Jump to content
Not connected, Your IP: 3.15.1.23
ayazey

fedora 35, openvpn, openresolv and others

Recommended Posts

I just switched to Fedora 35 a few days ago and discovered that openvpn 2.5.5 is installed by default.

I also discovered that resolvconf is available in Debian's repos but not in Fedora's. And so I installed openresolv-3.12.0

I appended the following lines to the configuration files:
 

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


When I ran sudo openvpn name-of-config-file.ovpn, the following error message appeared:
 
Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory (errno=2)
Options error: Please correct this error.


Question #1: What is the solution to the above?

Question #2: Do I need to disable systemd-resolved?

Question #3: Do I need to re-create /etc/resolv.conf file? If yes, what are the steps to go about re-creating it?

Thanks for your help.

Share this post


Link to post
1 hour ago, ayazey said:

Question #2: Do I need to disable systemd-resolved?


You need a different script altogether. See https://wiki.archlinux.org/title/OpenVPN#The_update-systemd-resolved_custom_script.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
1 hour ago, OpenSourcerer said:

You need a different script altogether.

Before I made the original post, I had read the recommendations by Staff on December 25, 2020

He recommended that one should disable systemd-resolved and re-create the /etc/resolv.conf file..

Are his recommendations still valid for people who use Fedora 35 and openvpn 2.5.5?

Share this post


Link to post
@ayazey

Hello!

Yes, the suggestion is still valid but with a caveat. Note that the original error comes from the fact that the script does not exist at all in /etc/openvpn. However, probably the script will not work even though systemd-resolved is disabled (IMPORTANT *), because
 
Quote

Note: Since systemd 229, systemd-networkd has exposed an API through DBus allowing management of DNS configuration on a per-link basis. Tools such as openresolv may not work reliably when /etc/resolv.conf is managed by systemd-resolved, and will not work at all if using resolve instead of dns in /etc/nsswitch.conf.

https://wiki.archlinux.org/title/OpenVPN#The_update-systemd-resolved_custom_script

so either you use the other script suggested by OpenSourcerer and the wiki (with systemd-resolved running), you make sure that /etc/nsswitch.conf does not use resolve, or you run the AirVPN Suite.

Also note that the AirVPN Suite (but not Eddie atm) is capable to handle any configuration among the several possible DNS handling combinations allowed by systemd-resolved and systemd-networkd - a few remaining "glitches" pertaining to DNS handling under peculiar settings will be also fixed in the incoming 1.1.1 release.

AirVPN Suite 1.1.0 has been tested under Fedora 35 (with nftables installed) and handles DNS push and DNS restore just fine. You might try it: besides offering important features like Network Lock, it might save you a lot of trial and error - and you need not disable systemd-resolved or change any other system default setting.
https://airvpn.org/suite/readme/

Kind regards

(*) Note to all Linux users: by default in Fedora 35 and possibly in other distributions if you want to stop systemd-resolved, a simple "stop" will not work, not even for a session, because systemd will re-start systemd-resolved, as it is a unit configured to re-start. That's why we write "disabled", and not "stopped".

Share this post


Link to post
6 hours ago, Staff said:
(*) Note to all Linux users: by default in Fedora 35 and possibly in other distributions if you want to stop systemd-resolved, a simple "stop" will not work, not even for a session, because systemd will re-start systemd-resolved, as it is a unit configured to re-start. That's why we write "disabled", and not "stopped".

Thanks for your detailed explanation.

What about applying the following command after "disabling" systemd-resolved?
 
sudo systemctl mask systemd-resolved.service


Will "mask" help to prevent other APIs from making calls to systemd-resolved?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...