OpenVpn and pushed DNS options
Out of the box OpenVPN on Ubuntu doesn't work with pushed DNS options. This means that the far-end DNS services are not available. This Howto shows a simple implementation to support pushed DNS options.
Note that Windows clients seem to use any pushed DNS options from OpenVPN, but Ubuntu clients do not. This is mostly due to a missing package 'resolvconf'.
- Ubunu 10.04 x64 (Lucid)
- OpenVPN 2.1.0-1
- Resolvconf 1.45
- Install OpenVPN and verify normal operation.
- Install Resolvconf
aptitude install resolvconf
- Save existing /etc/resolv.conf file to /etc/resolv.conf.orig
cd /etc cp resolv.con resolv.conf.orig
- Link the auto-generated file to resolv.conf
ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
- The OpenVPN distribution already includes a file /etc/openvpn/update-resolv-conf. Add the following lines to each of your openvpn configuration as follows:
# up /etc/openvpn/update-resolv-conf # down /etc/openvpn/update-resolv-conf
Environment VariablesThe following environment variables are pushed by OpenVPN into the environment available to the update-resolv-conf script.
# foreign_option_1='dhcp-option DNS 126.96.36.199' # foreign_option_2='dhcp-option DNS 188.8.131.52' # foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
- When Network manager attaches to a WiFi AP, the APs' DHCP options will be automatically added to /etc/resolv.conf by the resolvconf package.
- When OpenVPN brings up a new tunnel setup as described above, any DNS options will be prefixed as nameservers before any pre-existing nameservers. Any "Domain" options will be added prefixed as 'search' criteria in the /etc/resolv.conf file.
For example here is my /etc/resolv.conf file after setting up a tunnel at Borders WiFi.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.24.0.1 :Note 1 nameserver 192.168.5.1 nameserver 184.108.40.206 search 4aero.com bn02050.wyomipa.wayport.net :Note 2Note 1: This is the nameserver pushed by OpenVPN
Note 2: 4aero.com is the domain pushed by OpenVPN
- When the OpenVPN tunnel is closed, the /etc/resolv.conf will be restored to the original value.