I installed OpenVPN on my server via this auto install script and copied the generated config file to my client, also running OpenVPN. I want to route all client traffic through the VPN, and I want the names to be resolved server-side. All traffic seems to be routed successfully, but the names are resolved by whatever DNS server I specify in the client's resolv.conf
. How can I make it so they are resolved server-side? Relevant server-side configuration:
root@marius:~# cat /etc/openvpn/server.conf | grep dhcp
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
I'm not familiar with VPN servers, I'm not sure if that "push" is necessary, as I don't use DHCP client-side. Client-side resolv.conf
(manually set, never changes):
domain domain.name
search domain.name
# Local cache (dnsmasq)
nameserver 127.0.0.1
# VPN (doesn't work)
#nameserver 10.8.0.1
# ISP (doesn't work with VPN)
#nameserver 200.175.89.139
#nameserver 200.175.5.139
# Google (works with VPN)
nameserver 8.8.8.8
nameserver 8.8.4.4
According to OpenVPN's official HOWTO:
When redirect-gateway is used, OpenVPN clients will route DNS queries through the VPN, and the VPN server will need handle them. This can be accomplished by pushing a DNS server address to connecting clients which will replace their normal DNS server settings during the time that the VPN is active. For example:
push "dhcp-option DNS 10.8.0.1"
will configure Windows clients (or non-Windows clients with some extra server-side scripting) to use 10.8.0.1 as their DNS server. Any address which is reachable from clients may be used as the DNS server address.
But that doesn't seem to work, as aforementioned. I presume I must set up my (VPN) server to also be a DNS server in order for that to work. But is that necessary? Why can't the VPN server handle forwarded DNS queries via it's resolv.conf
(without being a DNS server, just as it handles everything else without being an everything else server)? I'm a bit lost here.
I can provide any additional configuration files if necessary.