Re: OpenVPN dhcp
On Fri, Jul 27, 2018 at 02:38:37PM -0400, Jim Popovitch wrote:
> Hello,
>
> Is there a way to have an OpenVPN server push dhcp-options to the
> clients that completely replace any existing entries in
> /etc/resolv.conf?
>
The short answer is, "as long as you use NetworkManager, no."
I no longer have the link, but some time ago I found a page that
explains it very clearly.
Search terms: "openvpn networkmanager dns leak"
Effectively, NetworkManager lacks a concept of "replace the active DNS
settings when this connection becomes active." Instead, what it does is
add the DNS servers to those already listed. There is supposed to be a
way to specify the IPv4 DNS servers (you can do this in the NM gui),
then you set the IPv4 DNS priority to -1 (meaning clear everything else
out and use these instead) by editing the text configuration file.
The problems with that, though, are the result of the -1 priority
appears to prevent any other connection from having IPv4 DNS servers in
resolv.conf. That may or may not be a problem for you. That approach
also prevents you from taking advantage of DHCP push of DNS servers from
the VPN server.
I have seen some bugs requesting that they fix it, and even a commit
that might be what you are asking for. However, I don't know when it
might make its way into a Debian stable release (or even unstable).
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: