NetworkManager is not changing /etc/resolv.conf after openvpn dns pushOpenVPN Configuration SetupProblems...

Telemetry for feature health

What the heck is gets(stdin) on site coderbyte?

Giving feedback to someone without sounding prejudiced

What is the meaning of "You've never met a graph you didn't like?"

Why would five hundred and five be same as one?

What is the smallest number n> 5 so that 5 ^ n ends with "3125"?

Is there a reason to prefer HFS+ over APFS for disk images in High Sierra and/or Mojave?

Proving an identity involving cross products and coplanar vectors

If A is dense in Q, then it must be dense in R.

Determining multivariate least squares with constraint

When and why was runway 07/25 at Kai Tak removed?

If the only attacker is removed from combat, is a creature still counted as having attacked this turn?

Sound waves in different octaves

Quoting Keynes in a lecture

What does "tick" mean in this sentence?

Why can't the Brexit deadlock in the UK parliament be solved with a plurality vote?

Are Captain Marvel's powers affected by Thanos breaking the Tesseract and claiming the stone?

What's the name of the logical fallacy where a debater extends a statement far beyond the original statement to make it true?

Review your own paper in Mathematics

Is there anyway, I can have two passwords for my wi-fi

Can I cause damage to electrical appliances by unplugging them when they are turned on?

What is this high flying aircraft over Pennsylvania?

How to test the sharpness of a knife?

Would a primitive species be able to learn English from reading books alone?

NetworkManager is not changing /etc/resolv.conf after openvpn dns push

OpenVPN Configuration SetupProblems setting up a VPN: can connect but can't ping anyoneOpenVPN connection from within 2nd subnet in office?pfsense peer-to-peer OpenVPN not connectingOpenVPN web traffic routing not workingStrange OpenVPN behavior - disconnects after one minuteConfiguring OpenVPN server (Debian 8) and client (Windows 10)tls error : tls handshake failedOpenVPN and multicast routingOpenVPN Client Local LAN AccessHow to configure iptables for a dial-up VPN with OpenVPN and two interfaces?

I've got a problem which is "NetworkManager is not updating /etc/resolv.conf after openvpn connection with dns push configured".

Here's my openvpn server config: (I've changed domain name to ABC.COM for security reason ;))

########################################

# Sample OpenVPN config file for

# 2.0-style multi-client udp server

#

# Adapted from http://openvpn.sourceforge.net/20notes.html

#

# tun-style tunnel



port 1194

dev tun



# Use "local" to set the source address on multi-homed hosts

#local [IP address]



# TLS parms

tls-server 

ca keys/ca.crt

cert keys/static.crt

key keys/static.key

dh keys/dh1024.pem

proto tcp-server



# Tell OpenVPN to be a multi-client udp server

mode server



# The server's virtual endpoints

ifconfig 10.8.0.1 10.8.0.2



# Pool of /30 subnets to be allocated to clients.

# When a client connects, an --ifconfig command

# will be automatically generated and pushed back to

# the client.

ifconfig-pool 10.8.0.4 10.8.0.255



# Push route to client to bind it to our local

# virtual endpoint.

push "route 10.8.0.1 255.255.255.255"



push "dhcp-option DNS 10.8.0.1"



# Push any routes the client needs to get in

# to the local network.

#push "route 192.168.0.0 255.255.255.0"



# Push DHCP options to Windows clients.

push "dhcp-option DOMAIN ABC.COM"

#push "dhcp-option DNS 192.168.0.1"

#push "dhcp-option WINS 192.168.0.1"



# Client should attempt reconnection on link

# failure.

keepalive 10 60



# Delete client instances after some period

# of inactivity.

inactive 600



# Route the --ifconfig pool range into the

# OpenVPN server.

route 10.8.0.0 255.255.255.0



# The server doesn't need privileges

user openvpn

group openvpn



# Keep TUN devices and keys open across restarts.

persist-tun

persist-key



verb 4

As you can see it's basicaly sample config with little tuning.

Now..

On my machine (openvpn client), I can see that dns is ok:

{17:12}/etc/NetworkManager ➭ nslookup git.ABC.COM 10.8.0.1

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   git.ABC.COM

Address: 10.8.0.1



{17:18}/etc/NetworkManager ➭ nslookup ABC.COM 10.8.0.1   

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   ABC.COM

Address: 18X.XX.XX.71

openvpn logs on server side says (if I understand correctly) that DNS has been pushed:

openvpn[13257]: TCPv4_SERVER link remote: [AF_INET]83.30.135.214:37658

openvpn[13257]: 83.30.135.214:37658 TLS: Initial packet from [AF_INET]83.30.135.214:37658, sid=3251df51 915772f3

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

openvpn[13257]: 83.30.135.214:37658 [jacek] Peer Connection Initiated with [AF_INET]83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: Learn: 10.8.0.10 -> jacek/83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: primary virtual IP for jacek/83.30.135.214:37658: 10.8.0.10

openvpn[13257]: jacek/83.30.135.214:37658 PUSH: Received control message: 'PUSH_REQUEST'

openvpn[13257]: jacek/83.30.135.214:37658 send_push_reply(): safe_cap=940

openvpn[13257]: jacek/83.30.135.214:37658 SENT CONTROL [jacek]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)

openvp logs on my side:

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TCPv4_CLIENT link remote: [AF_INET]XXX.XX.37.71:1194

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TLS: Initial packet from [AF_INET]XXX.XX.37.71:1194, sid=89cc981c d57dd826

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: [static] Peer Connection Initiated with [AF_INET]XXX.XX.37.71:1194

Aug 05 17:14:00 localhost.localdomain openvpn[1198]: SENT CONTROL [static]: 'PUSH_REQUEST' (status=1)

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: timers and/or timeouts modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ifconfig/up options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: route options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: ROUTE_GATEWAY 10.123.123.1/255.255.255.0 IFACE=wlan0 HWADDR=44:6d:57:32:81:2e

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP device tun0 opened

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP TX queue length set to 100

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip link set dev tun0 up mtu 1500

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: Initialization Sequence Completed

It looks like everything's fine.

But. I checked /var/log/messages also... and I found that line:

Aug  5 17:14:01 localhost NetworkManager[761]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...

ip a returns:

5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100

    link/none 

    inet 10.8.0.10 peer 10.8.0.9/32 scope global tun0

       valid_lft forever preferred_lft forever

route -n returns:

# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         10.123.123.1    0.0.0.0         UG    0      0        0 wlan0

10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0

10.8.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun0

10.123.123.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0

So basically everything works, except the DNS being pushed... Oh! Right, and my /etc/resolv.conf:

# Generated by NetworkManager

domain home

search home

nameserver 10.123.123.1

Where's the issue?

(I have a response from Windows-user with openvpn client, that on his side DNS works fine, so it's an issue on my side.

Ok now I have another response (after I restarted openvpn service on server side) - it's not working.

I must say that it worked yesterday on my machine too.. so have I screwed up something on server? What could it be? )

Edit:
Okay, I've got another Windows-user response (the same user as before) - it's working now. So.. I guess it was caused by openvpn restart and some delays with it. I haven't done anything since then. So we're back onto my machine.

I also traced that that wierd tun0 message appeared also yesterday, and yesterday it worked. Or maybe I added entry to resolv.conf by myself? I don't remember.. (damn it)

edited Oct 8 '14 at 13:51

asked Aug 5 '13 at 16:01

jaor

205127

I have seen this happen on systems with selinux enabled and whose resolv.conf file had the wrong selinux security context. Running restorecon to restore the security context on that file resolved the issue. P.S.: it's resolv.conf, not resolve.conf

– natxo asenjo
Dec 15 '13 at 18:28

Put a particular attention to /etc/NetworkManager/NetworkManager.conf: uncomment dns=dnsmasq and have managed=true. Also, you may be affected by Bug #1294899 Import saved VPN connection has been Recently Broken despite a reported "estblished" VPN connection. Check your VPN settings: Put the protocol name (:tcp or :udp) in the Gateway field. Check the advanced settings, especially Port number and LZO compression. Also check the logs. Finish with a DNS leak test.

– KrisWebDev
Jun 12 '16 at 12:49

add a comment |

I've got a problem which is "NetworkManager is not updating /etc/resolv.conf after openvpn connection with dns push configured".

Here's my openvpn server config: (I've changed domain name to ABC.COM for security reason ;))

########################################

# Sample OpenVPN config file for

# 2.0-style multi-client udp server

#

# Adapted from http://openvpn.sourceforge.net/20notes.html

#

# tun-style tunnel



port 1194

dev tun



# Use "local" to set the source address on multi-homed hosts

#local [IP address]



# TLS parms

tls-server 

ca keys/ca.crt

cert keys/static.crt

key keys/static.key

dh keys/dh1024.pem

proto tcp-server



# Tell OpenVPN to be a multi-client udp server

mode server



# The server's virtual endpoints

ifconfig 10.8.0.1 10.8.0.2



# Pool of /30 subnets to be allocated to clients.

# When a client connects, an --ifconfig command

# will be automatically generated and pushed back to

# the client.

ifconfig-pool 10.8.0.4 10.8.0.255



# Push route to client to bind it to our local

# virtual endpoint.

push "route 10.8.0.1 255.255.255.255"



push "dhcp-option DNS 10.8.0.1"



# Push any routes the client needs to get in

# to the local network.

#push "route 192.168.0.0 255.255.255.0"



# Push DHCP options to Windows clients.

push "dhcp-option DOMAIN ABC.COM"

#push "dhcp-option DNS 192.168.0.1"

#push "dhcp-option WINS 192.168.0.1"



# Client should attempt reconnection on link

# failure.

keepalive 10 60



# Delete client instances after some period

# of inactivity.

inactive 600



# Route the --ifconfig pool range into the

# OpenVPN server.

route 10.8.0.0 255.255.255.0



# The server doesn't need privileges

user openvpn

group openvpn



# Keep TUN devices and keys open across restarts.

persist-tun

persist-key



verb 4

As you can see it's basicaly sample config with little tuning.

Now..

On my machine (openvpn client), I can see that dns is ok:

{17:12}/etc/NetworkManager ➭ nslookup git.ABC.COM 10.8.0.1

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   git.ABC.COM

Address: 10.8.0.1



{17:18}/etc/NetworkManager ➭ nslookup ABC.COM 10.8.0.1   

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   ABC.COM

Address: 18X.XX.XX.71

openvpn logs on server side says (if I understand correctly) that DNS has been pushed:

openvpn[13257]: TCPv4_SERVER link remote: [AF_INET]83.30.135.214:37658

openvpn[13257]: 83.30.135.214:37658 TLS: Initial packet from [AF_INET]83.30.135.214:37658, sid=3251df51 915772f3

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

openvpn[13257]: 83.30.135.214:37658 [jacek] Peer Connection Initiated with [AF_INET]83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: Learn: 10.8.0.10 -> jacek/83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: primary virtual IP for jacek/83.30.135.214:37658: 10.8.0.10

openvpn[13257]: jacek/83.30.135.214:37658 PUSH: Received control message: 'PUSH_REQUEST'

openvpn[13257]: jacek/83.30.135.214:37658 send_push_reply(): safe_cap=940

openvpn[13257]: jacek/83.30.135.214:37658 SENT CONTROL [jacek]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)

openvp logs on my side:

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TCPv4_CLIENT link remote: [AF_INET]XXX.XX.37.71:1194

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TLS: Initial packet from [AF_INET]XXX.XX.37.71:1194, sid=89cc981c d57dd826

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: [static] Peer Connection Initiated with [AF_INET]XXX.XX.37.71:1194

Aug 05 17:14:00 localhost.localdomain openvpn[1198]: SENT CONTROL [static]: 'PUSH_REQUEST' (status=1)

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: timers and/or timeouts modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ifconfig/up options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: route options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: ROUTE_GATEWAY 10.123.123.1/255.255.255.0 IFACE=wlan0 HWADDR=44:6d:57:32:81:2e

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP device tun0 opened

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP TX queue length set to 100

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip link set dev tun0 up mtu 1500

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: Initialization Sequence Completed

It looks like everything's fine.

But. I checked /var/log/messages also... and I found that line:

Aug  5 17:14:01 localhost NetworkManager[761]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...

ip a returns:

5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100

    link/none 

    inet 10.8.0.10 peer 10.8.0.9/32 scope global tun0

       valid_lft forever preferred_lft forever

route -n returns:

# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         10.123.123.1    0.0.0.0         UG    0      0        0 wlan0

10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0

10.8.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun0

10.123.123.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0

So basically everything works, except the DNS being pushed... Oh! Right, and my /etc/resolv.conf:

# Generated by NetworkManager

domain home

search home

nameserver 10.123.123.1

Where's the issue?

(I have a response from Windows-user with openvpn client, that on his side DNS works fine, so it's an issue on my side.

Ok now I have another response (after I restarted openvpn service on server side) - it's not working.

I must say that it worked yesterday on my machine too.. so have I screwed up something on server? What could it be? )

I also traced that that wierd tun0 message appeared also yesterday, and yesterday it worked. Or maybe I added entry to resolv.conf by myself? I don't remember.. (damn it)

edited Oct 8 '14 at 13:51

asked Aug 5 '13 at 16:01

jaor

205127

I have seen this happen on systems with selinux enabled and whose resolv.conf file had the wrong selinux security context. Running restorecon to restore the security context on that file resolved the issue. P.S.: it's resolv.conf, not resolve.conf

– natxo asenjo
Dec 15 '13 at 18:28

Put a particular attention to /etc/NetworkManager/NetworkManager.conf: uncomment dns=dnsmasq and have managed=true. Also, you may be affected by Bug #1294899 Import saved VPN connection has been Recently Broken despite a reported "estblished" VPN connection. Check your VPN settings: Put the protocol name (:tcp or :udp) in the Gateway field. Check the advanced settings, especially Port number and LZO compression. Also check the logs. Finish with a DNS leak test.

– KrisWebDev
Jun 12 '16 at 12:49

add a comment |

I've got a problem which is "NetworkManager is not updating /etc/resolv.conf after openvpn connection with dns push configured".

Here's my openvpn server config: (I've changed domain name to ABC.COM for security reason ;))

########################################

# Sample OpenVPN config file for

# 2.0-style multi-client udp server

#

# Adapted from http://openvpn.sourceforge.net/20notes.html

#

# tun-style tunnel



port 1194

dev tun



# Use "local" to set the source address on multi-homed hosts

#local [IP address]



# TLS parms

tls-server 

ca keys/ca.crt

cert keys/static.crt

key keys/static.key

dh keys/dh1024.pem

proto tcp-server



# Tell OpenVPN to be a multi-client udp server

mode server



# The server's virtual endpoints

ifconfig 10.8.0.1 10.8.0.2



# Pool of /30 subnets to be allocated to clients.

# When a client connects, an --ifconfig command

# will be automatically generated and pushed back to

# the client.

ifconfig-pool 10.8.0.4 10.8.0.255



# Push route to client to bind it to our local

# virtual endpoint.

push "route 10.8.0.1 255.255.255.255"



push "dhcp-option DNS 10.8.0.1"



# Push any routes the client needs to get in

# to the local network.

#push "route 192.168.0.0 255.255.255.0"



# Push DHCP options to Windows clients.

push "dhcp-option DOMAIN ABC.COM"

#push "dhcp-option DNS 192.168.0.1"

#push "dhcp-option WINS 192.168.0.1"



# Client should attempt reconnection on link

# failure.

keepalive 10 60



# Delete client instances after some period

# of inactivity.

inactive 600



# Route the --ifconfig pool range into the

# OpenVPN server.

route 10.8.0.0 255.255.255.0



# The server doesn't need privileges

user openvpn

group openvpn



# Keep TUN devices and keys open across restarts.

persist-tun

persist-key



verb 4

As you can see it's basicaly sample config with little tuning.

Now..

On my machine (openvpn client), I can see that dns is ok:

{17:12}/etc/NetworkManager ➭ nslookup git.ABC.COM 10.8.0.1

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   git.ABC.COM

Address: 10.8.0.1



{17:18}/etc/NetworkManager ➭ nslookup ABC.COM 10.8.0.1   

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   ABC.COM

Address: 18X.XX.XX.71

openvpn logs on server side says (if I understand correctly) that DNS has been pushed:

openvpn[13257]: TCPv4_SERVER link remote: [AF_INET]83.30.135.214:37658

openvpn[13257]: 83.30.135.214:37658 TLS: Initial packet from [AF_INET]83.30.135.214:37658, sid=3251df51 915772f3

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

openvpn[13257]: 83.30.135.214:37658 [jacek] Peer Connection Initiated with [AF_INET]83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: Learn: 10.8.0.10 -> jacek/83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: primary virtual IP for jacek/83.30.135.214:37658: 10.8.0.10

openvpn[13257]: jacek/83.30.135.214:37658 PUSH: Received control message: 'PUSH_REQUEST'

openvpn[13257]: jacek/83.30.135.214:37658 send_push_reply(): safe_cap=940

openvpn[13257]: jacek/83.30.135.214:37658 SENT CONTROL [jacek]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)

openvp logs on my side:

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TCPv4_CLIENT link remote: [AF_INET]XXX.XX.37.71:1194

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TLS: Initial packet from [AF_INET]XXX.XX.37.71:1194, sid=89cc981c d57dd826

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: [static] Peer Connection Initiated with [AF_INET]XXX.XX.37.71:1194

Aug 05 17:14:00 localhost.localdomain openvpn[1198]: SENT CONTROL [static]: 'PUSH_REQUEST' (status=1)

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: timers and/or timeouts modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ifconfig/up options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: route options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: ROUTE_GATEWAY 10.123.123.1/255.255.255.0 IFACE=wlan0 HWADDR=44:6d:57:32:81:2e

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP device tun0 opened

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP TX queue length set to 100

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip link set dev tun0 up mtu 1500

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: Initialization Sequence Completed

It looks like everything's fine.

But. I checked /var/log/messages also... and I found that line:

Aug  5 17:14:01 localhost NetworkManager[761]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...

ip a returns:

5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100

    link/none 

    inet 10.8.0.10 peer 10.8.0.9/32 scope global tun0

       valid_lft forever preferred_lft forever

route -n returns:

# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         10.123.123.1    0.0.0.0         UG    0      0        0 wlan0

10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0

10.8.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun0

10.123.123.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0

So basically everything works, except the DNS being pushed... Oh! Right, and my /etc/resolv.conf:

# Generated by NetworkManager

domain home

search home

nameserver 10.123.123.1

Where's the issue?

(I have a response from Windows-user with openvpn client, that on his side DNS works fine, so it's an issue on my side.

Ok now I have another response (after I restarted openvpn service on server side) - it's not working.

I must say that it worked yesterday on my machine too.. so have I screwed up something on server? What could it be? )

I also traced that that wierd tun0 message appeared also yesterday, and yesterday it worked. Or maybe I added entry to resolv.conf by myself? I don't remember.. (damn it)

edited Oct 8 '14 at 13:51

asked Aug 5 '13 at 16:01

jaor

205127

I've got a problem which is "NetworkManager is not updating /etc/resolv.conf after openvpn connection with dns push configured".

Here's my openvpn server config: (I've changed domain name to ABC.COM for security reason ;))

########################################

# Sample OpenVPN config file for

# 2.0-style multi-client udp server

#

# Adapted from http://openvpn.sourceforge.net/20notes.html

#

# tun-style tunnel



port 1194

dev tun



# Use "local" to set the source address on multi-homed hosts

#local [IP address]



# TLS parms

tls-server 

ca keys/ca.crt

cert keys/static.crt

key keys/static.key

dh keys/dh1024.pem

proto tcp-server



# Tell OpenVPN to be a multi-client udp server

mode server



# The server's virtual endpoints

ifconfig 10.8.0.1 10.8.0.2



# Pool of /30 subnets to be allocated to clients.

# When a client connects, an --ifconfig command

# will be automatically generated and pushed back to

# the client.

ifconfig-pool 10.8.0.4 10.8.0.255



# Push route to client to bind it to our local

# virtual endpoint.

push "route 10.8.0.1 255.255.255.255"



push "dhcp-option DNS 10.8.0.1"



# Push any routes the client needs to get in

# to the local network.

#push "route 192.168.0.0 255.255.255.0"



# Push DHCP options to Windows clients.

push "dhcp-option DOMAIN ABC.COM"

#push "dhcp-option DNS 192.168.0.1"

#push "dhcp-option WINS 192.168.0.1"



# Client should attempt reconnection on link

# failure.

keepalive 10 60



# Delete client instances after some period

# of inactivity.

inactive 600



# Route the --ifconfig pool range into the

# OpenVPN server.

route 10.8.0.0 255.255.255.0



# The server doesn't need privileges

user openvpn

group openvpn



# Keep TUN devices and keys open across restarts.

persist-tun

persist-key



verb 4

As you can see it's basicaly sample config with little tuning.

Now..

On my machine (openvpn client), I can see that dns is ok:

{17:12}/etc/NetworkManager ➭ nslookup git.ABC.COM 10.8.0.1

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   git.ABC.COM

Address: 10.8.0.1



{17:18}/etc/NetworkManager ➭ nslookup ABC.COM 10.8.0.1   

Server:     10.8.0.1

Address:    10.8.0.1#53



Name:   ABC.COM

Address: 18X.XX.XX.71

openvpn logs on server side says (if I understand correctly) that DNS has been pushed:

openvpn[13257]: TCPv4_SERVER link remote: [AF_INET]83.30.135.214:37658

openvpn[13257]: 83.30.135.214:37658 TLS: Initial packet from [AF_INET]83.30.135.214:37658, sid=3251df51 915772f3

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

openvpn[13257]: 83.30.135.214:37658 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

openvpn[13257]: 83.30.135.214:37658 [jacek] Peer Connection Initiated with [AF_INET]83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: Learn: 10.8.0.10 -> jacek/83.30.135.214:37658

openvpn[13257]: jacek/83.30.135.214:37658 MULTI: primary virtual IP for jacek/83.30.135.214:37658: 10.8.0.10

openvpn[13257]: jacek/83.30.135.214:37658 PUSH: Received control message: 'PUSH_REQUEST'

openvpn[13257]: jacek/83.30.135.214:37658 send_push_reply(): safe_cap=940

openvpn[13257]: jacek/83.30.135.214:37658 SENT CONTROL [jacek]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)

openvp logs on my side:

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TCPv4_CLIENT link remote: [AF_INET]XXX.XX.37.71:1194

Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TLS: Initial packet from [AF_INET]XXX.XX.37.71:1194, sid=89cc981c d57dd826

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Aug 05 17:13:58 localhost.localdomain openvpn[1198]: [static] Peer Connection Initiated with [AF_INET]XXX.XX.37.71:1194

Aug 05 17:14:00 localhost.localdomain openvpn[1198]: SENT CONTROL [static]: 'PUSH_REQUEST' (status=1)

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: timers and/or timeouts modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ifconfig/up options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: route options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: ROUTE_GATEWAY 10.123.123.1/255.255.255.0 IFACE=wlan0 HWADDR=44:6d:57:32:81:2e

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP device tun0 opened

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP TX queue length set to 100

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip link set dev tun0 up mtu 1500

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.9

Aug 05 17:14:01 localhost.localdomain openvpn[1198]: Initialization Sequence Completed

It looks like everything's fine.

But. I checked /var/log/messages also... and I found that line:

Aug  5 17:14:01 localhost NetworkManager[761]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...

ip a returns:

5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100

    link/none 

    inet 10.8.0.10 peer 10.8.0.9/32 scope global tun0

       valid_lft forever preferred_lft forever

route -n returns:

# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         10.123.123.1    0.0.0.0         UG    0      0        0 wlan0

10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0

10.8.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun0

10.123.123.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0

So basically everything works, except the DNS being pushed... Oh! Right, and my /etc/resolv.conf:

# Generated by NetworkManager

domain home

search home

nameserver 10.123.123.1

Where's the issue?

(I have a response from Windows-user with openvpn client, that on his side DNS works fine, so it's an issue on my side.

Ok now I have another response (after I restarted openvpn service on server side) - it's not working.

I must say that it worked yesterday on my machine too.. so have I screwed up something on server? What could it be? )

I also traced that that wierd tun0 message appeared also yesterday, and yesterday it worked. Or maybe I added entry to resolv.conf by myself? I don't remember.. (damn it)

domain-name-system openvpn resolv.conf networkmanager

edited Oct 8 '14 at 13:51

asked Aug 5 '13 at 16:01

jaor

205127

edited Oct 8 '14 at 13:51

asked Aug 5 '13 at 16:01

jaor

205127

edited Oct 8 '14 at 13:51

asked Aug 5 '13 at 16:01

jaor

205127

asked Aug 5 '13 at 16:01

jaor

205127

asked Aug 5 '13 at 16:01

jaor

205127

I have seen this happen on systems with selinux enabled and whose resolv.conf file had the wrong selinux security context. Running restorecon to restore the security context on that file resolved the issue. P.S.: it's resolv.conf, not resolve.conf

– natxo asenjo
Dec 15 '13 at 18:28

Put a particular attention to /etc/NetworkManager/NetworkManager.conf: uncomment dns=dnsmasq and have managed=true. Also, you may be affected by Bug #1294899 Import saved VPN connection has been Recently Broken despite a reported "estblished" VPN connection. Check your VPN settings: Put the protocol name (:tcp or :udp) in the Gateway field. Check the advanced settings, especially Port number and LZO compression. Also check the logs. Finish with a DNS leak test.

– KrisWebDev
Jun 12 '16 at 12:49

add a comment |

I have seen this happen on systems with selinux enabled and whose resolv.conf file had the wrong selinux security context. Running restorecon to restore the security context on that file resolved the issue. P.S.: it's resolv.conf, not resolve.conf

– natxo asenjo
Dec 15 '13 at 18:28

Put a particular attention to /etc/NetworkManager/NetworkManager.conf: uncomment dns=dnsmasq and have managed=true. Also, you may be affected by Bug #1294899 Import saved VPN connection has been Recently Broken despite a reported "estblished" VPN connection. Check your VPN settings: Put the protocol name (:tcp or :udp) in the Gateway field. Check the advanced settings, especially Port number and LZO compression. Also check the logs. Finish with a DNS leak test.

– KrisWebDev
Jun 12 '16 at 12:49

I have seen this happen on systems with selinux enabled and whose resolv.conf file had the wrong selinux security context. Running restorecon to restore the security context on that file resolved the issue. P.S.: it's resolv.conf, not resolve.conf

– natxo asenjo
Dec 15 '13 at 18:28

Put a particular attention to /etc/NetworkManager/NetworkManager.conf: uncomment dns=dnsmasq and have managed=true. Also, you may be affected by Bug #1294899 Import saved VPN connection has been Recently Broken despite a reported "estblished" VPN connection. Check your VPN settings: Put the protocol name (:tcp or :udp) in the Gateway field. Check the advanced settings, especially Port number and LZO compression. Also check the logs. Finish with a DNS leak test.

– KrisWebDev
Jun 12 '16 at 12:49

add a comment |

7 Answers
7

active

oldest

votes

This works for me: http://www.softwarepassion.com/solving-dns-problems-with-openvpn-on-ubuntu-box/

The important step is adding following two lines of configuration into your client openvpn config file:

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

Also ensure the resolvconf package is installed on the client, because that update-resolv-conf script depends on it.

It works with openvpn client service or command to start it manually.

However, the Ubuntu Network Manager doesn't this. It's an issue so far: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

answered Mar 28 '14 at 4:18

Wenbing Li

400310

4

Don't forget to run openvpn with --script-security 2

– kol
May 15 '16 at 8:21

2

Or also put script-security 2 in your client openvpn config file.

– KrisWebDev
Jun 3 '16 at 18:12

I don't recommend using OpenVPN directly, without going through Network-Manager, or you may face Bug #691723 OpenVPN Client Ignores DNS which has no solution. In my case, Network Manager overwritten resolvconf after the up script was launched... A dirty # echo "nameserver 208.67.220.220" | /sbin/resolvconf -a "tun0.openvpn" AFTER running openvpn can do the job... until it gets overwritten again. Again, don't use OpenVPN directly.

– KrisWebDev
Jun 12 '16 at 12:57

up command not found !!

– Pardeep Jain
May 23 '18 at 10:43

add a comment |

Works for me after disabling NetworkManager's own dnsmasq.

Edit /etc/NetworkManager/NetworkManager.conf

 #dns=dnsmasq

and restart NetworkManager

sudo restart network-manager

answered Oct 8 '14 at 13:44

Segavax

11115

I already had the change from Bruce Li in my client config. Making this change as well fixed the issue [Ubuntu 15.10].

– TheDauthi
Dec 21 '15 at 21:50

1

What kind of sorcery is this? What dnsmasq is doing?

– GuySoft
Mar 9 '17 at 10:08

This worked for me in different versions of Ubuntu. I don't really understand what dnsmasq does, but commenting out that line from NetworkManager.conf magically solves the issue for VPN connections as well as for Wi-Fi connections.

– Simón
Mar 28 '17 at 22:07

This worked for me running Linux Mint 18, although I had to restart my machine because sudo restart network-manager failed with an error. The accepted answer did not work for me.

– trebormf
Apr 13 '18 at 15:30

on restarte command throwing error restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

– Pardeep Jain
May 23 '18 at 10:43

|
show 1 more comment

It is possible to push DNS settings in OpenVPN. Like you have in your config, it is done in the server configuration with the following line:

push "dhcp-option DNS 10.20.30.40"

This works out of the gate for me using the Windows GUI, but it needs a bit of nudging for Linux systems. For connecting to my home network (using Fedora 18 at present), I used a script by gronke on GitHub (https://github.com/gronke/OpenVPN-linux-push) to automate the updating process.

To use these scripts, I added the following to my OpenVPN client file:

up /home/gadgeteering/tools/vpn/up.sh

down /home/gadgeteering/tools/vpn/down.sh

up.sh:

#! /bin/bash

DEV=$1



if [ ! -d /tmp/openvpn ]; then

mkdir /tmp/openvpn

fi

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo -n "" > $CACHE_NAMESERVER



dns=dns

for opt in ${!foreign_option_*}

do

eval "dns=${$opt#dhcp-option DNS }"

if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then

if [ ! -f /etc/resolv.conf.default ]; then

cp /etc/resolv.conf /etc/resolv.conf.default

fi



cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf

echo "nameserver $dns" >> /tmp/resolv.conf

echo $dns >> $CACHE_NAMESERVER

cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



fi

done

down.sh:

#! /bin/bash

DEV=$1

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo $CACHE_NAMESERVER



if [ -f $CACHE_NAMESERVER ]; then

for ns in `cat $CACHE_NAMESERVER`; do

echo "Removing $ns from /etc/resolv.conf"

cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



done

fi

edited Dec 23 '13 at 19:15

answered Dec 23 '13 at 19:08

Gadgeteering

1484

why you need dns=dns ?

– Wang
May 28 '17 at 15:46

That would be a question for Gronke, I think it's a bit odd as well. Since writing my comment, I've moved on to using an adaptation of this script that doesn't use the 'dns' variable at all. I have not observed any change in behavior because of the omission.

– Gadgeteering
May 30 '17 at 0:56

add a comment |

There is a possibility to make NetworkManager working by manually replacing /etc/resolv.conf. Beware that this is quite a hack and cannot be considered as a valid solution for every situation.

#!/bin/bash

case "$2" in

    vpn-up)

    tmp=$(mktemp)

    func=$(mktemp)

    echo 'ping -c 1 -w 1 -q $1 > /dev/null ;

          if [ 0 -eq $? ]; then echo $1; fi' > $func

    grep -v "^#" /etc/resolv.conf > $tmp

    grep -rl type=vpn /etc/NetworkManager/system-connections 

        | xargs -n 1 sed -rne 's|dns=||p' 

        | sed -re 's|;|n|g' 

        | grep -v "^s*$" 

        | xargs -n 1 bash $func 

        | sed -re "s|(.*)|nameserver 1|" 

        | cat - $tmp 

        > /etc/resolv.conf

    rm -f $tmp $func;;

    vpn-down) resolvconf -u;;

esac

This script should be placed under /etc/NetworkManager/dispatcher.d; should be executable and owned by root. It reads all NetworkManager vpn configutations it can find and rewrites /etc/resolv.conf with accessible nameservers found there. It doesn't write domain and search lines; but it allows to forget about nasty NetworkManager bug.

I use Ubuntu 16.04, it works.

edited Jan 17 '17 at 18:37

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

add a comment |

OpenVPN is currently unable to push DNS settings. You will have to manually change /etc/resolv.conf to match your (secured) DNS server. I just run a BIND9 service on the same machine as my Access Server and point to that via tunnel. Use your local IP adress of that machine eg 192.168.1.110

Good luck!

Jasper

answered Dec 15 '13 at 17:52

Jasper

172

With answer from Bruce Li, the /etc/resolv.conf is automatically modified

– greuze
May 21 '14 at 11:01

add a comment |

I have an OpenSUSE client that doesn't use resolvconf, nor systemd-networkd, but I was able to modify the common update-resolv-conf script to work with NetworkManager's nmcli command:

#!/usr/bin/env bash

#

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'



case $script_type in



up)

    for optionname in ${!foreign_option_*} ; do

        option="${!optionname}"

        echo $option

        part1=$(echo "$option" | cut -d " " -f 1)

        if [ "$part1" == "dhcp-option" ] ; then

            part2=$(echo "$option" | cut -d " " -f 2)

            part3=$(echo "$option" | cut -d " " -f 3)

            if [ "$part2" == "DNS" ] ; then

                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

            fi

            if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then

                IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"

            fi

        fi

    done

    if [ -n "$IF_DNS_SEARCH" ]; then

        nmcli connection modify "${dev}" ipv4.dns-search "$IF_DNS_SEARCH"

    fi

    if [ -n "$IF_DNS_NAMESERVERS" ]; then

        nmcli connection modify "${dev}" ipv4.dns "$IF_DNS_NAMESERVERS"

    fi

    nmcli connection up "${dev}" # Force NM to reevaluate the properties

    ;;

esac



# Workaround / jm@epiclabs.io 

# force exit with no errors. Due to an apparent conflict with the Network Manager

# $RESOLVCONF sometimes exits with error code 6 even though it has performed the

# action correctly and OpenVPN shuts down.

exit 0

It doesn't have a down handler because NetworkManager automatically removes the nameserver and search (DNS search) parameters on the termination of the connection.

edited Dec 14 '18 at 18:37

answered Dec 13 '18 at 21:09

palswim

2201415

add a comment |

Finally works (with standard NetworkManager and OVPN plugin)
nmcli -p connection modify MY_VPN_CONNECTION ipv4.never-default no
nmcli -p connection modify MY_VPN_CONNECTION ipv4.ignore-auto-dns no
nmcli -p connection modify MY_VPN_CONNECTION ipv4.dns-priority -42

In this case once VPN connection is established, all DNS requests are directed to VPN-supplied DNS servers without any manipulations with dnsmasq, up/down/dispatch helper scripts.

answered 9 mins ago

Alter

New contributor

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f528773%2fnetworkmanager-is-not-changing-etc-resolv-conf-after-openvpn-dns-push%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

7 Answers
7

active

oldest

votes

7 Answers
7

active

oldest

votes

This works for me: http://www.softwarepassion.com/solving-dns-problems-with-openvpn-on-ubuntu-box/

The important step is adding following two lines of configuration into your client openvpn config file:

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

Also ensure the resolvconf package is installed on the client, because that update-resolv-conf script depends on it.

It works with openvpn client service or command to start it manually.

However, the Ubuntu Network Manager doesn't this. It's an issue so far: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

answered Mar 28 '14 at 4:18

Wenbing Li

400310

4

Don't forget to run openvpn with --script-security 2

– kol
May 15 '16 at 8:21

2

Or also put script-security 2 in your client openvpn config file.

– KrisWebDev
Jun 3 '16 at 18:12

I don't recommend using OpenVPN directly, without going through Network-Manager, or you may face Bug #691723 OpenVPN Client Ignores DNS which has no solution. In my case, Network Manager overwritten resolvconf after the up script was launched... A dirty # echo "nameserver 208.67.220.220" | /sbin/resolvconf -a "tun0.openvpn" AFTER running openvpn can do the job... until it gets overwritten again. Again, don't use OpenVPN directly.

– KrisWebDev
Jun 12 '16 at 12:57

up command not found !!

– Pardeep Jain
May 23 '18 at 10:43

add a comment |

This works for me: http://www.softwarepassion.com/solving-dns-problems-with-openvpn-on-ubuntu-box/

The important step is adding following two lines of configuration into your client openvpn config file:

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

Also ensure the resolvconf package is installed on the client, because that update-resolv-conf script depends on it.

It works with openvpn client service or command to start it manually.

However, the Ubuntu Network Manager doesn't this. It's an issue so far: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

answered Mar 28 '14 at 4:18

Wenbing Li

400310

4

Don't forget to run openvpn with --script-security 2

– kol
May 15 '16 at 8:21

2

Or also put script-security 2 in your client openvpn config file.

– KrisWebDev
Jun 3 '16 at 18:12

I don't recommend using OpenVPN directly, without going through Network-Manager, or you may face Bug #691723 OpenVPN Client Ignores DNS which has no solution. In my case, Network Manager overwritten resolvconf after the up script was launched... A dirty # echo "nameserver 208.67.220.220" | /sbin/resolvconf -a "tun0.openvpn" AFTER running openvpn can do the job... until it gets overwritten again. Again, don't use OpenVPN directly.

– KrisWebDev
Jun 12 '16 at 12:57

up command not found !!

– Pardeep Jain
May 23 '18 at 10:43

add a comment |

This works for me: http://www.softwarepassion.com/solving-dns-problems-with-openvpn-on-ubuntu-box/

The important step is adding following two lines of configuration into your client openvpn config file:

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

Also ensure the resolvconf package is installed on the client, because that update-resolv-conf script depends on it.

It works with openvpn client service or command to start it manually.

However, the Ubuntu Network Manager doesn't this. It's an issue so far: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

answered Mar 28 '14 at 4:18

Wenbing Li

400310

This works for me: http://www.softwarepassion.com/solving-dns-problems-with-openvpn-on-ubuntu-box/

The important step is adding following two lines of configuration into your client openvpn config file:

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

Also ensure the resolvconf package is installed on the client, because that update-resolv-conf script depends on it.

It works with openvpn client service or command to start it manually.

However, the Ubuntu Network Manager doesn't this. It's an issue so far: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1211110

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

answered Mar 28 '14 at 4:18

Wenbing Li

400310

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

edited Apr 22 '15 at 10:55

gertvdijk

3,13031835

answered Mar 28 '14 at 4:18

Wenbing Li

400310

answered Mar 28 '14 at 4:18

Wenbing Li

400310

answered Mar 28 '14 at 4:18

Wenbing Li

400310

4

Don't forget to run openvpn with --script-security 2

– kol
May 15 '16 at 8:21

2

Or also put script-security 2 in your client openvpn config file.

– KrisWebDev
Jun 3 '16 at 18:12

I don't recommend using OpenVPN directly, without going through Network-Manager, or you may face Bug #691723 OpenVPN Client Ignores DNS which has no solution. In my case, Network Manager overwritten resolvconf after the up script was launched... A dirty # echo "nameserver 208.67.220.220" | /sbin/resolvconf -a "tun0.openvpn" AFTER running openvpn can do the job... until it gets overwritten again. Again, don't use OpenVPN directly.

– KrisWebDev
Jun 12 '16 at 12:57

up command not found !!

– Pardeep Jain
May 23 '18 at 10:43

add a comment |

4

Don't forget to run openvpn with --script-security 2

– kol
May 15 '16 at 8:21

2

Or also put script-security 2 in your client openvpn config file.

– KrisWebDev
Jun 3 '16 at 18:12

I don't recommend using OpenVPN directly, without going through Network-Manager, or you may face Bug #691723 OpenVPN Client Ignores DNS which has no solution. In my case, Network Manager overwritten resolvconf after the up script was launched... A dirty # echo "nameserver 208.67.220.220" | /sbin/resolvconf -a "tun0.openvpn" AFTER running openvpn can do the job... until it gets overwritten again. Again, don't use OpenVPN directly.

– KrisWebDev
Jun 12 '16 at 12:57

up command not found !!

– Pardeep Jain
May 23 '18 at 10:43

Don't forget to run openvpn with --script-security 2

– kol
May 15 '16 at 8:21

Or also put script-security 2 in your client openvpn config file.

– KrisWebDev
Jun 3 '16 at 18:12

I don't recommend using OpenVPN directly, without going through Network-Manager, or you may face Bug #691723 OpenVPN Client Ignores DNS which has no solution. In my case, Network Manager overwritten resolvconf after the up script was launched... A dirty # echo "nameserver 208.67.220.220" | /sbin/resolvconf -a "tun0.openvpn" AFTER running openvpn can do the job... until it gets overwritten again. Again, don't use OpenVPN directly.

– KrisWebDev
Jun 12 '16 at 12:57

up command not found !!

– Pardeep Jain
May 23 '18 at 10:43

add a comment |

Works for me after disabling NetworkManager's own dnsmasq.

Edit /etc/NetworkManager/NetworkManager.conf

 #dns=dnsmasq

and restart NetworkManager

sudo restart network-manager

answered Oct 8 '14 at 13:44

Segavax

11115

I already had the change from Bruce Li in my client config. Making this change as well fixed the issue [Ubuntu 15.10].

– TheDauthi
Dec 21 '15 at 21:50

1

What kind of sorcery is this? What dnsmasq is doing?

– GuySoft
Mar 9 '17 at 10:08

This worked for me in different versions of Ubuntu. I don't really understand what dnsmasq does, but commenting out that line from NetworkManager.conf magically solves the issue for VPN connections as well as for Wi-Fi connections.

– Simón
Mar 28 '17 at 22:07

This worked for me running Linux Mint 18, although I had to restart my machine because sudo restart network-manager failed with an error. The accepted answer did not work for me.

– trebormf
Apr 13 '18 at 15:30

on restarte command throwing error restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

– Pardeep Jain
May 23 '18 at 10:43

|
show 1 more comment

Works for me after disabling NetworkManager's own dnsmasq.

Edit /etc/NetworkManager/NetworkManager.conf

 #dns=dnsmasq

and restart NetworkManager

sudo restart network-manager

answered Oct 8 '14 at 13:44

Segavax

11115

I already had the change from Bruce Li in my client config. Making this change as well fixed the issue [Ubuntu 15.10].

– TheDauthi
Dec 21 '15 at 21:50

1

What kind of sorcery is this? What dnsmasq is doing?

– GuySoft
Mar 9 '17 at 10:08

This worked for me in different versions of Ubuntu. I don't really understand what dnsmasq does, but commenting out that line from NetworkManager.conf magically solves the issue for VPN connections as well as for Wi-Fi connections.

– Simón
Mar 28 '17 at 22:07

This worked for me running Linux Mint 18, although I had to restart my machine because sudo restart network-manager failed with an error. The accepted answer did not work for me.

– trebormf
Apr 13 '18 at 15:30

on restarte command throwing error restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

– Pardeep Jain
May 23 '18 at 10:43

|
show 1 more comment

Works for me after disabling NetworkManager's own dnsmasq.

Edit /etc/NetworkManager/NetworkManager.conf

 #dns=dnsmasq

and restart NetworkManager

sudo restart network-manager

answered Oct 8 '14 at 13:44

Segavax

11115

Works for me after disabling NetworkManager's own dnsmasq.

Edit /etc/NetworkManager/NetworkManager.conf

 #dns=dnsmasq

and restart NetworkManager

sudo restart network-manager

answered Oct 8 '14 at 13:44

Segavax

11115

answered Oct 8 '14 at 13:44

Segavax

11115

answered Oct 8 '14 at 13:44

Segavax

11115

answered Oct 8 '14 at 13:44

Segavax

11115

I already had the change from Bruce Li in my client config. Making this change as well fixed the issue [Ubuntu 15.10].

– TheDauthi
Dec 21 '15 at 21:50

1

What kind of sorcery is this? What dnsmasq is doing?

– GuySoft
Mar 9 '17 at 10:08

This worked for me in different versions of Ubuntu. I don't really understand what dnsmasq does, but commenting out that line from NetworkManager.conf magically solves the issue for VPN connections as well as for Wi-Fi connections.

– Simón
Mar 28 '17 at 22:07

This worked for me running Linux Mint 18, although I had to restart my machine because sudo restart network-manager failed with an error. The accepted answer did not work for me.

– trebormf
Apr 13 '18 at 15:30

on restarte command throwing error restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

– Pardeep Jain
May 23 '18 at 10:43

|
show 1 more comment

I already had the change from Bruce Li in my client config. Making this change as well fixed the issue [Ubuntu 15.10].

– TheDauthi
Dec 21 '15 at 21:50

1

What kind of sorcery is this? What dnsmasq is doing?

– GuySoft
Mar 9 '17 at 10:08

This worked for me in different versions of Ubuntu. I don't really understand what dnsmasq does, but commenting out that line from NetworkManager.conf magically solves the issue for VPN connections as well as for Wi-Fi connections.

– Simón
Mar 28 '17 at 22:07

This worked for me running Linux Mint 18, although I had to restart my machine because sudo restart network-manager failed with an error. The accepted answer did not work for me.

– trebormf
Apr 13 '18 at 15:30

on restarte command throwing error restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

– Pardeep Jain
May 23 '18 at 10:43

I already had the change from Bruce Li in my client config. Making this change as well fixed the issue [Ubuntu 15.10].

– TheDauthi
Dec 21 '15 at 21:50

What kind of sorcery is this? What dnsmasq is doing?

– GuySoft
Mar 9 '17 at 10:08

This worked for me in different versions of Ubuntu. I don't really understand what dnsmasq does, but commenting out that line from NetworkManager.conf magically solves the issue for VPN connections as well as for Wi-Fi connections.

– Simón
Mar 28 '17 at 22:07

This worked for me running Linux Mint 18, although I had to restart my machine because sudo restart network-manager failed with an error. The accepted answer did not work for me.

– trebormf
Apr 13 '18 at 15:30

on restarte command throwing error restart: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

– Pardeep Jain
May 23 '18 at 10:43

|
show 1 more comment

It is possible to push DNS settings in OpenVPN. Like you have in your config, it is done in the server configuration with the following line:

push "dhcp-option DNS 10.20.30.40"

To use these scripts, I added the following to my OpenVPN client file:

up /home/gadgeteering/tools/vpn/up.sh

down /home/gadgeteering/tools/vpn/down.sh

up.sh:

#! /bin/bash

DEV=$1



if [ ! -d /tmp/openvpn ]; then

mkdir /tmp/openvpn

fi

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo -n "" > $CACHE_NAMESERVER



dns=dns

for opt in ${!foreign_option_*}

do

eval "dns=${$opt#dhcp-option DNS }"

if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then

if [ ! -f /etc/resolv.conf.default ]; then

cp /etc/resolv.conf /etc/resolv.conf.default

fi



cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf

echo "nameserver $dns" >> /tmp/resolv.conf

echo $dns >> $CACHE_NAMESERVER

cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



fi

done

down.sh:

#! /bin/bash

DEV=$1

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo $CACHE_NAMESERVER



if [ -f $CACHE_NAMESERVER ]; then

for ns in `cat $CACHE_NAMESERVER`; do

echo "Removing $ns from /etc/resolv.conf"

cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



done

fi

edited Dec 23 '13 at 19:15

answered Dec 23 '13 at 19:08

Gadgeteering

1484

why you need dns=dns ?

– Wang
May 28 '17 at 15:46

That would be a question for Gronke, I think it's a bit odd as well. Since writing my comment, I've moved on to using an adaptation of this script that doesn't use the 'dns' variable at all. I have not observed any change in behavior because of the omission.

– Gadgeteering
May 30 '17 at 0:56

add a comment |

It is possible to push DNS settings in OpenVPN. Like you have in your config, it is done in the server configuration with the following line:

push "dhcp-option DNS 10.20.30.40"

To use these scripts, I added the following to my OpenVPN client file:

up /home/gadgeteering/tools/vpn/up.sh

down /home/gadgeteering/tools/vpn/down.sh

up.sh:

#! /bin/bash

DEV=$1



if [ ! -d /tmp/openvpn ]; then

mkdir /tmp/openvpn

fi

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo -n "" > $CACHE_NAMESERVER



dns=dns

for opt in ${!foreign_option_*}

do

eval "dns=${$opt#dhcp-option DNS }"

if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then

if [ ! -f /etc/resolv.conf.default ]; then

cp /etc/resolv.conf /etc/resolv.conf.default

fi



cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf

echo "nameserver $dns" >> /tmp/resolv.conf

echo $dns >> $CACHE_NAMESERVER

cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



fi

done

down.sh:

#! /bin/bash

DEV=$1

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo $CACHE_NAMESERVER



if [ -f $CACHE_NAMESERVER ]; then

for ns in `cat $CACHE_NAMESERVER`; do

echo "Removing $ns from /etc/resolv.conf"

cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



done

fi

edited Dec 23 '13 at 19:15

answered Dec 23 '13 at 19:08

Gadgeteering

1484

why you need dns=dns ?

– Wang
May 28 '17 at 15:46

That would be a question for Gronke, I think it's a bit odd as well. Since writing my comment, I've moved on to using an adaptation of this script that doesn't use the 'dns' variable at all. I have not observed any change in behavior because of the omission.

– Gadgeteering
May 30 '17 at 0:56

add a comment |

It is possible to push DNS settings in OpenVPN. Like you have in your config, it is done in the server configuration with the following line:

push "dhcp-option DNS 10.20.30.40"

To use these scripts, I added the following to my OpenVPN client file:

up /home/gadgeteering/tools/vpn/up.sh

down /home/gadgeteering/tools/vpn/down.sh

up.sh:

#! /bin/bash

DEV=$1



if [ ! -d /tmp/openvpn ]; then

mkdir /tmp/openvpn

fi

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo -n "" > $CACHE_NAMESERVER



dns=dns

for opt in ${!foreign_option_*}

do

eval "dns=${$opt#dhcp-option DNS }"

if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then

if [ ! -f /etc/resolv.conf.default ]; then

cp /etc/resolv.conf /etc/resolv.conf.default

fi



cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf

echo "nameserver $dns" >> /tmp/resolv.conf

echo $dns >> $CACHE_NAMESERVER

cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



fi

done

down.sh:

#! /bin/bash

DEV=$1

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo $CACHE_NAMESERVER



if [ -f $CACHE_NAMESERVER ]; then

for ns in `cat $CACHE_NAMESERVER`; do

echo "Removing $ns from /etc/resolv.conf"

cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



done

fi

edited Dec 23 '13 at 19:15

answered Dec 23 '13 at 19:08

Gadgeteering

1484

It is possible to push DNS settings in OpenVPN. Like you have in your config, it is done in the server configuration with the following line:

push "dhcp-option DNS 10.20.30.40"

To use these scripts, I added the following to my OpenVPN client file:

up /home/gadgeteering/tools/vpn/up.sh

down /home/gadgeteering/tools/vpn/down.sh

up.sh:

#! /bin/bash

DEV=$1



if [ ! -d /tmp/openvpn ]; then

mkdir /tmp/openvpn

fi

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo -n "" > $CACHE_NAMESERVER



dns=dns

for opt in ${!foreign_option_*}

do

eval "dns=${$opt#dhcp-option DNS }"

if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then

if [ ! -f /etc/resolv.conf.default ]; then

cp /etc/resolv.conf /etc/resolv.conf.default

fi



cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf

echo "nameserver $dns" >> /tmp/resolv.conf

echo $dns >> $CACHE_NAMESERVER

cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



fi

done

down.sh:

#! /bin/bash

DEV=$1

CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"

echo $CACHE_NAMESERVER



if [ -f $CACHE_NAMESERVER ]; then

for ns in `cat $CACHE_NAMESERVER`; do

echo "Removing $ns from /etc/resolv.conf"

cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf

mv /tmp/resolv.conf /etc/resolv.conf



done

fi

edited Dec 23 '13 at 19:15

answered Dec 23 '13 at 19:08

Gadgeteering

1484

edited Dec 23 '13 at 19:15

answered Dec 23 '13 at 19:08

Gadgeteering

1484

answered Dec 23 '13 at 19:08

Gadgeteering

1484

answered Dec 23 '13 at 19:08

Gadgeteering

1484

why you need dns=dns ?

– Wang
May 28 '17 at 15:46

That would be a question for Gronke, I think it's a bit odd as well. Since writing my comment, I've moved on to using an adaptation of this script that doesn't use the 'dns' variable at all. I have not observed any change in behavior because of the omission.

– Gadgeteering
May 30 '17 at 0:56

add a comment |

why you need dns=dns ?

– Wang
May 28 '17 at 15:46

That would be a question for Gronke, I think it's a bit odd as well. Since writing my comment, I've moved on to using an adaptation of this script that doesn't use the 'dns' variable at all. I have not observed any change in behavior because of the omission.

– Gadgeteering
May 30 '17 at 0:56

why you need dns=dns ?

– Wang
May 28 '17 at 15:46

That would be a question for Gronke, I think it's a bit odd as well. Since writing my comment, I've moved on to using an adaptation of this script that doesn't use the 'dns' variable at all. I have not observed any change in behavior because of the omission.

– Gadgeteering
May 30 '17 at 0:56

add a comment |

There is a possibility to make NetworkManager working by manually replacing /etc/resolv.conf. Beware that this is quite a hack and cannot be considered as a valid solution for every situation.

#!/bin/bash

case "$2" in

    vpn-up)

    tmp=$(mktemp)

    func=$(mktemp)

    echo 'ping -c 1 -w 1 -q $1 > /dev/null ;

          if [ 0 -eq $? ]; then echo $1; fi' > $func

    grep -v "^#" /etc/resolv.conf > $tmp

    grep -rl type=vpn /etc/NetworkManager/system-connections 

        | xargs -n 1 sed -rne 's|dns=||p' 

        | sed -re 's|;|n|g' 

        | grep -v "^s*$" 

        | xargs -n 1 bash $func 

        | sed -re "s|(.*)|nameserver 1|" 

        | cat - $tmp 

        > /etc/resolv.conf

    rm -f $tmp $func;;

    vpn-down) resolvconf -u;;

esac

I use Ubuntu 16.04, it works.

edited Jan 17 '17 at 18:37

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

add a comment |

There is a possibility to make NetworkManager working by manually replacing /etc/resolv.conf. Beware that this is quite a hack and cannot be considered as a valid solution for every situation.

#!/bin/bash

case "$2" in

    vpn-up)

    tmp=$(mktemp)

    func=$(mktemp)

    echo 'ping -c 1 -w 1 -q $1 > /dev/null ;

          if [ 0 -eq $? ]; then echo $1; fi' > $func

    grep -v "^#" /etc/resolv.conf > $tmp

    grep -rl type=vpn /etc/NetworkManager/system-connections 

        | xargs -n 1 sed -rne 's|dns=||p' 

        | sed -re 's|;|n|g' 

        | grep -v "^s*$" 

        | xargs -n 1 bash $func 

        | sed -re "s|(.*)|nameserver 1|" 

        | cat - $tmp 

        > /etc/resolv.conf

    rm -f $tmp $func;;

    vpn-down) resolvconf -u;;

esac

I use Ubuntu 16.04, it works.

edited Jan 17 '17 at 18:37

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

add a comment |

There is a possibility to make NetworkManager working by manually replacing /etc/resolv.conf. Beware that this is quite a hack and cannot be considered as a valid solution for every situation.

#!/bin/bash

case "$2" in

    vpn-up)

    tmp=$(mktemp)

    func=$(mktemp)

    echo 'ping -c 1 -w 1 -q $1 > /dev/null ;

          if [ 0 -eq $? ]; then echo $1; fi' > $func

    grep -v "^#" /etc/resolv.conf > $tmp

    grep -rl type=vpn /etc/NetworkManager/system-connections 

        | xargs -n 1 sed -rne 's|dns=||p' 

        | sed -re 's|;|n|g' 

        | grep -v "^s*$" 

        | xargs -n 1 bash $func 

        | sed -re "s|(.*)|nameserver 1|" 

        | cat - $tmp 

        > /etc/resolv.conf

    rm -f $tmp $func;;

    vpn-down) resolvconf -u;;

esac

I use Ubuntu 16.04, it works.

edited Jan 17 '17 at 18:37

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

There is a possibility to make NetworkManager working by manually replacing /etc/resolv.conf. Beware that this is quite a hack and cannot be considered as a valid solution for every situation.

#!/bin/bash

case "$2" in

    vpn-up)

    tmp=$(mktemp)

    func=$(mktemp)

    echo 'ping -c 1 -w 1 -q $1 > /dev/null ;

          if [ 0 -eq $? ]; then echo $1; fi' > $func

    grep -v "^#" /etc/resolv.conf > $tmp

    grep -rl type=vpn /etc/NetworkManager/system-connections 

        | xargs -n 1 sed -rne 's|dns=||p' 

        | sed -re 's|;|n|g' 

        | grep -v "^s*$" 

        | xargs -n 1 bash $func 

        | sed -re "s|(.*)|nameserver 1|" 

        | cat - $tmp 

        > /etc/resolv.conf

    rm -f $tmp $func;;

    vpn-down) resolvconf -u;;

esac

I use Ubuntu 16.04, it works.

edited Jan 17 '17 at 18:37

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

edited Jan 17 '17 at 18:37

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

answered Aug 9 '16 at 20:49

Sergey Fedorov

1113

add a comment |

Good luck!

Jasper

answered Dec 15 '13 at 17:52

Jasper

172

With answer from Bruce Li, the /etc/resolv.conf is automatically modified

– greuze
May 21 '14 at 11:01

add a comment |

Good luck!

Jasper

answered Dec 15 '13 at 17:52

Jasper

172

With answer from Bruce Li, the /etc/resolv.conf is automatically modified

– greuze
May 21 '14 at 11:01

add a comment |

Good luck!

Jasper

answered Dec 15 '13 at 17:52

Jasper

172

Good luck!

Jasper

answered Dec 15 '13 at 17:52

Jasper

172

answered Dec 15 '13 at 17:52

Jasper

172

answered Dec 15 '13 at 17:52

Jasper

172

answered Dec 15 '13 at 17:52

Jasper

172

With answer from Bruce Li, the /etc/resolv.conf is automatically modified

– greuze
May 21 '14 at 11:01

add a comment |

With answer from Bruce Li, the /etc/resolv.conf is automatically modified

– greuze
May 21 '14 at 11:01

With answer from Bruce Li, the /etc/resolv.conf is automatically modified

– greuze
May 21 '14 at 11:01

add a comment |

I have an OpenSUSE client that doesn't use resolvconf, nor systemd-networkd, but I was able to modify the common update-resolv-conf script to work with NetworkManager's nmcli command:

#!/usr/bin/env bash

#

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'



case $script_type in



up)

    for optionname in ${!foreign_option_*} ; do

        option="${!optionname}"

        echo $option

        part1=$(echo "$option" | cut -d " " -f 1)

        if [ "$part1" == "dhcp-option" ] ; then

            part2=$(echo "$option" | cut -d " " -f 2)

            part3=$(echo "$option" | cut -d " " -f 3)

            if [ "$part2" == "DNS" ] ; then

                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

            fi

            if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then

                IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"

            fi

        fi

    done

    if [ -n "$IF_DNS_SEARCH" ]; then

        nmcli connection modify "${dev}" ipv4.dns-search "$IF_DNS_SEARCH"

    fi

    if [ -n "$IF_DNS_NAMESERVERS" ]; then

        nmcli connection modify "${dev}" ipv4.dns "$IF_DNS_NAMESERVERS"

    fi

    nmcli connection up "${dev}" # Force NM to reevaluate the properties

    ;;

esac



# Workaround / jm@epiclabs.io 

# force exit with no errors. Due to an apparent conflict with the Network Manager

# $RESOLVCONF sometimes exits with error code 6 even though it has performed the

# action correctly and OpenVPN shuts down.

exit 0

It doesn't have a down handler because NetworkManager automatically removes the nameserver and search (DNS search) parameters on the termination of the connection.

edited Dec 14 '18 at 18:37

answered Dec 13 '18 at 21:09

palswim

2201415

add a comment |

I have an OpenSUSE client that doesn't use resolvconf, nor systemd-networkd, but I was able to modify the common update-resolv-conf script to work with NetworkManager's nmcli command:

#!/usr/bin/env bash

#

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'



case $script_type in



up)

    for optionname in ${!foreign_option_*} ; do

        option="${!optionname}"

        echo $option

        part1=$(echo "$option" | cut -d " " -f 1)

        if [ "$part1" == "dhcp-option" ] ; then

            part2=$(echo "$option" | cut -d " " -f 2)

            part3=$(echo "$option" | cut -d " " -f 3)

            if [ "$part2" == "DNS" ] ; then

                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

            fi

            if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then

                IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"

            fi

        fi

    done

    if [ -n "$IF_DNS_SEARCH" ]; then

        nmcli connection modify "${dev}" ipv4.dns-search "$IF_DNS_SEARCH"

    fi

    if [ -n "$IF_DNS_NAMESERVERS" ]; then

        nmcli connection modify "${dev}" ipv4.dns "$IF_DNS_NAMESERVERS"

    fi

    nmcli connection up "${dev}" # Force NM to reevaluate the properties

    ;;

esac



# Workaround / jm@epiclabs.io 

# force exit with no errors. Due to an apparent conflict with the Network Manager

# $RESOLVCONF sometimes exits with error code 6 even though it has performed the

# action correctly and OpenVPN shuts down.

exit 0

It doesn't have a down handler because NetworkManager automatically removes the nameserver and search (DNS search) parameters on the termination of the connection.

edited Dec 14 '18 at 18:37

answered Dec 13 '18 at 21:09

palswim

2201415

add a comment |

I have an OpenSUSE client that doesn't use resolvconf, nor systemd-networkd, but I was able to modify the common update-resolv-conf script to work with NetworkManager's nmcli command:

#!/usr/bin/env bash

#

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'



case $script_type in



up)

    for optionname in ${!foreign_option_*} ; do

        option="${!optionname}"

        echo $option

        part1=$(echo "$option" | cut -d " " -f 1)

        if [ "$part1" == "dhcp-option" ] ; then

            part2=$(echo "$option" | cut -d " " -f 2)

            part3=$(echo "$option" | cut -d " " -f 3)

            if [ "$part2" == "DNS" ] ; then

                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

            fi

            if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then

                IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"

            fi

        fi

    done

    if [ -n "$IF_DNS_SEARCH" ]; then

        nmcli connection modify "${dev}" ipv4.dns-search "$IF_DNS_SEARCH"

    fi

    if [ -n "$IF_DNS_NAMESERVERS" ]; then

        nmcli connection modify "${dev}" ipv4.dns "$IF_DNS_NAMESERVERS"

    fi

    nmcli connection up "${dev}" # Force NM to reevaluate the properties

    ;;

esac



# Workaround / jm@epiclabs.io 

# force exit with no errors. Due to an apparent conflict with the Network Manager

# $RESOLVCONF sometimes exits with error code 6 even though it has performed the

# action correctly and OpenVPN shuts down.

exit 0

It doesn't have a down handler because NetworkManager automatically removes the nameserver and search (DNS search) parameters on the termination of the connection.

edited Dec 14 '18 at 18:37

answered Dec 13 '18 at 21:09

palswim

2201415

I have an OpenSUSE client that doesn't use resolvconf, nor systemd-networkd, but I was able to modify the common update-resolv-conf script to work with NetworkManager's nmcli command:

#!/usr/bin/env bash

#

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'



case $script_type in



up)

    for optionname in ${!foreign_option_*} ; do

        option="${!optionname}"

        echo $option

        part1=$(echo "$option" | cut -d " " -f 1)

        if [ "$part1" == "dhcp-option" ] ; then

            part2=$(echo "$option" | cut -d " " -f 2)

            part3=$(echo "$option" | cut -d " " -f 3)

            if [ "$part2" == "DNS" ] ; then

                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

            fi

            if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then

                IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"

            fi

        fi

    done

    if [ -n "$IF_DNS_SEARCH" ]; then

        nmcli connection modify "${dev}" ipv4.dns-search "$IF_DNS_SEARCH"

    fi

    if [ -n "$IF_DNS_NAMESERVERS" ]; then

        nmcli connection modify "${dev}" ipv4.dns "$IF_DNS_NAMESERVERS"

    fi

    nmcli connection up "${dev}" # Force NM to reevaluate the properties

    ;;

esac



# Workaround / jm@epiclabs.io 

# force exit with no errors. Due to an apparent conflict with the Network Manager

# $RESOLVCONF sometimes exits with error code 6 even though it has performed the

# action correctly and OpenVPN shuts down.

exit 0

It doesn't have a down handler because NetworkManager automatically removes the nameserver and search (DNS search) parameters on the termination of the connection.

edited Dec 14 '18 at 18:37

answered Dec 13 '18 at 21:09

palswim

2201415

edited Dec 14 '18 at 18:37

answered Dec 13 '18 at 21:09

palswim

2201415

answered Dec 13 '18 at 21:09

palswim

2201415

answered Dec 13 '18 at 21:09

palswim

2201415

add a comment |

In this case once VPN connection is established, all DNS requests are directed to VPN-supplied DNS servers without any manipulations with dnsmasq, up/down/dispatch helper scripts.

answered 9 mins ago

Alter

New contributor

add a comment |

In this case once VPN connection is established, all DNS requests are directed to VPN-supplied DNS servers without any manipulations with dnsmasq, up/down/dispatch helper scripts.

answered 9 mins ago

Alter

New contributor

add a comment |

In this case once VPN connection is established, all DNS requests are directed to VPN-supplied DNS servers without any manipulations with dnsmasq, up/down/dispatch helper scripts.

answered 9 mins ago

Alter

New contributor

In this case once VPN connection is established, all DNS requests are directed to VPN-supplied DNS servers without any manipulations with dnsmasq, up/down/dispatch helper scripts.

answered 9 mins ago

Alter

New contributor

answered 9 mins ago

Alter

New contributor

answered 9 mins ago

Alter

answered 9 mins ago

Alter

New contributor

Alter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Ryfujk