Network connectivity issues vpn

Hi. Since updating to the latest September release on my Vero 4K+ - which I believe is now Bullseye - I’ve been experiencing network issues with my vpn setup which your team kindly helped me get up and running ages ago (openvpn setup via cli, running a watchdog timer). It’s been solid as a rock for ever now, but this latest update has messed something up.

System info reports operating system/ system uptime/ total uptime as busy every 15 seconds or so. I can’t stream anything online.

curl via command line normally gives me details of the vpn’s ip address, but now gives me ‘curl: (6) Could not resolve host:

If I run the following four commands: [sudo systemctl] stop openvpn/ disable openvpn/ stop openvpn-watchdog.timer/ sudo systemctl disable openvpn-watchdog.timer and reboot, everything seems to be back to normal.

Here’s the log with openvpn/ watchdog timer turned off:

I’m not able to upload any logs while the vpn is turned on. Tried copying to SD card but I can’t find any log there.

I’ve been playing with another box recently so didn’t notice this until a family member, who has an identical setup to me (running osmc, but instead on a rpi4) told me nothing seemed to be working after a recent update.

Any assistance would be greatly appreciated. Thanks.


It looks like when the vpn dns is failing.

Could you please post your vpn config?

Thanks Tom.

Hi Tom,

Thanks for the response. Below is the contents of my vpn.conf file (keys have been removed). Persist-tun was removed on dillthedog’s suggestion which fixed reconnection issues if the network connection was lost. I’ve also included the instructions you sent me that I follow to set up watchdog timer if useful.

I can do a clean install of the previous version of osmc I was running and this setup still works perfectly with it, so not sure what has changed.

dev tun
remote 1195

comp-lzo no
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass login.txt




script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

sudo nano /etc/systemd/system/openvpn-watchdog.timer


Description=OpenVPN Watchdog timer




sudo nano /etc/systemd/system/openvpn-watchdog.service


Description=OpenVPN Watchdog service



ExecStart=/bin/systemctl restart openvpn@vpn


sudo systemctl start openvpn-watchdog.timer

sudo systemctl enable openvpn-watchdog.timer


If you remove or comment out these 2 lines:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Does it work?

Regards Tom.


Yes, it works now that those two lines have been removed. So it’s a dns resolving issue like you thought? Openresolv currently uses my vpn provider’s secure dns. I suppose I could configure network manually in my osmc and use cloudflare dns for example, but weird that I would need to since it’s never been an issue on the Vero.

Any idea why this doesn’t work with the new osmc update? Or any ideas how to work around this (other than the manual dns option)? Thanks.


I’ve found that openvpn can’t restore the dns settings, with the down script. The issue appears to be with openresolv, but resolvconf doesn’t work well with osmc. So can I get openvpn to start, but as soon as it stopped or restarted it couldn’t connect as my vpn providers dns server was still being used.

One option here is not to use the openvpn providers dns servers, and continue to use the ones set in MyOSMC. If you are concerned about privacy, I would consider cloudflare; they have a reasonable logging policy:

Alternatively I did find a workaround by using connman to restore the the dns servers, with the following script; /etc/openvpn/restore-resolv.conf:

connmanctl config ethernet_xxxxxxxxxxxxx_cable --nameservers

Replace ethernet_xxxxxxxxxxxxx_cable with your actual connection, you can find this with connmanctl services. Replace the dns server’s with your preference. Make it executable with:

sudo chmod u+x /etc/openvpn/

update your conf with:

script-security 2                                               
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/restore-resolv.conf

Regards Tom.

Thanks Tom, that’s really helpful.

Out of interest, how long have you had these issues with openresolv? I only ask as it’s worked perfectly for me until the latest osmc update, which I figured had to be responsible for these issues as opposed to the issue being with open vpn/openresolv and particularly because, as I mentioned earlier, openresolv still works perfectly when I roll back osmc to a previous version. Possibly an openresolv issue with bullseye?


I don’t actually use, just tested it with my old vero4k that had a disabled openvpn config on it.

The with latest update OSMC moved from buster to bullseye, in this sort of scenario its not unusually for scripts to stop working.

Regards Tom.

Ok, cool. Thanks again for your time Tom.

1 Like

Hi Tee77,

I believe I’ve created a working script which will allow you to use the dns servers from your VPN provider, with no requirement for on resolvconf or openresolv. I would appreciate it if you were happy to test, before doing so you should probably check out the script; it can be found here:

I reworked this script for resolvconf: GitHub - alfredopalhares/openvpn-update-resolv-conf: Script that updates DNS settings are pushed by the OpenVPN server

If you are happy to test, please follow the below instructions:

cd /etc/openvpn
sudo wget
sudo chmod u+x connman-update-resolv

Replace ethernet_xxxxxxxxxxxxx_cable in connman-update-resolv with your actual connection, you can find this with connmanctl services

Update you vpn config with the following:

script-security 2                                               
up /etc/openvpn/connman-update-resolv 
down /etc/openvpn/connman-update-resolv

Thanks Tom.

1 Like

Ah nice one Tom! I’m away with work but back tomorrow night, so will try it out and let you know how I get on. Thanks.


Excellent - this is working for me.

I notice that each dns server address is now identical to its corresponding vpn ip address, whereas I’m used to seeing the last three digits of the dns address differ. I’m sure that’s not a problem but thought I’d mention it.

Really appreciate it Tom, thanks.


Great! Thanks for confirming?

This doesn’t sound right, do you mean the IPs that the vero4ks get or the GW IP? Does DNS resolution work, can you ping; when connected to the VPN tunnel? If so I wouldn’t worry about it too much.

Thanks Tom.

Sorry Tom, been a long day and probably shouldn’t be doing this now! What I meant to say was…the dns leak test addon I use reports the vpn’s ip address and dns address as identical. Over the years I’ve been using this addon (and using openresolv to resolve the vpn’s dns), the last few digits of the dns address have always differed to the vpn ip address. Guessing it doesn’t matter.

Pinging seems fine.

My Osmc reports the primary dns as the vpn provider’s dns address rather than my normal I’m assuming that’s meant to happen?

Need to test a bit more just to be sure - having some weird speed test issues but could just be the specific server I’m using. I’ll report back tomorrow. Thanks.

1 Like


My Osmc reports the primary dns as the vpn provider’s dns address rather than my normal I’m assuming that’s meant to happen?

The one in MyOSMC is correct, not sure why the addon would report any different. Wouldn’t worry about if pinging is working.

Nothing in the script should affect speed, so I suspect its the vpn server.

Regards Tom.

Hi Tom

Having tested some more, it all seems to be working well. I think what initially threw me is that Kodi’s Speedtester app has stopped working on osmc bullseye (tested with clean install and no vpn to be sure) so I assumed your script was causing some weird issues with download speeds.

Also tried speedtest-cli from command line and was getting the following…

Retrieving configuration…
Cannot retrieve speedtest configuration
ERROR: HTTP Error 403: Forbidden

…but cli option seems to be working now. Anyway, obviously not a problem with your script, it works perfectly, thanks!


I was seeing this on my vpn client, so I changed to using instead: speedtest-cli --secure
installed via pip.

Thanks Tom.