Jump to content
Not connected, Your IP: 44.222.212.138
Sign in to follow this  
Staff

How to accept DNS push on Linux systems with resolvconf

Recommended Posts

NOTE: if you run Eddie or Hummingbird you don't need this guide, but you might need to get rid of update-systemd-resolved which, in one of its various working modes, can interfere fatally with DNS handling.

This post describes how to accept OpenVPN servers DNS push on Linux, OpenBSD, FreeBSD and some other POSIX-compliant OS when:

  • resolvconf package OR openresolv package is installed
  • OpenVPN is run directly (i.e. NOT through any OpenVPN GUI/wrapper such as network-manager)
  • OpenVPN version is 2.1 or higher

Warning: the specified "update-resolv-conf" script path refers to many Linux distributions and OpenVPN package installation, but NOT to all of them. Please check the correct path of the mentioned file before proceeding (for example: it could be /usr/share/openvpn instead of /etc/openvpn). If the script is not on your system, you'll need to create it. See the typical script here: https://wiki.archlinux.org/index.php/OpenVPN#DNS
 
Important: in the same above linked page, note that if you have a system based on systemd you might need some important modifications:

Quote

Update systemd-resolved script

Since systemd 229, systemd-networkd has exposed an API through DBus allowing management of DNS configuration on a per-link basis. Tools such as openresolv may not work reliably when /etc/resolv.conf is managed by systemd-resolved, and will not work at all if using resolve instead of dns in /etc/nsswitch.conf. The update-systemd-resolved script is another alternative and links OpenVPN with systemd-resolved via DBus to update the DNS records.

 
Add to your OpenVPN configuration file(s), either in field "Custom Directives" of the Configuration Generator or by editing the configuration directly, the following lines:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

 
In this way update-resolv-conf will record the DNS push and through resolvconf or openresolv will modify the nameserver accordingly. When OpenVPN quits, update-resolv-conf restores the previous nameserver line(s).

Kind regards

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...