Hi Tom
in case a second dns (local) is set, after start, stop, only the first dns address is restored.
Would be possible saving both on start and restoring them on stop ?
BR, Aldo
Hi,
It should be restoring both. How are you setting them? If you are just writing them to /etc/resolv.conf, then connman may not know about the 2nd one.
Regards Tom.
set with osmc. It was written in /etc/resolv.conf though.
Which procedure would be necessary?
BR, Aldo
Hi,
With the vpn stopped.
sudo rm /etc/resolv.conf.connman-backup
Confirm that connman has the right nameservers:-
IFACE=$(connmanctl services | awk '/^\*/ {print $NF; exit}')
connmanctl services "$IFACE"| sed -n 's/.*Nameservers\.Configuration = \[\(.*\)\].*/\1/p'| tr -d ','| xargs
If not you can set them with:-
connmanctl config "$IFACE" --nameservers 192.168.1.1 IP.OF.2ND.DNS
Then start openvpn
check that /etc/resolv.conf.connman-backup has both dns servers, if not let me know and I’ll investigate further.
Now stop the vpn. Check what dns servers connman has:-
connmanctl services "$IFACE"| sed -n 's/.*Nameservers\.Configuration = \[\(.*\)\].*/\1/p'| tr -d ','| xargs
/etc/resolv.conf may not contain both, what matters is what conman reports. Again if only 1 is listed, I’ll investigate further.
Regards Tom.
the file /etc/resolv.conf.connman-backup isn’t updated, it mast be removed upon dns change.
Now, after removing it, added a second dns and started the vpn service:
$ cat /etc/resolv.conf.connman-backup
192.168.1.1 1.1.1.1
$
Upon stop:
$ cat /etc/resolv.conf
Generated by Connection Manager
nameserver 192.168.1.1
nameserver 1.1.1.1
$
Not very user friendly I’d say 
I new about the dns change, but I messed it.
Perhaps the up script might contain a diff test to update the backup if needed ?.
BR, Aldo
Hi,
How is the diff meant to know what the pre-vpn dns iPs should be? i suppose these could be hard-coded into a variable by the user. The thing is though as long as /etc/resolv.conf.connman-backup contains the correct IPs, it works doesn’t it?
Regards Tom.
in stop state /etc/resolv.conf and /etc/resolv.conf.connman-backup both
contain the same data. If not “backup” must be updated.
BR, Aldo
Hi,
Then we are back to the possible race condition on shutdown/reboot where the down script doesn’t work properly and the dns doesn’t get restored to pre-vpn dns. So then the dns written to resolv.conf.connman-backup would be the vpn dns.
Regards Tom.
does down script touch the “backup” file ?
Btw, do you know about a tutorial about connman sequencence of scripts execution ?
tia, Aldo
a possible race condition might look like:
with sesolv.conf still containing vpn dns a stop state is reached.
Would a "Busy/Invalid " State set at up Start, to be reset at down successful End, help?
BR, Aldo
Hi,
Please feel free to modify the script to make it work for you, as far as I can see the current script does the required.
Regard Toms
I worked further on update-resolv-conf.sh to get the configuration more “avg joe”.
-
sed -in ‘s/dnsproxy=yes/dnsproxy=no/’ /etc/osmc/prefs.d/connman
Turns out being necessary: otherwise, upon reboot, resolv.conf is set to localhost:
::1
127.0.1.1 -
Removed “no domain pushed” warning, by not checking for it, as per your modi.
-
Added connman settings, as per yout modi, as OSMC rely on it.
-
Added saving resolv.conf to /dev/shm/ as in the original file : update-resolv-conf.sh.
Funcionality expanded to recover from a race condition:
On up), the file present in /dev/shm/ means down) wasn’t completed successfully,
so /etc/resolv.conf is restored with it. In this case resolv.conf.bak isn’t created/changed.
Otherwise /etc/resolv.conf.bak is created with each up), to reflect any DNS change via “My OSMC”.
Script below.
BR, Aldo
#!/usr/bin/env bash
Parses DHCP options from openvpn to update resolv.conf
To use set as ‘up’ and ‘down’ script in your openvpn *.conf:
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Used snippets of resolvconf script by Thomas Hood jdthood@yahoo.co.uk
and Chris Hanson
Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
07/2013 colin@daedrum.net Fixed intet name
05/2006 chlauber@bnc.ch
04/2026 aldodurbano@icloud.com Added connman settings; Improved resolv.conf recovering.
Example envs set from openvpn:
foreign_option_1=‘dhcp-option DNS 193.43.27.132’
foreign_option_2=‘dhcp-option DNS 193.43.27.133’
foreign_option_3=‘dhcp-option DOMAIN be.bnc.ch’
foreign_option_4=‘dhcp-option DOMAIN-SEARCH bnc.local’
The ‘type’ builtins will look for file in $PATH variable, so we set the
PATH below. You might need to directly set the path to ‘resolvconf’
manually if it still doesn’t work, i.e.
RESOLVCONF=/usr/sbin/resolvconf
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
#RESOLVCONF=$(type -p resolvconf)
case $script_type in
up)
Backup Pre-vpn resolv.conf & DNS
Recover resolv.conf if previous down) didn’t complete
IFACE=$(connmanctl services | awk ‘/^*/ {print $NF; exit}’)
[ -f /dev/shm/resolv.conf ] && {
cp -af /dev/shm/resolv.conf /etc/
} || {
cp -af /etc/resolv.conf /dev/shm/
PRE_VPN_DNS=$(connmanctl services $IFACE | sed -n ‘s/.Nameservers.Configuration = [(.)].*/\1/p’ | tr -d ‘,’)
sed ‘2,$d’ /etc/resolv.conf > /etc/resolv.conf.bak
for dns in $PRE_VPN_DNS; do echo nameserver $dns >> /etc/resolv.conf.bak; done
}
Parse OpenVPN pushed options
for optionname in ${!foreign_option_*} ; do
option=“${!optionname}”
echo $option
part1=$(echo “$option” | cut -d " " -f 1)
if [ “$part1” == “dhcp-option” ] ; then
part2=$(echo “$option” | cut -d " " -f 2)
part3=$(echo “$option” | cut -d " " -f 3)
if [ “$part2” == “DNS” ] ; then
IF_DNS_NAMESERVERS=“$IF_DNS_NAMESERVERS $part3”
fi
if [[ “$part2” == “DOMAIN” || “$part2” == “DOMAIN-SEARCH” ]] ; then
IF_DNS_SEARCH=“$IF_DNS_SEARCH $part3”
fi
fi
done
Build ConnMan DNS string
R=“”
for NS in $IF_DNS_NAMESERVERS; do
R=“$R $NS”
done
R=$(echo “$R” | sed ‘s/^ *//’)
Push DNS to ConnMan
if [ -n “$R” ]; then
connmanctl config “$IFACE” --nameservers $R
else
echo “no dns server’s pushed”
fi
;;
down)
Recover Pre-vpn DNS & resolv.conf
IFACE=$(connmanctl services | awk ‘/^*/ {print $NF; exit}’)
PRE_VPN_DNS=$(cat /etc/resolv.conf
.bak | grep nameserver | awk ‘{print $NF}’)
if [ -n “$PRE_VPN_DNS” ] && [ -n $IFACE ]; then connmanctl config $IFACE --nameservers $PRE_VPN_DNS; fi
[ -f /dev/shm/resolv.conf ] && mv /dev/shm/resolv.conf /etc/
;;
esac
exit 0
local (127.0.0.1).
Just trying to get plain text posted. The script in the last post is barely readable 
Let’s see …
– Start Text –
#!/usr/bin/env bash
#!/usr/bin/env bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
# 04/2026 aldodurbano@icloud.com Added connman settings; Improved resolv.conf recovering.
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
## The 'type' builtins will look for file in $PATH variable, so we set the
## PATH below. You might need to directly set the path to 'resolvconf'
## manually if it still doesn't work, i.e.
## RESOLVCONF=/usr/sbin/resolvconf
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
#RESOLVCONF=$(type -p resolvconf)
case $script_type in
up)
#
# Backup Pre-vpn resolv.conf & DNS
# Recover resolv.conf if previous *down)* didn't complete
#
IFACE=$(connmanctl services | awk '/^\*/ {print $NF; exit}')
[ -f /dev/shm/resolv.conf ] && {
cp -af /dev/shm/resolv.conf /etc/
} || {
cp -af /etc/resolv.conf /dev/shm/
PRE_VPN_DNS=$(connmanctl services $IFACE | sed -n 's/.*Nameservers\.Configuration = \[\(.*\)\].*/\1/p' | tr -d ',')
sed '2,$d' /etc/resolv.conf > /etc/resolv.conf.bak
for dns in $PRE_VPN_DNS; do echo nameserver $dns >> /etc/resolv.conf.bak; done
}
#
# Parse OpenVPN pushed options
#
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
#
# Build ConnMan DNS string
#
R=""
for NS in $IF_DNS_NAMESERVERS; do
R="$R $NS"
done
R=$(echo "$R" | sed 's/^ *//')
#
# Push DNS to ConnMan
#
if [ -n "$R" ]; then
connmanctl config "$IFACE" --nameservers $R
else
echo "no dns server's pushed"
fi
;;
down)
#
# Recover Pre-vpn DNS & resolv.conf
#
IFACE=$(connmanctl services | awk '/^\*/ {print $NF; exit}')
PRE_VPN_DNS=$(cat /etc/resolv.conf.bak | grep nameserver | awk '{print $NF}')
if [ -n "$PRE_VPN_DNS" ] && [ -n $IFACE ]; then connmanctl config $IFACE --nameservers $PRE_VPN_DNS; fi
[ -f /dev/shm/resolv.conf ] && mv /dev/shm/resolv.conf /etc/
;;
esac
exit 0
–- End Script –
1 Like