You are not logged in.

Pages: 1

#1 2020-05-11 14:58:23

rep_movsd
Member
Registered: 2013-08-24
Posts: 134

Issues with OpenVPN resolv.conf

I use a VPN to access my workplace network with OpenVPN.

I usually fire up OpenVPN in a yakuake tab when I start working, along with several other tabs to run local development servers.

Since a few weeks I have some issues with yakuake and it crashes, taking everything down.

This leaves my resolv.conf with

# Generated by resolvconf
nameserver 10.20.0.10

Once this happens, I manually replace it with 8.8.8.8

Thereafter in the same session, if I use the VPN again, it will overwrite 8.8.8.8 with 10.20.0.10 and when it shuts down it will say:

Mon May 11 20:19:14 2020 /etc/openvpn/update-resolv-conf tun2 1500 1542 10.8.0.26 10.8.0.25 init

But it won't restore the 8.8.8.8 in resolv.conf!

Once I reboot, the behaviour goes back to normal, and the OpenVPN client will update resolv.conf correctly.
I have tried using the alternative systemd-resolvd based update scripts, and that doesnt work either in this situation.
It seems like once the OpenVPN client is killed forcefully, it goes into a bad state and wont restore the resolv.conf - what could be wrong?

In a slightly related question - how do I ensure that only traffic to the domain "mycompany.io" actually goes via the VPNs DNS  and none of my other traffic?
I don't want my privacy to be violated if my web browsing is hitting a DNS server on my companys servers.

What should I set such that only specified domains will be queried on the VPN DNS?

Thanks in advance

Offline

#2 2020-05-16 20:04:46

sinx
Member
Registered: 2019-06-02
Posts: 17

Re: Issues with OpenVPN resolv.conf

Hello,

For you initial issue, I have no clue.
But here is something about the second question :
Te ensure your personal internet traffic does not go via your company VPN you can check your routing table, basically :

 route

will show, for each possible destination IP address (first column), which network interface is used (last column).
If everything is well configured you should see your real interface (example : eth0) for "standard" destinations, and a virtual interface corresponding to your VPN connection for the destinations belonging to your company domain.
If not you can add or delete routing rules with 

 route add

or 

 route del

(see route manpage or tutorials).

In all case, remember that if you use your company nameserver, it will have access to every DNS request you make, i.e. to the list of every online service you use (I don't know what server is 10.20.0.10)

Offline

Pages: 1

Board footer

Powered by FluxBB