I'm using a OpenVPN connection between my laptop and my server. The configuration was working until today (i simply ran apt update && apt upgrade
), but since then my DNS settings are "wrong" after connecting to the OpenVPN.
After connecting to the OpenVPN Server, i have two "catch all" DNS Domain entries (DNS Domain: ~.
) in my systemd-resolve
configuration.
Stripped output of systemd-resolve --status
:
Link 11 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.X.Y
DNS Domain: ~.
Link 2 (enp0s25)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.16.X.Y
10.16.X.Y
DNS Domain: ~.
Therefore DNS queries now aren't savely tunneled through the VPN but also may be transfered via the normal network.
This leads to a DNSLeak and even worse: VPN-Internal Hostnames aren't resolved correctly (every now and then).
I only know of options to add the DNS Domain: ~.
entry to the tun0-Interface for resolved. But how do i remove an already existing one from the real interface?
I'm already using this config to update systemd-resolved in my OpenVPN client.conf:
# Upate systemd-resolvd
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
Anybody got an idea how to solve this?
// Update:
Looks like this is a longer known problem with NetworkManager starting to attach the root DNS Domain to links at random. There is an interesting discussion about it in a GitHub Issue in the repo of the developer of the update-systemd-resolved
script.
// Probably this commit to NetworkManager broke it. Since it introduced the default dns route for all interfaces behavior.
Best Answer
Add to the client configuration file (the file with extension .ovpn) downloaded from the OpenVPN server the line:
As you know, before adding this line, in Ubuntu 18.04 you must install
update-systemd-resolved
scripts as described in https://github.com/jonathanio/update-systemd-resolvedIf it still does not work, perhaps you must add your internal DNS server too. Check the lines you add at the end of the .ovpn file looks like:
If you use the UI (gnome) to connect
Last, if you are using the UI VPN Icons to connect to your VPN, you must re-import the .ovpn modified file.
To do that execute in a terminal:
Click in Ubuntu start menu:
Type the word "network" and click on Network. It should show somthing like:
Click in the "+" sign on VPN and click in "import from file" option:
Once imported, add a name and click the "add" button at the top right of the dialog.
You are all set!
To connect to the VPN, click in the network icon and after that in the lock icon.