[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Routing all traffic trough VPN

On 8/16/2018 8:53 AM, Piotr Martyniuk wrote:
On 2018-08-16, john doe <johndoe65534@mail.com> wrote:
On the vpn client are you getting the proper DNS in '/etc/resolv.conf'
when connected to your vpn server?

It changes (adds nameserver on top), but this does not
seems to be valid as the IP's I got are from the network 10.8.0.xx and
the one I got is the local IP of one of my machines at home.

What should be there instead? Can this update-resolv-conf script be
used to use different valid entry unstead?

To be sure that we are on the same page:

This configuration assumes that the clients will get "all configuration" from the server.
On the server in my config file I have:

$ grep -i 'dns\|redirect' *.conf
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"

If you have the 'resolvconf' package that should be all you need to do.
The script 'update-resolv-conf' should only be used if the 'resolvconf' pkg is not installed.

At the top of 'update-resolv-conf' I have:
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

Add those two lines in your server's config file.

# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
# Example envs set from openvpn:
#     foreign_option_1='dhcp-option DNS'
#     foreign_option_2='dhcp-option DNS'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

[ -x /sbin/resolvconf ] || exit 0"

If "/sbin/resolvconf" is executable, there is no need to use 'update-resolv-conf'.

John Doe

Reply to: