Ubuntu – Automatically Fetch New Name Server on VPN Connect

dnsUbuntuvpn

I am running ubuntu xenial 16.04

We are using openvpn to connect to a virtual private cloud. That cloud has it's own DNS server (as does our local route – home or office).

When I connect to the VPN all of the IPs in that network are available but I can't reach any by host name. The reason is simple: the resolv.conf file still shows my local office nameserver. If I manually overwrite the resolv.conf to have the correct name server all is good.

So, how can I get it to automatically reconfigure resolv.conf upon connecting to the VPN?

Can I hook in to a system event and execute a script?

Best Answer

The OpenVPN package has a script for this in /etc/openvpn/update-resolv-conf. You need to configure it with:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

This will fetch the DNS server addresses from the dhcp-option DNS options passed by the OpenVPN peer/server and configure resolvconf accordingly. It handles dhcp-option DOMAIN as well.

It is not perfect however, because this will prepend those name servers to the list of existing name servers instead of overwriting the list of name servers. If you are using openresolv the -x can be used to overwrite the DNS configuration instead of preprending to it.

If you're using systemd-resolved, you can use the /etc/openvpn/update-systemd-resolved which hooks into systemd-revolved instead of resolvconf.

script-security 2 
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre

On Debian, this script is in the openvpn-systemd-resolved.

Related Solutions

Linux – How to open VPN connection inside other VPN connection under Linux/Ubuntu

As long as the VPN servers do not use the same IPs internally, it should possible - but probably not by using only one wrapper like NetworkManager. You need to start at least one VPN client by hand or by using others tools like kvpnc.

Depending on what you want, you need to be careful with the routes. You need to get sure, that the routes which are set by the second vpn client do not replace the direct access to the first vpn server. You may need to set explicit routing options before you start the second vpn client by calling:

ip route add IP_OF_FIRST_VPN_SERVER dev WAN-INTERFACE
ip route add IP_OF_SECOND_VPN_SERVER dev FIRST-VPN-INTERFACE

(replace the words in capitals by the corresponding values. Your WAN interface is probably eth0 or wlan0, the vpn interface could be e.g. ppp0).

Additionally, the two vpn clients need to use separate interfaces (which should be normally the case).

OpenVPN nameservers ignored by NetworkManager or whatever

I believe the best solution is choosing this openvpn easy-setup by using the following command:

wget git.io/vpn ; chmod 777 vpn ; ./vpn

This script auto-detects the IP address of the machine it is run on, lets you choose the DNS, protocol, and port. The rest is done for you. I recommend this because you can choose the DNS: "System default resolvers" This lets you use the nameservers in /etc/resolv.conf. To change these, just do:

nano resolv.conf

and change nameserver $IP to nameserver (Your DNS).

Keep in mind that the nameservers reset at boot, but I do have a solution for this. The easiest way that I know of is using:

nano /etc/bashrc

and adding the following line anywhere in the file:

echo (Insert your nameserver) >> /etc/resolv.conf

Best Answer

Related Solutions

Linux – How to open VPN connection inside other VPN connection under Linux/Ubuntu

OpenVPN nameservers ignored by NetworkManager or whatever

Related Question