OpenVPN client force DNS servers in Linux
If you are having problems with DNS servers not being applied to systemd-resolvd you could try the following steps, this worked for me on Linux Mint 21.2.
Thank you Pippin from the Mint forums
1 and Jonathan Wright2 (website3) for the alternative config.Troubleshooting
Make sure that either your OpenVPN server pushes DNS servers, or your client config contains the DNS servers.
# OpenVPN server.conf
push "dhcp-option DNS 10.255.0.1"
# Client .ovpn / .conf
dhcp-option DNS 10.255.0.1
The following command is useful to see which DNS servers resolvd is querying against;
resolvectl status
Outputs the following, tun0 is my OpenVPN connection;
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (eno1)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (wlp2s0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
DNS Servers: 192.168.1.1
Link 17 (tun0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.255.0.1
DNS Servers: 10.255.0.1
1) The up and down script
Make sure your client config (.ovnp or .conf) has the up down script, this should be sufficient when you are working on Ubuntu.
Add the following lines to your configuration;
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Restart your VPN connection and check if resolvectl status
shows your pushed DNS servers.
2) Alternative script
Which worked for me, there is an alternative script that uses DBUS to update the resolved configuration. In case the script is removed from Github I have a copy at this page.
# Backup the orignal script
sudo cp /etc/openvpn/update-resolv-conf /etc/openvpn/update-resolv-conf-original
# Overwrite the the original script with the alternative
sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -O /etc/openvpn/update-resolv-conf
# Make it executable
sudo chmod +x /etc/openvpn/update-resolv-conf
Now restart your VPN connection and see if the changes apply once again using resolvectl status
.
Read also
https://forums.linuxmint.com/viewtopic.php?p=1717556#p1717556
cached copy