[Solved] don't understand result of openvpn-update-systemd-resolved

ratcheer · 2020-12-17 16:10:05

Yesterday, I re-did the networking infrastructure of my host. I switched from conman and conman-vpn to systemd-networkd, systemd-resolved, and script openvpn-update-systemd-resolved. I also linked /etc/resolv.conf to stub-resolv.conf, as recommended in the GITHub instructions for the script.

Everything seems to work, except I am unsure whether the DNS is being set to the DNS of the VPN provider. Whether the openvpn client is running or not, /etc/resolv.conf contains "nameserver 127.0.0.53". Is this correct, or have I made some mistake in my implementation?

When the client is started, the output indicates that the DNS is changed:

2020-12-17 08:40:16 /etc/openvpn/scripts/update-systemd-resolved tun0 1500 1585 10.20.0.25 255.255.0.0 init
<14>Dec 17 08:40:16 update-systemd-resolved: Link 'tun0' coming up
<14>Dec 17 08:40:16 update-systemd-resolved: Adding IPv4 DNS Server 10.20.0.1
<14>Dec 17 08:40:16 update-systemd-resolved: SetLinkDNS(4 1 2 4 10 20 0 1)
2020-12-17 08:40:17 net_route_v4_add: 185.159.157.13/32 via 192.168.1.1 dev [NULL] table 0 metric -1
2020-12-17 08:40:17 net_route_v4_add: 0.0.0.0/1 via 10.20.0.1 dev [NULL] table 0 metric -1
2020-12-17 08:40:17 net_route_v4_add: 128.0.0.0/1 via 10.20.0.1 dev [NULL] table 0 metric -1

I did implement the PolicyKit rule described in the wiki article: https://wiki.archlinux.org/index.php/Op … tom_script

Last edited by ratcheer (2020-12-20 21:12:30)

ratcheer · 2020-12-19 20:49:04

Gee, thanks for all the help.

After digging for a couple of days, I have been able to show that DNS is being correctly handled. I found command "resolvectl status" which shows it. I also have confirmed it with dnsleaktest.com

2ManyDogs · 2020-12-19 23:17:46

ratcheer wrote:

Gee, thanks for all the help.

Gee, thanks for remembering that everyone here is a volunteer.

https://wiki.archlinux.org/index.php/Co … way_street

ratcheer · 2020-12-20 00:32:10

Sorry. But I was doing my research and I did report back my findings (when I finally found them). My post told all the relevant info that I could think of about my question.

I was frustrated that no one even gave any advice on what I might try to look for. More than 200 views had occurred, and nothing.

I apologize for the tone of my reply.

Last edited by ratcheer (2020-12-20 00:35:05)

Lone_Wolf · 2020-12-20 12:44:31

There aren't many forum users that respond to posts in this sub-board.
I often try, but didn't even read the post since the title mentioned sytemd-resolved (which I abhor) and vpn (which I have little xp with) .

If I had read it, I would have answered something like this :

Everything seems to work, except I am unsure whether the DNS is being set to the DNS ov the VPN provider. Whether the openvpn client is running or not,
/etc/resolv.conf contains "nameserver 127.0.0.53". Is this correct, or have I made some mistake in my implementation?

I also linked /etc/resolv.conf to stub-resolv.conf, as recommended in the GITHub instructions for the script.

The nameserver being set to 127.0.0.53 is a direct consequence of creating that symlink, so expected behaviour.
Sorry, no idea how to verify "whether the DNS is being set to the DNS ov the VPN provider."

ratcheer · 2020-12-20 15:18:16

Thank you, Lone_Wolf. Yes, I could tell that the reason resolv.conf was not changing due to the symlink. My confusion was that, as a long time Linux (and Arch Linux) user, I have always been able to view resolv.conf and tell for sure whether the openvpn scripts were, indeed functioning. Linux has been changing quickly over the past few years, and the old ways no longer work.

It is ironic to me that the reason I started a week ago to change my networking infrastructure was to try to move back to the old ways that I understand, better. On my old Arch host, I managed my ethernet connection with net-up and net-down shell scripts, a wired.network configuration file, and a simple systemd service file to run them. But I could not get any of that to work on my new system. As I twisted and wiggled to get things working, I have ended up with a pure, modern, systemd network system that follows all of the Wiki recommendations. It is working as smooth as glass, but I have little understanding of everything that is going on.

The reason it took me two days to discover resolvectl is because I had never heard of it before yesterday. It is hard to research something when you don't know it exists. But it clearly shows me that the openvpn tunnel is, indeed, using the DNS that is assigned when the openvpn client script is run.

I am an "old school" administrator who has been managing UNIX and Linux systems since the early 80s. I built my career on understanding "what is going on", both on the surface and "under the covers". That was the primary motivation behind the original question of this post.

Thanks, again.

Arch Linux

#1 2020-12-17 16:10:05

[Solved] don't understand result of openvpn-update-systemd-resolved

#2 2020-12-19 20:49:04

Re: [Solved] don't understand result of openvpn-update-systemd-resolved

#3 2020-12-19 23:17:46

Re: [Solved] don't understand result of openvpn-update-systemd-resolved

#4 2020-12-20 00:32:10

Re: [Solved] don't understand result of openvpn-update-systemd-resolved

#5 2020-12-20 12:44:31

Re: [Solved] don't understand result of openvpn-update-systemd-resolved

#6 2020-12-20 15:18:16

Re: [Solved] don't understand result of openvpn-update-systemd-resolved

Board footer