S1300 - OpenVPN Client - Internal DNS not working

Technical Support for Routers
1

Hi, I’m having trouble getting my router to use internal dns with connecting to openvpn. Everything else works and I can ping everything internal to my vpn network, but I am unable to resolve anything.

After a bunch of research, I think I have a good understanding about how this SHOULD work, but it doesn’t appear to be doing so in practice.

How I understand it.

This instructs dnsmasq to change which resolv settings it uses.
At the bottom of .ovpn file
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2

When connecting to OpenVPN the below script will create resolv.conf.vpn and sets it as the active file, and restarts dnsmasq

/etc/openvpn/update-resolv-conf

 #!/bin/sh

    case $script_type in
    up)
            i=1
            ns=""
            while true; do
                    # As we know, for non-Windows openvpn clients can accept push DH
                    # options by using a client-side up script which parses the
                    # foreign_option_n environmental variable list
                    eval opt=\$foreign_option_${i}
                    [ -z "${opt}" ] && break

                    ns="$ns\n$(echo ${opt} | sed -e 's/dhcp-option DOMAIN/domain/g'

                    i=$((i + 1))
            done

            if [ -n "$ns" ]; then
                    echo -e "$ns" > /tmp/resolv.conf.vpn
            else
                    echo -e "nameserver 209.244.0.3\nnameserver 64.6.64.6" > /tmp/resolv.conf.vpn
            fi

            uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.vpn'
            uci commit dhcp
            # Let it runs on background, in order to avoid any delay to add route table,
            # which will effort to mwan3
            /etc/init.d/dnsmasq restart &
            ;;
    down)
            # Restore dns
            [ -f "/tmp/resolv.conf.vpn" ] || return 0
            rm -fr "/tmp/resolv.conf.vpn"
            uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
            uci commit dhcp
            /etc/init.d/dnsmasq restart &
            ;;
    esac

    exit 0

Dnsmasq config when connected to OpenVPN
config dnsmasq
option domainneeded ‘1’
option boguspriv ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_localhost ‘1’
option local ‘/lan/’
option domain ‘lan’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option nonwildcard ‘1’
option localservice ‘0’
option rebind_protection ‘0’
option resolvfile ‘/tmp/resolv.conf.vpn’

Difference when not Connected to OpenVPN
option resolvfile ‘/tmp/resolv.conf.auto’

Contents of resolv.conf
search lan
nameserver 127.0.0.1

Contents of resolv.conf.vpn (Internal DNS)
nameserver 192.168.1.20
nameserver 8.8.8.8
domain domain.local
dhcp-option ADAPTER_DOMAIN_SUFFIX domain.local

Contents of resolv.conf.auto (gateway of uplink)
#Interface wwan
nameserver 192.168.254.1

Now, this all looks correct to me, but for whatever reason, it doesn’t use my internal DNS when connected.

2

Looks like you’re trying to have an unsophisticated DNS resolver somehow know that you want to resolve some names locally and others through 8.8.8.8. As far as I know, dnsmasq picks the “best” resolver from those offered and doesn’t know how to switch between them by context.

To do that kind of thing, I would move to unbound or the like. Many options there for handling local domains and client-specific views. I don’t know if there is any DHCP integration though, if that is important to you.

Another option would be to use only your local dnsmasq and change its upstream DNS reference depending on the state of your connectivity.

1 Like
3

First of all. Thanks for your response!

I tried removing the 8.8.8.8 nameserver and it made no difference. My goal with having 8.8.8.8 was having a backup in case my local dns server was unavailable for some reason. I currently have the following in my resolv.conf.vpn per someone mentioning the same in my OpenWRT forum thread.

nameserver 192.168.1.20
domain domain.local
dhcp-option ADAPTER_DOMAIN_SUFFIX domain.local

I don’t mind using something else to get this to work. This is just what came by default with the router. I intend on using this in hotels when traveling, but it would be nice to get the internal dns working :slight_smile:

I’m cool with using whatever. I just would have assumed this would work by default with the default configuration.

1 Like