Skip to content. | Skip to navigation

IT Virtualization Blog

Personal tools

This is SunRain Plone Theme
You are here: Home / Users / lmarzke / howto / OpenVpn and pushed DNS options

OpenVpn and pushed DNS options

by lmarzke last modified Jun 20, 2010 07:34 PM
Howto configure OpenVPN on Ubuntu 10.04 (Lucid) to support pushed DNS options.

Problem

Out of the box OpenVPN on Ubuntu doesn't work with pushed DNS options.  This means that the far-end DNS services are not available.    This Howto shows a simple implementation to support pushed DNS options.

Note that Windows clients seem to use any pushed DNS options from OpenVPN, but Ubuntu clients do not.   This is mostly due to a missing package 'resolvconf'.

Tested with:

  • Ubunu 10.04 x64 (Lucid)
  • OpenVPN 2.1.0-1
  • Resolvconf 1.45

Procedure

  1. Install OpenVPN and verify normal operation.
  2. Install Resolvconf
    aptitude install resolvconf
  3. Save existing /etc/resolv.conf file to  /etc/resolv.conf.orig
    cd /etc
    cp resolv.con resolv.conf.orig
    
  4. Link the auto-generated file to resolv.conf
    ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
  5. The OpenVPN distribution already includes a file /etc/openvpn/update-resolv-conf.   Add the following lines to each of your openvpn configuration as follows:
    # up /etc/openvpn/update-resolv-conf
    # down /etc/openvpn/update-resolv-conf
    

Environment Variables

The following environment variables are pushed by OpenVPN into the environment available to the update-resolv-conf  script.
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

Notes

  1. When Network manager attaches to a WiFi AP,  the APs' DHCP options will be automatically added to /etc/resolv.conf by the resolvconf package.

  2. When OpenVPN brings up a new tunnel setup as described above,  any DNS options will be prefixed as nameservers before any pre-existing nameservers.   Any "Domain" options will be added prefixed as 'search' criteria in the /etc/resolv.conf file.

    For example here is my /etc/resolv.conf file after setting up a tunnel at Borders WiFi.
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 10.24.0.1                                :Note 1
    nameserver 192.168.5.1               
    nameserver 64.134.255.2
    search 4aero.com bn02050.wyomipa.wayport.net        :Note 2
    
    Note 1:  This is the nameserver pushed by OpenVPN
    Note 2:  4aero.com is the domain pushed by OpenVPN

  3. When the OpenVPN tunnel is closed, the /etc/resolv.conf will be restored to the original value.

 

 

 

 

Document Actions