Ubuntu and OpenVPN: Set pushed DNS servers globally

Achtung! Dieser Artikel ist älter als ein Jahr. Der Inhalt ist möglicherweise nicht mehr aktuell!

I’m using OpenVPN to connect to my home network. The endpoint is on my pfSense firewall I use there. I’m able to export a config file containing all needed connection parameters and needed certificates.

You can import that file into Ubuntus‘ Network Manager. However, the parser isn’t that good. You have to tweak the configuration to match the real config file. Pushed DNS servers or custom set ones are not used. The result is a stable connection without name resolution. Surfing the web isn’t fun without that.

I pass using the Network Manager because teweaking the settings in three different applications is not very end user friends. I decided to go back to the good old CLI.

My OpenVPN server pushes the DNS IP addressess. There are different approaches to use them globally.

Bad approach: Editing /etc/resolv.conf

This isn’t a very good approach, because you have to manually edit the system configuration. Normally all DNS servers are configured in the file under /etc/resolv.conf.

Over the past few years manually editing that file became obsolete. On modern Linux systems is a package installed name resolvconf. It sets as only nameserver and spins up a forwarder. All requests are then forwarded to the DNS servers received over DHCP.

This is for a normal user pretty nice, because they don’t have to deal with DNS settings as soon as they change network. Editing this file is only temporary and therefore not acceptable.

Good approach: Tell OpenVPN to „make it work“

OpenVPN can talk to the resolvconf application and register the pushed DNS servers. You have to add the following three lines at the bottom of the OpenVPN config file:

pfSense: OpenVPN Client Export Utility

If you use pfSense and the „Client Export Utility“ the the threee lines can also be added directly on generation. Use the text box in the advanced section:

Bonus: Verbose Output

To see what’s pushed you have to make OpenVPN more chatty. To see every config option but not traffic (scroll friendly) you can call it like this:

You should find a line like this:

You should be able to see that update-resolv-conf was executed:

Du hast einen Kommentar, einen Wunsch oder eine Verbesserung? Schreib mir doch eine E-Mail! Die Infos dazu stehen hier.

🖇️ = Link zu anderer Webseite
🔐 = Webseite nutzt HTTPS (verschlüsselter Transportweg)