11

How does one use the dns pushed via an openvpn server with systemd-resolved ?

Before I decide to 'upgrade' to systemd-networkd. I could use some variant of openvpn-resolv-conf script to call resolvconf to manage entries in /etc/resolv.conf on successfully establishing a vpn tunnel.

This would allow me to resolve names on the remote end of the vpn tunnel.

Now that systemd-resolved manages /run/systemd/resolved/resolv.conf is it possible to automatically add DNS pushed via a openvpn connection to the list of nameservers used for resolution?

WGH
  • 144
sw1nn
  • 171

3 Answers3

7

Use up/down scripts from https://github.com/jonathanio/update-systemd-resolved in your OpenVPN's config file. These use systemd-resolved's DBus interface to update DNS information.

Piotr Dobrogost
  • 421
3

Edit: as of today, this solution is mostly obsolete. Users of newer systemd versions should refer to the solution given by Piotr Dobrogost.

The trick is to create a temporary network configuration file with DNS settings, and then restart systemd-network so it will apply global DNS settings.

I have written a modified script that does exactly that. You can check it out here: update-systemd-network.sh

WGH
  • 144
2

For the systemd-resolved solution to work, openvpn must be stopped with SIGTERM, not with SIGKILL (else, the 'down' hook is not called to bring back /etc/resolv.conf to the original configuration).

For example:

  • If you call openvpn on the command line, then CTRL-c out, the 'down' hook is called, because openvpn is killed with SIGTERM
  • If you call openvpn in a screen command and CTRL-c out of the screen, the 'down' hook is not called, because openvpn is killed with SIGKILL, and /etc/resolv.conf ends up still having the VPN DNS servers
Andrei Radulescu-Banu
  • 21
  • 1