You are not logged in.

#1 2021-02-10 06:02:16

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

[Solved] OpenVPN doesn't update /etc/resolv.conf

Hi. I've configured OpenVPN and my *.ovpn file with update-resolv-conf as per the wiki says here. But, still it doesn't change resolv.conf accordingly. I have openresolv, networkmanager, dnscrypt-proxy and unbound. Plz somebody help me with this issue.

Last edited by EnthusioArcher (2021-02-13 05:52:02)

Offline

#2 2021-02-10 06:48:24

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

If you have everything configured correctly .... why should it?

`resovlconf -l` will list everything

/etc/resolv.conf should just list 127.0.0.1 and your unbound configuration will have the actual upstream nameservers.

Offline

#3 2021-02-10 07:02:17

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:

If you have everything configured correctly .... why should it?

`resovlconf -l` will list everything

/etc/resolv.conf should just list 127.0.0.1 and your unbound configuration will have the actual upstream nameservers.

I'm not asking about configuring Unbound. I'm asking about changing of DNS when OpenVPN is connected. OpenVPN when configured with update-resolv-conf script, it should update /etc/resolv.conf with VPN's DNS servers.

Offline

#4 2021-02-10 07:19:35

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

Maybe you don't understand the role of the software you claim you have installed - you claimed OpenVPN, openresolv and unbound.

openresolv takes resolv.conf input from many sources, such as OpenVPN or dhcpcd and forms /etc/resolv.conf from this and it's own configuration file.
If you have configured resolvconf.conf for unbound correctly, /etc/resolv.conf will only ever list the nameserver 127.0.0.1

Seeing as I wrote openresolv, I t hink that makes me pretty qualified to talk about it smile
https://roy.marples.name/projects/openr … iguration/

Offline

#5 2021-02-10 07:25:08

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:

Maybe you don't understand the role of the software you claim you have installed - you claimed OpenVPN, openresolv and unbound.

openresolv takes resolv.conf input from many sources, such as OpenVPN or dhcpcd and forms /etc/resolv.conf from this and it's own configuration file.
If you have configured resolvconf.conf for unbound correctly, /etc/resolv.conf will only ever list the nameserver 127.0.0.1

Seeing as I wrote openresolv, I t hink that makes me pretty qualified to talk about it smile
https://roy.marples.name/projects/openr … iguration/

Sure. Actually, there is another script involved called openvpn-update-resolv-conf which takes the role to update resolv.conf with VPN's DNS server addresses via openresolv whenever OpenVPN is connected. I would request you to see this - https://wiki.archlinux.org/index.php/Op … tom_script.

Offline

#6 2021-02-10 07:41:12

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

Good lord those scripts are bad.

Anyway, my point still stands.

`resolvconf -l` will list all the inputs. If you don't see any from your tuntap interface then either they are not set upstream or there is an issue with that script.
Does `resolvconf -l` list input from your tuntap interface? It might be called tun0.inet for example

Offline

#7 2021-02-10 07:59:28

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:

Good lord those scripts are bad.

Anyway, my point still stands.

`resolvconf -l` will list all the inputs. If you don't see any from your tuntap interface then either they are not set upstream or there is an issue with that script.
Does `resolvconf -l` list input from your tuntap interface? It might be called tun0.inet for example

I see the following when running resolvconf -l

# resolv.conf from tun0.inet
nameserver 10.18.0.1

# resolv.conf from NetworkManager
# Generated by NetworkManager
nameserver 192.168.0.1

Offline

#8 2021-02-10 08:26:16

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

Excellent! So you have two nameservers from two different sources.

`resolvconf -v` should list NAMESERVERS=10.18.0.1 only as it was marked exclusive.
The unbound configuration file defined in /etc/resolvconf.conf should also list this as the only forwarder.
/etc/resolv.conf should only show 127.0.0.1

Offline

#9 2021-02-10 08:30:24

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:

Excellent! So you have two nameservers from two different sources.

`resolvconf -v` should list NAMESERVERS=10.18.0.1 only as it was marked exclusive.
The unbound configuration file defined in /etc/resolvconf.conf should also list this as the only forwarder.
/etc/resolv.conf should only show 127.0.0.1

I want /etc/resolv.conf to show 10.18.0.1 instead of 127.0.0.1 as long as VPN is connected. How can I achieve that? Plz help me. Bcz otherwise my DNS is leaking.

Last edited by EnthusioArcher (2021-02-10 08:36:40)

Offline

#10 2021-02-10 08:40:35

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

Why? In your setup all queries should be answered by unbound. unbound gets its nameservers from openresolv. You should be able to tell which nameservers are configured in unbound with

unbound-control list_forwards
# or maybe 
unbound-control forward

Last edited by progandy (2021-02-10 08:42:07)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#11 2021-02-10 08:42:18

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

progandy wrote:

Why? In your setup all queries should be answered by unbound. unbound gets its nameservers from openresolv. You should be able to tell which nameservers are configured in unbound with

unbound-control list_forwards

Bcz, when connected to VPN, I want to only use the VPN's DNS server.

Offline

#12 2021-02-10 11:24:53

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

I feel that you're not fully grasping how it works.

Using unbound here sets your DNS server up a DNS cache.
Without it, each DNS request will go over the VPN.

For example
resolve foo.bar -> unbound -> VPN -> unbound -> resolved
resolve foo.bar again -> unbound -> resolved

Because unbound only has a forwarder to the VPN there is no leak.

Offline

#13 2021-02-11 05:23:23

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:

I feel that you're not fully grasping how it works.

Using unbound here sets your DNS server up a DNS cache.
Without it, each DNS request will go over the VPN.

For example
resolve foo.bar -> unbound -> VPN -> unbound -> resolved
resolve foo.bar again -> unbound -> resolved

Because unbound only has a forwarder to the VPN there is no leak.

Oh, I see. Now, i realized the matter. Actually, I quite forgot Unbound's role. ? But, suppose, if I still want to modify resolv.conf with that nameserver, what should I do?

Offline

#14 2021-02-11 08:53:50

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

Edit /etc/resolvconf.conf and ensure name_servers="127.0.0.1" is commented out.
May as well comment out any unbound config file bits too.

Check `resolvconf -l` output and ensure that no local nameserver is listed there either.

Finally do `resolvconf -u` and you'll get what you want.

Offline

#15 2021-02-11 09:26:55

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

Or possibly keep resolvconf configured for unbound and write your own openvpn hook to change resolv.conf directly.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#16 2021-02-11 09:52:49

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

progandy wrote:

Or possibly keep resolvconf configured for unbound and write your own openvpn hook to change resolv.conf directly.

How can I do that?

Offline

#17 2021-02-11 10:41:09

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

progandy wrote:

Or possibly keep resolvconf configured for unbound and write your own openvpn hook to change resolv.conf directly.

Then he'll have a confusing state vs any DHCP he's running.
Let resolvconf do it's job.

Offline

#18 2021-02-11 12:01:36

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:

Edit /etc/resolvconf.conf and ensure name_servers="127.0.0.1" is commented out.
May as well comment out any unbound config file bits too.

Check `resolvconf -l` output and ensure that no local nameserver is listed there either.

Finally do `resolvconf -u` and you'll get what you want.

I want OpenVPN to edit resolv.conf automatically with Nameservers. Is it possible?

Offline

#19 2021-02-11 22:42:11

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

EnthusioArcher wrote:
rsmarples wrote:

Edit /etc/resolvconf.conf and ensure name_servers="127.0.0.1" is commented out.
May as well comment out any unbound config file bits too.

Check `resolvconf -l` output and ensure that no local nameserver is listed there either.

Finally do `resolvconf -u` and you'll get what you want.

I want OpenVPN to edit resolv.conf automatically with Nameservers. Is it possible?

Yes.

All the information you need is already stated here.

Offline

#20 2021-02-13 05:51:05

EnthusioArcher
Member
Registered: 2021-01-17
Posts: 14

Re: [Solved] OpenVPN doesn't update /etc/resolv.conf

rsmarples wrote:
EnthusioArcher wrote:
rsmarples wrote:

Edit /etc/resolvconf.conf and ensure name_servers="127.0.0.1" is commented out.
May as well comment out any unbound config file bits too.

Check `resolvconf -l` output and ensure that no local nameserver is listed there either.

Finally do `resolvconf -u` and you'll get what you want.

I want OpenVPN to edit resolv.conf automatically with Nameservers. Is it possible?

Yes.

All the information you need is already stated here.

Ok. Thx for helping me so far.

Offline

Board footer

Powered by FluxBB