Ubuntu 18.04 no DNS resolution when connected to OpenVPN

Problem

The file /etc/resolv.conf does not get updated by the /etc/openvpn/update-resolv-conf script because resolvconf is not installed by default on ubuntu 18.04.

In fact, one of the first lines of that script checks for the /sbin/resolvconf executable: 

[ -x /sbin/resolvconf ] || exit 0

Installing resolvconf via apt-get is not a solution as the /etc/openvpn/update-resolv-conf script updates the /etc/resolv.conf file with the pushed DNS entry but the tun device seems to ignore it.

Solution

  1. Ubuntu 18.04 uses systemd-resolved, so all you have to do is install the openvpn helper script for systemd-resolved via

    sudo apt install openvpn-systemd-resolved

    or with these GitHub instructions

  2. Update your config.ovpn file adding these lines:

    script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre

    That instead of adding up and down of /etc/openvpn/update-resolv-conf to the conf.

  3. To prevent DNS Leakage, you should add this line to the end of the config.ovpn file (according to this systemd issue comment):

    dhcp-option DOMAIN-ROUTE .

I found a solution on this blog post. While there are two solutions mentioned, I prefer using the second one because it means my DNS is set by the OpenVPN server (the first solution means I use the same DNS servers whether or not I'm connected to the OpenVPN server).

In short:

  • sudo mkdir -p /etc/openvpn/scripts
  • sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/
  • sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved

Then edit your OpenVPN client file (e.g. client.ovpn) by changing the up/down scripts to:

script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved

(I have commented out the original up/down settings).


Actually, there is a much easier solution to this problem. The issue is with DNS traffic and how Ubuntu 18 manages that. By default IP forwarding is disabled which is what OpenVPN needs in order to provide proper networking. All you have to do is run the following command:

sudo nano /etc/sysctl.conf

Once you have this file opened, look for the line that contains net.ipv4.ip_forward. If this line is commented, remove the # sign at the front of the line (if it is not commented then you have another issue). Save the file and then restart your OpenVPN server instance.

This fix does not require any modifications to the client or OpenVPN code following upgrade to Ubuntu 18. Tested and confirmed working.

However, this obviously requires you can administer the server. And unfortunately, the bug exists for many who just connect with 18.04 to an OpenVPN server that is administered by somebody else...

Tags:

Dns

Openvpn

Systemd Resolved

Related

How to disable the "tap dragging"-feature in Ubuntu 18.04 (libinput) without disabling "tap to click"? How to Add dnsmasq and keep systemd-resolved (18.04 to 20.04) ubuntu 18.04 LTS bluetooth [0cf3:3004] discovery not working Why can't I cd to a quoted tilde ('~')? Why is mount.cifs not working in fstab any more after upgrading from 16.04 to 18.04? Upgraded to 18.04 and now have many broken packages and unmet dependencies “English (US, International with dead keys)” missing on Ubuntu 18.04 Create a new document and rename it directly (in one step) in Ubuntu 18.04 Network Manager not working when installing ubuntu-desktop on a Ubuntu 18.04 Server installation Can't start ubuntu-desktop after upgrade to 18.04 How to switch from libinput to synaptics in Ubuntu 18.04 Can't upgrade Logitech unify Firmware using fwupd

Recent Posts