Setting DNS servers using OpenVPN client config file
You can add the following to the client config file.
dhcp-option DNS <dns_server_ip_address>
On the server side it would have been :
push "dhcp-option DNS <dns_server_ip_address>"
It seems it's using dhcp-option
on both sides. You can do the same with route
.
In addition to either of the two below:
dhcp-option DNS <dns_server_ip_address> (add to client config)
or
push "dhcp-option DNS <dns_server_ip_address>" (add to server config)
Add these to the client config as well, to force Windows to use the configured DNS:
register-dns
block-outside-dns
The 1st forces Windows to prefer the configured DNS server over any other it may have received from DHCP. The 2nd prevents DNS leakage to any DNS server other than the configured one.
Apparently there is problem with a faulty binding order in Windows, at least including Windows 2000/XP/7. This will cause Windows OpenVPN clients to use the default network adapter's DNS settings rather than the VPN adapter's settings.
To fix this you need to place your VPN TUN or TAP device above your local network adapter in the bind order:
- Identify your VPN device by looking at the output from
ipconfig
. For me this was "Local Area Connection 2". Remember your IP address for this adapter. - Open regedit.exe and find the key under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
which matches your VPN adapter's IP address. Remember the GUID for this adapter. - Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
and double click onBind
. This will contain a list of GUIDs for the adapters. Cut and paste the line corresponding to your VPN device's GUID to the top of the list and save the list.
This will cause the DNS entries for your VPN device to be used (and only while the VPN connection is active). You can set them according to the answer by @brunoqc. While you're at it, you should probably also add the openvpn option block-outside-dns
, to ensure that DNS queries are not leaking.
This answer is based upon this very useful blog post.