When I connect to a VPN network through Gnome Network-manager I lose DNS resolution and in practice, I cannot access resources inside the VPN network or outside.
When I was using Ubuntu 16.04 and I was using the VPN, the "/etc/resolv.conf/
" file would contain the DNS servers of the (VPN) network I had connected. Now it always contains the following entries:
nameserver 127.0.0.53
search myprovider.com
From what I have understood 127.0.0.53
is the address of the DNS stub used by the system-resolved
.
I suspect that this is a bug because the VPN was working fine the Ubuntu 16.04. Is there any way that I can set the DNS servers of my network when I am using a VPN service?
Update:
I tried connecting to the OpenVPN network with the configuration file attached at the end of the post, but I get the following error:
Authenticate/Decrypt packet error: cipher final failed
I have verified that the server uses lzo compression and I have enabled it as well. The connection stays active but I cannot navigate to any page inside or outside the VPN.
In the configuration file listed below, I have included the solutions posted in the replies
client
dev tun
proto udp
remote openvpn.bibsys.no 1194
remote my-server-2 1194
resolv-retry infinite
nobind
user myuser
group myuser
persist-key
persist-tun
ca ca-cert.pem
cert openvpn.crt
key openvpn.key
cipher AES-256-CBC
comp-lzo yes
script-security 2
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
down-pre
Best Answer
I found a solution on this blog post. While there are two solutions mentioned, I prefer using the second one because it means my DNS is set by the OpenVPN server (the first solution means I use the same DNS servers whether or not I'm connected to the OpenVPN server).
In short:
sudo mkdir -p /etc/openvpn/scripts
sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/
sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved
Then edit your OpenVPN client file (e.g. client.ovpn) by changing the up/down scripts to:
(I have commented out the original up/down settings).