Hi, I’m having trouble getting my router to use internal dns with connecting to openvpn. Everything else works and I can ping everything internal to my vpn network, but I am unable to resolve anything.
After a bunch of research, I think I have a good understanding about how this SHOULD work, but it doesn’t appear to be doing so in practice.
How I understand it.
This instructs dnsmasq to change which resolv settings it uses.
At the bottom of .ovpn file
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
When connecting to OpenVPN the below script will create resolv.conf.vpn and sets it as the active file, and restarts dnsmasq
/etc/openvpn/update-resolv-conf
#!/bin/sh
case $script_type in
up)
i=1
ns=""
while true; do
# As we know, for non-Windows openvpn clients can accept push DH
# options by using a client-side up script which parses the
# foreign_option_n environmental variable list
eval opt=\$foreign_option_${i}
[ -z "${opt}" ] && break
ns="$ns\n$(echo ${opt} | sed -e 's/dhcp-option DOMAIN/domain/g'
i=$((i + 1))
done
if [ -n "$ns" ]; then
echo -e "$ns" > /tmp/resolv.conf.vpn
else
echo -e "nameserver 209.244.0.3\nnameserver 64.6.64.6" > /tmp/resolv.conf.vpn
fi
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.vpn'
uci commit dhcp
# Let it runs on background, in order to avoid any delay to add route table,
# which will effort to mwan3
/etc/init.d/dnsmasq restart &
;;
down)
# Restore dns
[ -f "/tmp/resolv.conf.vpn" ] || return 0
rm -fr "/tmp/resolv.conf.vpn"
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
uci commit dhcp
/etc/init.d/dnsmasq restart &
;;
esac
exit 0
Dnsmasq config when connected to OpenVPN
config dnsmasq
option domainneeded ‘1’
option boguspriv ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_localhost ‘1’
option local ‘/lan/’
option domain ‘lan’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option nonwildcard ‘1’
option localservice ‘0’
option rebind_protection ‘0’
option resolvfile ‘/tmp/resolv.conf.vpn’
Difference when not Connected to OpenVPN
option resolvfile ‘/tmp/resolv.conf.auto’
Contents of resolv.conf
search lan
nameserver 127.0.0.1
Contents of resolv.conf.vpn (Internal DNS)
nameserver 192.168.1.20
nameserver 8.8.8.8
domain domain.local
dhcp-option ADAPTER_DOMAIN_SUFFIX domain.local
Contents of resolv.conf.auto (gateway of uplink)
#Interface wwan
nameserver 192.168.254.1
Now, this all looks correct to me, but for whatever reason, it doesn’t use my internal DNS when connected.