Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

To: debian-user@lists.debian.org
Subject: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
From: Anssi Saari <as@sci.fi>
Date: Fri, 01 Oct 2021 08:52:04 +0300
Message-id: <[🔎] sm0czope1dq.fsf@lakka.kapsi.fi>
References: <trinity-de3d8b23-7025-4e21-9738-d2eacd5db57c-1632922778512@3c-app-mailcom-bs08> <sm0sfxmdzua.fsf@lakka.kapsi.fi> <trinity-f84cfdcf-c24c-495f-94aa-563edcd458fd-1633009104417@3c-app-mailcom-bs04>

Stella Ashburne <rewefie@gmx.com> writes:

> Yes, I was referring to using the old script update-resolv-conf with OpenVPN.
>
>> I never got that to do the right thing with any
>> reliability.
>>
> Please explain what you meant by your statement.
>
> I've been using update-resolv-conf with OpenVPN without problems for
> the past four to five years. The dozen or two commercial VPN providers
> insist that I use update-resolv-conf to prevent DNS and data leaks.

If it works for you, great. My problem was that I usually ended up with
the VPN's DNS and my router in resolv.conf so DNS leak was
automatic. Also it didn't always remove the VPN DNS from resolv.conf
when the VPN went down, with the end result that nothing could be
resolved and openvpn couldn't reconnect. I think I mangled the script a
little which helped but update-systemd-resolved just works. For me.

> ? With systemd-resolved you can use update-systemd-resolved
>> which actually seems to work.
>>
> Would you like to share with me how to invoke/launch systemd-resolved
> and update-systemd-resolved in combination with OpenVPN please? Do I
> need to install packages in order to have systemd-resolved and
> update-systemd-resolved?

Systemd-resolved is part of systemd and it's invoked as usual by
systemctl, the service name is systemd-resolved.service. It also has the
benefit that you can configure interface specific DNS so you can still
use a local DNS for local names. Brilliant feature if you use VPNs but
still want to use your LAN too.

Systemd-resolved's usual config is to use it as stub resolver so you
have nameserver 127.0.0.53 in /etc/resolv.conf and actual resolving
config can be shown by resolvectl status. It definitely doesn't make
life simpler but for me it works.

update-systemd-resolved is in Debian package
openvpn-systemd-resolved. To use it with openvpn and systemd-resolved it
just needs a few options in openvpn's config like this:

script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart 
down /etc/openvpn/update-systemd-resolved
down-pre

Reply to:

Prev by Date: Clone Debian 10 partitions to another HD
Next by Date: Re: "Proper" filesystem for Debian installed on a flash drive
Previous by thread: Re: Clone Debian 10 partitions to another HD
Next by thread: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
Index(es):
- Date
- Thread