Set up openvpn to use private VPN service dns server on connect

I just tryied to import that in the script and it dosent work… still blank resolv.conf after disconect… maybe i edited it wrong, i will try it again later.

You say it was used in the past, what do you use or do for that empty resovl.conf now?

I will look because i dont know-undesrtand what yyou mean about the change of the user/group in .conf file

I don’t use it. I’ve used openresolv in the past instead of resolvconf.

Then it probably won’t be an issue.

I was trying to make it work but i cant.

edit the update-resolv-conf with

cp /etc/resolv.conf /etc/resolv.conf.default

and

mv -f /etc/resolv.conf.default /etc/resolv.conf

as some examples i have seen and nothing.

Where exactly should i insert the lines?

I tryed to run the command through ssh

cp /etc/resolv.conf /etc/resolv.conf.default

just to see if it works and i get back

osmc@osmc-rpi3:~$ cp /etc/resolv.conf /etc/resolv.conf.default
cp: cannot create regular file ‘/etc/resolv.conf.default’: Permission denied

any help?

In this block of code in /etc/openvpn/update-resolv-conf:

	done
>>>>>>>>>>>>>>>>>>>>> HERE <<<<<<<<<<<<<<<<<<<<
	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
	;;
  down)
	/sbin/resolvconf -d "${dev}.openvpn"
>>>>>>>>>>>>>>>>>>>>> HERE <<<<<<<<<<<<<<<<<<<<
	;;
esac

openvpn runs as root, so has the necessary permissions.

Thank you it worked but for the first time.

I edited /etc/openvpn/update-resolv-conf as you said…

before i connect my routers dns in /etc/resolv.conf

i connect to a server and my vpns private dns in /etc/resolv.conf

i disconnect openvpn my router as dns server.

From then what ever i do i connect again , i rebooted 5 times , i connect again, i even removed the edits i did i always have my router as dns server in /etc/resolv.conf

i dont understand…

So that is working as you want. Correct?

Does it create the /etc/resolv.conf.default file when you connect again?

Hi again,

So that is working as you want. Correct?

Yes that is what i want!!!
But i would like to it work again each time i connect and disconnect, accordingly to switch between my routers and my private vpn’s dns.

That is not happening.

Does it create the /etc/resolv.conf.default file when you connect again?

Yes every time i connect it creates resolv.conf.default and its time i disconnect it replaces resolv.conf

The thing is that again its like update-resolv-conf does not work again… no matter what i do…

I even deleted resolv.conf so after reboot it would regenerate , it regenerates and never again changes to my vpn’s private dns… its always with my router.

The only thing is to uninstall openvpn and its dependances , install it again , and it again will work for first time…

1 Please reboot, then run grab-logs -A and tell us the URL it returns.

2 Run

connmanctl services
connmanctl services <service name>

where the <service name> is the output from the first command, eg ethernet_b827ebxxxxxx_cable.

3 Connect openvpn and then disconnect it. After each operation, show the contents of /etc/resolv.conf and /etc/resolv.conf.default (if it exists). Then repeat again - and again show the contents of the two files.

thanks i will do and i will come back to you…!!!

And something that might tell you something, i dont know…

if uninstall openvpn and i reinstall it as i told you i works for the fist time.

when i ls -a /etc/resolv*

i see

conf

as you see the file resolv.conf has a lite blue colour (sorry , i am a little color blind…)

after first vpn connect (a little blue again) and the copy as you see
resolv first connect

at first disconnect resolv.conf is replaced by the copy and changes color to white
resolv first disconnect

and at first reconnect , reboot or whatever until reinstall same white colour
resolv first reconnect

I think that the colours with ls -a command shows the file and folder privileges,
maybe it has something to do with file permitions after replacement?

I come back with what you tell me…

Hello again, i sorry for the delay.

here is my log

https://paste.osmc.tv/mivariqiza

Before connect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

After first connect

GNU nano 2.2.6 File: /etc/resolv.conf

#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN
nameserver 198.18.0.1
nameserver 198.18.0.2

and

GNU nano 2.2.6 File: /etc/resolv.conf.default

#Generated by Connection Manager
nameserver 192.168.2.1

After first disconnect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

After second connect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

and

GNU nano 2.2.6 File: /etc/resolv.conf.default

#Generated by Connection Manager
nameserver 192.168.2.1

but

/etc/resolvconf/run/resolv.conf
GNU nano 2.2.6 File: /etc/resolvconf/run/resolv.conf

#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN
nameserver 198.18.0.1
nameserver 198.18.0.2

after second disconect

GNU nano 2.2.6 File: /etc/resolv.conf

#Generated by Connection Manager
nameserver 192.168.2.1

and

but /etc/resolvconf/run/resolv.conf
GNU nano 2.2.6 File: /etc/resolvconf/run/resolv.conf

#Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN

and so on, nothing changes even after many connects and disconnects.

As you can see /etc/resolvconf/run/resolv.conf after connect updates with vpns dns kai emptys after disconnect. The etc/resolv.conf just copys itself on and on and on.

Here is also my update-resolc-conf in case you can find something


Thanks again.

I think I can see what is happening and it looks like the changes people previously made to /etc/openvpn/update-resolv-conf will no longer work.

But it looks like resolvconf now (almost) works without needing any changes. I tested it on my system and if the VPN sets two nameservers it seems to work fine. If the VPN only sets one nameserver, then the original nameserver appears on line 2, which isn’t ideal.

I suggest you remove the two lines from /etc/openvpn/update-resolv-conf and then run:

sudo systemctl stop openvpn  # just to be sure it isn't running
sudo apt-get purge resolvconf
sudo apt-get install resolvconf

Then check if /etc/resolv.conf is being correctly updated when you start and stop openvpn. On my system it does work.

i tried it , i did you you say…
i reinstalled resolvconf , i removed the lines from /etc/openvpn/update-resolv-conf, i have the security 2 on my ovpn files…

When i connect resolv.conf updates with vpn’s dns but on disconnect its empty and stays empty until i reboot.

you say its working on your system and even after disconnect resolv.conf has your custom dns?

Like I said at the beginning, I’ve uses openresolv in the past, since it is a lot less trouble. It’s not available on Debian jessie but version 3.8.0 is available on Debian stretch, if you can wait a day or two for OSMC to upgrade to stretch.

Alternatively, you can install version 3.9.0 now from https://roy.marples.name/projects/openresolv.

Whichever version you choose, I’d recommend you remove the resolvconf package (and ifupdown that came with it) and use openresolv instead.

I just made the update (Debian Strech) , and i will make some tests and some reading on how exaclty i can use openresolv. i wi’ll give it a try…

as @sam_nazarko said about the update,

but after first test its all the same , i have in open ovpn files the lines,

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

i have installed resolvconf via sudo apt-get install resolvconf

I haven’t changed anything in update-resolv-conf.

I connect and resolv.conf is filled with my vpn’s dns servers, but when i disconnect my resolv.conf is empty and i have no internet connectivity, until i reboot.

last night i found 2 solutions that work somehow…

I tell you from now i am a complete noob when it comes to linux…only last month that i had a goal to setup open vpn with no dns leaks firts of all to learn and second as a personal goal, learnd how to connect through ssh.

Maybe the solutions are weird or funny, but i would like your opinion…

First one, is adding some lines in update-resolv-conf based in logic that resolv.conf is a symbolic link to /etc/resolvconf/run/resolv.conf and thats why

doesn’t help me, because it breaks the link, and after its just a file that copys it self on and on…

I tried:

for NS in $NMSRVRS ; do
R="${R}nameserver $NS
"
done
cp /etc/resolv.conf /etc/resolv.conf.default <-- i just make a copy that i will use later that contanes some default dns so i can connect to the internet or reconnect to vpn.
echo -n “$R” | /sbin/resolvconf -a “${dev}.openvpn”
cp -P /etc/resolv.conf.simlink /etc/resolv.conf <-- a copy as symlink to see /etc/resolvconf/run/resolv.conf that updates with vpn’s dns

;;
down)
/sbin/resolvconf -d “${dev}.openvpn”
cp -P /etc/resolv.conf /etc/resolv.conf.simlink <-- i replace the simple file with symlink file that targets /etc/resolvconf/run/resolv.conf with updates in every connect with vpn’s dns
mv -f /etc/resolv.conf.default /etc/resolv.conf <–and because /etc/resolvconf/run/resolv.conf is always empty i replace it with the backup file so i can have dns to connect
;;
esac

Its like a big loop, it works good but it has a disadvantage , you cannot change dns from My OSMC(dhcp or static) if you want to change dns in resolv.conf you have to ssh -> sudo nano it.

And the other is something i found that regenerates resolv.conf after being empty, without reboot system.

is by adding

systemctl restart connman

in

update-resolv-conf , script

done

echo -n “$R” | /sbin/resolvconf -a “${dev}.openvpn”

;;
down)
/sbin/resolvconf -d “${dev}.openvpn”
systemctl restart connman
;;
esac

after down command, so connman restarts and regenarates my resolv.conf with systems dns.

is it safe , wise to restart connman that way or it causes a problem that i haven’t meet until now , or later? does it affect me?

You have something else to suggest now with the changes that update brought?

Maybe stupid ways but i would like some feedback - opinion from someone…

Thanks.

Hi. First of all I’d like to congratulate you for all the work you’ve put into trying to solve your problem. You might call yourself a Linux noob right now but you’ll soon be up to speed, given your positive attitude.

You have correctly identified that resolvconf uses a link to /etc/resolvconf/run/resolv.conf and that this caused us a few problems when we tried the workaround.

The good news is that openresolv doesn’t use any links and as as long as your openvpn .conf file still contains the lines:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

it should work without needing any modifications. (Remember that if you make any changes, they’ll be overwritten each time you get an update.)

To install openresolv from the Debian stretch repo, first remove resolvconf and ifupdown

sudo apt-get purge resolvconf ifupdown
sudo apt-get install openresolv

Thank you my friend, i really appreciate the time you spend for me and your help, i will try what you suggest with openresolv and see what resolts i get… and also thank you for your good words…

keep in mind that i owe you a beer, its the least i can do.

It’s always a pleasure to help someone who has such a positive attitude.

I’m not sure dogs are allowed to drink beer. :wink:

1 Like

http://snuffle-dogbeer.com/

:beer::+1:

See? there is always a way! :beer::beers::grinning: