Make OpenVPN DNS Work

Published: 2022-09-03

With the OpenVPN terminal client...

If your .ovpn config file does not include the UP and DOWN scripts to interact with Systemd, your DNS resolution into the VPN network may not work correctly.

One would think that adding the option dhcp-option DOMAIN <yourdomain.com> to the config file is enough to query the VPN's DNS server(s) for the specified domain, but unfortunataly that is not the case.

Before adding scripts to the config file, ensure the package is installed:

sudo apt search openvpn-systemd-resolved

should look something like:

Domains that need to be queried on the VPN's DNS servers can be pushed, but you can also add them manually.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# these domains need to resolve with the vpn dns server
dhcp-option DOMAIN <domain>

# tell systemd-resolved to update for the above 
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre

After successful connection to the VPN server, you can check DNS resolution by running `resolvectl status'. It will show which servers are used for which domains.

force dns to vpn dns servers

1
2
3
4
5
6
7

#force dns to vpn dns servers
dhcp-option DOMAIN-ROUTE .
dhcp-option DNS <vpn dns server ip>
dhcp-option DNS 10.0.0.1 

#may be needed in some cases to force all traffic as well
redirect-gateway def1 bypass-dhcp

Useful Links

• openvpn-dhcp-option-dns-not-working
• update-systemd-resolved
• systemd-resolved-not-querying-dns-server-set-by-openvpn