Ubuntu – Ubuntu 18.04 no DNS resolution when connected to OpenVPN


When I connect to a VPN network through Gnome Network-manager I lose DNS resolution and in practice, I cannot access resources inside the VPN network or outside.

When I was using Ubuntu 16.04 and I was using the VPN, the "/etc/resolv.conf/" file would contain the DNS servers of the (VPN) network I had connected. Now it always contains the following entries:

search myprovider.com

From what I have understood is the address of the DNS stub used by the system-resolved.

I suspect that this is a bug because the VPN was working fine the Ubuntu 16.04. Is there any way that I can set the DNS servers of my network when I am using a VPN service?


I tried connecting to the OpenVPN network with the configuration file attached at the end of the post, but I get the following error:

 Authenticate/Decrypt packet error: cipher final failed

I have verified that the server uses lzo compression and I have enabled it as well. The connection stays active but I cannot navigate to any page inside or outside the VPN.

In the configuration file listed below, I have included the solutions posted in the replies

 dev tun
 proto udp
 remote openvpn.bibsys.no 1194
 remote my-server-2 1194
 resolv-retry infinite
 user myuser
 group myuser
 ca ca-cert.pem
 cert openvpn.crt
 key openvpn.key
 cipher AES-256-CBC
 comp-lzo yes
 script-security 2
 up /etc/openvpn/scripts/update-systemd-resolved
 down /etc/openvpn/scripts/update-systemd-resolved

Best Answer

I found a solution on this blog post. While there are two solutions mentioned, I prefer using the second one because it means my DNS is set by the OpenVPN server (the first solution means I use the same DNS servers whether or not I'm connected to the OpenVPN server).

In short:

  • sudo mkdir -p /etc/openvpn/scripts
  • sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/
  • sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved

Then edit your OpenVPN client file (e.g. client.ovpn) by changing the up/down scripts to:

script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved

(I have commented out the original up/down settings).