4

When I try to push a DNS server via the OpenVPN server-config I don't get that server to be the first DNS server on the connected client system. It ends up being specified as an alternative DNS server. 

push "dhcp-option DNS 89.238.75.146" # DNS-Server 1 (local djbdns)

To overcome certain network restrictions, if they're at place, I use 443 TCP. - That means that my DNS queries are sent via TCP (if I manually reconfigure the DNS server), which doesn't scale very well from a performance perspective.

Are there any kewl solutions for that?

Marius

Improve this question
4
  • Bit unclear... are you saying you run DNS on port 443 (https)? Anyway, what OS are your clients running?
    – emgee
    Commented Nov 2, 2009 at 21:03
  • - the OpenVPN daemon on the remote server works on 443. The DNSd runs on a Linux box. If I route the traffic through the OpenVPN tunnel the DNS traffic is tunneld through 443, too.
    – wishi
    Commented Nov 2, 2009 at 21:08
  • Gotcha, so the main problem you are trying to overcome is pushed DNS settings don't show up as primary, but as secondary?
    – emgee
    Commented Nov 2, 2009 at 21:29
  • That, and even if I configure it - TCP and DNS don't scale together.
    – wishi
    Commented Nov 2, 2009 at 21:56

2 Answers 2

Reset to default
4

I've noticed that it differs based on "client". If I use network manager I get the DNS but if I use "regular" openvpn service (in Ubuntu) I don't get the DNS. I haven't look deeper into this since I usually let network manager connect my vpn.

Improve this answer
4
  • sorry for accepting this answer rather late... I think something is wrong here with my account connection on StackOF and so on...
    – wishi
    Commented Oct 23, 2010 at 10:01
  • 1
    I wanted to vote up Jimmy's answer, but since I can't, I'd like to give thumbs up in this post: Effectively, the NetworkManager openvpn plugin DOES update the /etc/resolv.conf with the DNS options pushed by openvpn server.
    – Arno Teigseth
    Commented Mar 11, 2013 at 13:01
  • Agree, NetworkManager manages to get that right sigh here's hoping for clean .ovpn compatibility someday...
    – Charney Kaye
    Commented Aug 2, 2015 at 21:43
  • See serverfault.com/a/590722/82338
    – Gajus
    Commented Jun 29, 2016 at 21:10
0

If one is committed to the openvpn terminal vector, put a bash script called ~/bin/m0vpn (for a VPN called m0) so I connect by simply opening a terminal and typing:

m0vpn

Here is the script:

#!/bin/bash
OVPNFILE="$HOME/.config/vpn/m0/client.ovpn"
TEMPRESOLV="nameserver 10.0.0.2\ndomain prd1.m0\n"
# The next two lines create a temporary /etc/resolv.conf which includes the original.
# For extra security you may modify this behavior (to use Only your own DNS server)
# ^ But then, you must connect to an IP address (no hostname) from your .ovpn file!
sudo printf "$TEMPRESOLV" | cat - /run/resolvconf/resolv.conf > /tmp/resolv.conf
sudo mv /tmp/resolv.conf /etc/resolv.conf
printf "Temporary /etc/resolv.conf:\n$TEMPRESOLV"
sudo openvpn $OVPNFILE
sudo ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
echo "Reset resolv.conf"

And perhaps someday NetworkManager will simply be able to use the .ovpn file.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .