Jump to content
Not connected, Your IP: 3.237.235.148
Sign in to follow this  
mblue

openvpn script to modify dns entries

Recommended Posts

I found this thread and setup accordingly so openvpn can add the airvpn DNS servers to /etc/resolv.conf

 

1) Created /etc/openvpn/update-resolv-conf.sh

2) Edited it to contain the two DNS servers mentioned above in the 'foreign_option_1' and 'foreign_option_2' variables.

3) modified /etc/openvpn/airvnp.conf to contain these three lines

 

script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.sh

 

It works as expected except, the original nameserver (192.168.0.1) is at the bottom of the file.  Is that expected?

 

 

# Generated by resolvconf
nameserver 10.4.0.1
nameserver 10.5.0.1
nameserver 192.168.0.1

Share this post


Link to post

I would remove nameserver 192.168.0.1

 

Its most likely attempting to get the nameservers from your router or another device in front of the pc. If that other device is using/sending your isp's dns server its less than ideal.

 

If the pc is always connected to the vpn such a script isn't needed. Just modify the resolv.conf so the air dns servers are the only nameservers in there.

 

If you need dns connectivity w/o a vpn try and figure out where that 192.168.0.1 is coming from. Its probably in the default resolv.conf. I haven't looked at that script but ideally you only want the air dns servers in the resolv.conf while connected.

 

Dns tests here:

http://ipleak.net/

https://www.dnsleaktest.com/

http://entropy.dns-oarc.net/test/

Share this post


Link to post

Agreed.  Problem is that when the machine boots, resolv.conf is generated from systemd-resolved.service so Ireally need the script to comment out the default one or remove/readd it.  I'm thinking that others would experience this as well and have a solution that working within the script method.

Share this post


Link to post

You could probably just disable that service at boot or in general.

 

If there's a network manager installed on that system setting the dns to manual and tossing in dns servers might also do the trick.

 

The only other option I can think of is writing a different type of script and 2 resolv.conf files. Then have the script cp 'copy' the vpn dns resolv.conf over the default one while the vpn is up. Then when the vpn is down - copy a standard dns server resolv.conf back in place.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...