Set up openvpn to use private VPN service dns server on connect

Hello there and i wish for all of you a Happy and Healthy New Year!!!

I tried for over a month now and i have read almost everything in this forum to achieve that i want to do. I’m sorry if the answer is in a topic but i am a noob as when it come to linux and i am happy to already have learned some basic stuff.

I use osmc latest version on a raspberry pi3, Brian Hornsby’s VPN client, and i have Joakim_Sandstrom’s Chromium installed so that i can check for dns leaks, when i connect to a server through ssh.

I already configured ovpn files so that can work with Brian Hornsby’s VPN client, and changed the openvpn path in the client. everything fine up to here.

The think is that i want to use my vpn service private dns server when i connect to a server and my isp’s or whatever when i am not.

I want that to be done automatically.

I have manual (not dhcp) setup a local lan ip with my isp’s dns through My OSMC lan config.

I have read that i can use the up and down script of the openvpn update-resolve-conf but it doesn’t work when i put it in my ovpn files because the paths in osmc is different.

What can i do, can anyone please help me here? what changes do i have to do? i have read that i have to edit some files… which files?

To be honest i don’t want to just do it, i want to understand why i am doing it so i can learn from someone that is kind to help me…

Edit: i removed the name of the vpn service i had write here, because i am not affiliated with them and it is not proper to refer to them…

Ok, suddenly i found a way to do what i want…

BUT i need a little help and information in order to make as i want, a complete newbie tutorial for those who have below basic experience in linux… so that they don’t wonder around many posts and sites, but in the other hand maybe the should do , it helped me learn stuff…

OSMC is great and i use it many years but don’t have the knowledge to help development of OSMC , or to help in any way… i think this tutorial i will make, is the way to my part of helping in a strange way…i dont know lets say its something like a little help to Sam and the other developers…

What i did and correct me if i am wrong and help me finish it right so i can make the tutorial.

i installed openvpn
i used Brian Hornsby’s VPN client and setup opvn (ca and authentication info) files properly.
i wanted to use vpn’s private dns so i installed resolvconf and edited opvn files with script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Everything ok up to here…

There is something more to fix and want to ask…
After disconect the /etc/resolve.conf is empty so it needs restart.( in a way this is something like a killswitch, not bad…)

Is there a fix for that? (in a post i read that is ok after an update, i am updated but it dosent work…maybe i ma doing something wrong)

or i have to use (haven’t try it yet but tonight)

cp /etc/resolv.conf /etc/resolv.conf.default
#echo -n “$R” | $RESOLVCONF -p -a “${dev}”
echo -n “$R” | $RESOLVCONF -a “${dev}.inet”
;;
down)
$RESOLVCONF -d “${dev}.inet”
mv -f /etc/resolv.conf.default /etc/resolv.conf
;;

And something else,

besides installing resolvconf is there a way to edit the update-resolv-conf script so that can use the /etc/resolv.conf that osmc uses? will that work?
i mean to change /usr/sbin/resolvconf that uses the script that it dosent exist unless i install it to /etc/resolv.conf or use for path =$(type -p resolvconf)

I know that it works but which is the best way to do it?

I have seen guys here in many posts that can help and they made it work but what exactly and wicth way they did it?

Thanks…

cp /etc/resolv.conf /etc/resolv.conf.default
#echo -n “$R” | $RESOLVCONF -p -a "${dev}"
echo -n “$R” | $RESOLVCONF -a “${dev}.inet”
;;

down)
$RESOLVCONF -d "${dev}.inet"
mv -f /etc/resolv.conf.default /etc/resolv.conf
;;

That’s been used successfully in the past (Change DNS when connected to VPN - #23 by Foxy_Stoat) as long as you don’t change the user/group in your .conf file.

I just tryied to import that in the script and it dosent work… still blank resolv.conf after disconect… maybe i edited it wrong, i will try it again later.

You say it was used in the past, what do you use or do for that empty resovl.conf now?

I will look because i dont know-undesrtand what yyou mean about the change of the user/group in .conf file

I don’t use it. I’ve used openresolv in the past instead of resolvconf.

Then it probably won’t be an issue.

I was trying to make it work but i cant.

edit the update-resolv-conf with

cp /etc/resolv.conf /etc/resolv.conf.default

and

mv -f /etc/resolv.conf.default /etc/resolv.conf

as some examples i have seen and nothing.

Where exactly should i insert the lines?

I tryed to run the command through ssh

cp /etc/resolv.conf /etc/resolv.conf.default

just to see if it works and i get back

osmc@osmc-rpi3:~$ cp /etc/resolv.conf /etc/resolv.conf.default
cp: cannot create regular file ‘/etc/resolv.conf.default’: Permission denied

any help?

In this block of code in /etc/openvpn/update-resolv-conf:

	done
>>>>>>>>>>>>>>>>>>>>> HERE <<<<<<<<<<<<<<<<<<<<
	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
	;;
  down)
	/sbin/resolvconf -d "${dev}.openvpn"
>>>>>>>>>>>>>>>>>>>>> HERE <<<<<<<<<<<<<<<<<<<<
	;;
esac

openvpn runs as root, so has the necessary permissions.

Thank you it worked but for the first time.

I edited /etc/openvpn/update-resolv-conf as you said…

before i connect my routers dns in /etc/resolv.conf

i connect to a server and my vpns private dns in /etc/resolv.conf

i disconnect openvpn my router as dns server.

From then what ever i do i connect again , i rebooted 5 times , i connect again, i even removed the edits i did i always have my router as dns server in /etc/resolv.conf

i dont understand…

So that is working as you want. Correct?

Does it create the /etc/resolv.conf.default file when you connect again?

Hi again,

So that is working as you want. Correct?

Yes that is what i want!!!
But i would like to it work again each time i connect and disconnect, accordingly to switch between my routers and my private vpn’s dns.

That is not happening.

Does it create the /etc/resolv.conf.default file when you connect again?

Yes every time i connect it creates resolv.conf.default and its time i disconnect it replaces resolv.conf

The thing is that again its like update-resolv-conf does not work again… no matter what i do…

I even deleted resolv.conf so after reboot it would regenerate , it regenerates and never again changes to my vpn’s private dns… its always with my router.

The only thing is to uninstall openvpn and its dependances , install it again , and it again will work for first time…

1 Please reboot, then run grab-logs -A and tell us the URL it returns.

2 Run

connmanctl services
connmanctl services <service name>

where the <service name> is the output from the first command, eg ethernet_b827ebxxxxxx_cable.

3 Connect openvpn and then disconnect it. After each operation, show the contents of /etc/resolv.conf and /etc/resolv.conf.default (if it exists). Then repeat again - and again show the contents of the two files.

thanks i will do and i will come back to you…!!!

And something that might tell you something, i dont know…

if uninstall openvpn and i reinstall it as i told you i works for the fist time.

when i ls -a /etc/resolv*

i see

conf

as you see the file resolv.conf has a lite blue colour (sorry , i am a little color blind…)

after first vpn connect (a little blue again) and the copy as you see
resolv first connect

at first disconnect resolv.conf is replaced by the copy and changes color to white
resolv first disconnect

and at first reconnect , reboot or whatever until reinstall same white colour
resolv first reconnect

I think that the colours with ls -a command shows the file and folder privileges,
maybe it has something to do with file permitions after replacement?

I come back with what you tell me…

Hello again, i sorry for the delay.

here is my log

https://paste.osmc.tv/mivariqiza

Before connect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

After first connect

GNU nano 2.2.6 File: /etc/resolv.conf

#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN
nameserver 198.18.0.1
nameserver 198.18.0.2

and

GNU nano 2.2.6 File: /etc/resolv.conf.default

#Generated by Connection Manager
nameserver 192.168.2.1

After first disconnect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

After second connect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

and

GNU nano 2.2.6 File: /etc/resolv.conf.default

#Generated by Connection Manager
nameserver 192.168.2.1

but

/etc/resolvconf/run/resolv.conf
GNU nano 2.2.6 File: /etc/resolvconf/run/resolv.conf

#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN
nameserver 198.18.0.1
nameserver 198.18.0.2

after second disconect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

and

but /etc/resolvconf/run/resolv.conf
GNU nano 2.2.6 File: /etc/resolvconf/run/resolv.conf

#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN

and so on, nothing changes even after many connects and disconnects.

As you can see /etc/resolvconf/run/resolv.conf after connect updates with vpns dns kai emptys after disconnect. The etc/resolv.conf just copys itself on and on and on.

Here is also my update-resolc-conf in case you can find something


Thanks again.

I think I can see what is happening and it looks like the changes people previously made to /etc/openvpn/update-resolv-conf will no longer work.

But it looks like resolvconf now (almost) works without needing any changes. I tested it on my system and if the VPN sets two nameservers it seems to work fine. If the VPN only sets one nameserver, then the original nameserver appears on line 2, which isn’t ideal.

I suggest you remove the two lines from /etc/openvpn/update-resolv-conf and then run:

sudo systemctl stop openvpn  # just to be sure it isn't running
sudo apt-get purge resolvconf
sudo apt-get install resolvconf

Then check if /etc/resolv.conf is being correctly updated when you start and stop openvpn. On my system it does work.

i tried it , i did you you say…
i reinstalled resolvconf , i removed the lines from /etc/openvpn/update-resolv-conf, i have the security 2 on my ovpn files…

When i connect resolv.conf updates with vpn’s dns but on disconnect its empty and stays empty until i reboot.

you say its working on your system and even after disconnect resolv.conf has your custom dns?

Like I said at the beginning, I’ve uses openresolv in the past, since it is a lot less trouble. It’s not available on Debian jessie but version 3.8.0 is available on Debian stretch, if you can wait a day or two for OSMC to upgrade to stretch.

Alternatively, you can install version 3.9.0 now from https://roy.marples.name/projects/openresolv.

Whichever version you choose, I’d recommend you remove the resolvconf package (and ifupdown that came with it) and use openresolv instead.

I just made the update (Debian Strech) , and i will make some tests and some reading on how exaclty i can use openresolv. i wi’ll give it a try…

as @sam_nazarko said about the update,

but after first test its all the same , i have in open ovpn files the lines,

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

i have installed resolvconf via sudo apt-get install resolvconf

I haven’t changed anything in update-resolv-conf.

I connect and resolv.conf is filled with my vpn’s dns servers, but when i disconnect my resolv.conf is empty and i have no internet connectivity, until i reboot.

last night i found 2 solutions that work somehow…

I tell you from now i am a complete noob when it comes to linux…only last month that i had a goal to setup open vpn with no dns leaks firts of all to learn and second as a personal goal, learnd how to connect through ssh.

Maybe the solutions are weird or funny, but i would like your opinion…

First one, is adding some lines in update-resolv-conf based in logic that resolv.conf is a symbolic link to /etc/resolvconf/run/resolv.conf and thats why

doesn’t help me, because it breaks the link, and after its just a file that copys it self on and on…

I tried:

for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
cp /etc/resolv.conf /etc/resolv.conf.default <-- i just make a copy that i will use later that contanes some default dns so i can connect to the internet or reconnect to vpn.
echo -n “$R” | /sbin/resolvconf -a “${dev}.openvpn”
cp -P /etc/resolv.conf.simlink /etc/resolv.conf <-- a copy as symlink to see /etc/resolvconf/run/resolv.conf that updates with vpn’s dns

;;
down)
/sbin/resolvconf -d “${dev}.openvpn”
cp -P /etc/resolv.conf /etc/resolv.conf.simlink <-- i replace the simple file with symlink file that targets /etc/resolvconf/run/resolv.conf with updates in every connect with vpn’s dns
mv -f /etc/resolv.conf.default /etc/resolv.conf <–and because /etc/resolvconf/run/resolv.conf is always empty i replace it with the backup file so i can have dns to connect
;;
esac

Its like a big loop, it works good but it has a disadvantage , you cannot change dns from My OSMC(dhcp or static) if you want to change dns in resolv.conf you have to ssh -> sudo nano it.

And the other is something i found that regenerates resolv.conf after being empty, without reboot system.

is by adding

systemctl restart connman

in

update-resolv-conf , script

done

echo -n “$R” | /sbin/resolvconf -a “${dev}.openvpn”

;;
down)
/sbin/resolvconf -d “${dev}.openvpn”
systemctl restart connman
;;
esac

after down command, so connman restarts and regenarates my resolv.conf with systems dns.

is it safe , wise to restart connman that way or it causes a problem that i haven’t meet until now , or later? does it affect me?

You have something else to suggest now with the changes that update brought?

Maybe stupid ways but i would like some feedback - opinion from someone…

Thanks.

Hi. First of all I’d like to congratulate you for all the work you’ve put into trying to solve your problem. You might call yourself a Linux noob right now but you’ll soon be up to speed, given your positive attitude.

You have correctly identified that resolvconf uses a link to /etc/resolvconf/run/resolv.conf and that this caused us a few problems when we tried the workaround.

The good news is that openresolv doesn’t use any links and as as long as your openvpn .conf file still contains the lines:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

it should work without needing any modifications. (Remember that if you make any changes, they’ll be overwritten each time you get an update.)

To install openresolv from the Debian stretch repo, first remove resolvconf and ifupdown

sudo apt-get purge resolvconf ifupdown
sudo apt-get install openresolv

Thank you my friend, i really appreciate the time you spend for me and your help, i will try what you suggest with openresolv and see what resolts i get… and also thank you for your good words…

keep in mind that i owe you a beer, its the least i can do.

It’s always a pleasure to help someone who has such a positive attitude.

I’m not sure dogs are allowed to drink beer. :wink:

1 Like