Solution 4

Apparently there is problem with a faulty binding order in Windows, at least including Windows 2000/XP/7. This will cause Windows OpenVPN clients to use the default network adapter's DNS settings rather than the VPN adapter's settings.

To fix this you need to place your VPN TUN or TAP device above your local network adapter in the bind order:

  1. Identify your VPN device by looking at the output from ipconfig. For me this was "Local Area Connection 2". Remember your IP address for this adapter.
  2. Open regedit.exe and find the key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces which matches your VPN adapter's IP address. Remember the GUID for this adapter.
  3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage and double click on Bind. This will contain a list of GUIDs for the adapters. Cut and paste the line corresponding to your VPN device's GUID to the top of the list and save the list.

This will cause the DNS entries for your VPN device to be used (and only while the VPN connection is active). You can set them according to the answer by @brunoqc. While you're at it, you should probably also add the openvpn option block-outside-dns, to ensure that DNS queries are not leaking.

This answer is based upon this very useful blog post.

Share:
148,521

Related videos on Youtube

Fahad Yousuf
Author by

Fahad Yousuf

Updated on September 18, 2022

Comments

  • Fahad Yousuf
    Fahad Yousuf over 1 year

    How can I set DNS servers on the client using only the client configuration. My client is a windows machine and I want to change the DNS servers when the client connects and revert back to the original configuration when I disconnect from the VPN.

    All information I have found so far refers to pushing the DNS configuration to the client using the server's config but in this case I can't change the server configuration and am currently doing it manually every time I connect to the VPN. An openvpn config option to set the local machines DNS servers for the duration of the connection would be great.

  • Shea
    Shea almost 8 years
    This didn't work for me though it seems like it should. The option wasn't in the generated client.ovpn. When I add it, it still doesn't work. Running from an Asus RT-N66U with stock firmware 3.0.0.4.376_3861
  • Michael Kargl
    Michael Kargl about 6 years
    I added this to my .ovpn file just before the <ca> tag and it worked splendnidly! Thank you! I tested this on my windows machine with OpenVPN 2.4.4 Windows version 6.2
  • SeriousM
    SeriousM about 6 years
    That worked pretty well! Thank you sir for writing this guide
  • Antonio Rodríguez
    Antonio Rodríguez over 3 years
    You may need to add register-dns to make it works, as said by @Duke Nukem.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Multiple OpenVPN connections from one client to one server - connection reset
VPN can't connect properly
OpenVPN failed connection / All TAP-Win32 adapters on this system are currently in use
Send all OpenVPN traffic through proxy or TOR proxy?
OpenVPN setup with PIA - Connects but no internet
AEAD Decrypt error: bad packet ID on openvpn using UDP
How to auto(re)connect to openvpn connection?
Ubuntu 17.10 - OpenVPN TAP - Help
OpenVPN client not getting DNS information
Connected to OpenVPN Server but can't SSH