Force DNS with networkmanager

English Network/Internet
#1

I’m running openvpn 2.4.6 as a client to a VPS running openvpn and pihole.

Some openvpn features I use do not work with the Leap 42.3 release of openvpn, which is why I had to upgrade to 2.4.6. Further networkmanager isn’t compatible with the latest rev of openvpn. Thus I am using openvpn with a .opvn configuration file, basically


sudo openvpn --config file.opvn

Because I am using pihole, I need to use the DNS of the VPN.

If I edit resolve.conf to be


nameserver 10.8.0.1

pihole works fine. That is the resolver comes from the VPN running on the VPS.

What I need to do is set up a connection in NetworkManager such that the DNS is strictly 10.8.0.1. When I try to set the DNS within Network Manager Connection editor, I get 10.8.0.1 plus that of the IP assigned to eth0, which in turn uses the DNS of the ISP. I don’t want any other DNS except from the VPN.

Note that I have this openvpn/pihole combination running fine on my Android phone. It is on Opensuse that I can’t force the DNS unless I edit resolv.conf. Or perhaps more correct is that the push from the openvpn server is not setting the DNS, though it does set the IP to be that of the VPN.

As an aside, openvpn has an option in the .opvn file to execute some scripts to rewrite resolv.conf. I haven’t found any suitable code, but basically it would go something like this. That is I can probably get this to work, but it seems clumsy.

Inside the .opvn file, add these lines:


script-security 2
up /etc/openvpn/update-resolv-conf-on
down /etc/openvpn/update-resolv-conf-off

update-resolv-conf-on contains:


#!/bin/bash
rm /etc/openvpn/resolv.conf.orig
cp /etc/resolv.conf /etc/openvpn/resolv.conf.orig
rm /etc/resolv.conf
cp /etc/openvpn/resolv.conf.vpn /etc/resolv.conf

Where resolv.conf.vpn contains:


nameserver 10.8.0.1

update-resolv-conf-off contains:


#!/bin/bash
rm /etc/resolv.conf
cp /etc/openvpn/resolv.conf.orig /etc/resolv.conf

There are some file permission errors to debug, but the basic idea works. That said, I rather just pick the right connection in NetworkManager than rewriting the resolv.conf file.

Suggestions?

#2

NM can be set to use “Automatic (DHCP) addresses only” method which should avoid it.

#3

This should fix your problem automatically whenever you activate your openvpn connection

https://wiki.archlinux.org/index.php/OpenVPN#Override_DNS_servers_using_NetworkManager

TSU

#4

Thanks. This works. You do need to read the whole bug report:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1211110/comments/92
since it also has the trick to run networkmanager from command line.

Here is a summary of what I am doing. Since the code (perhaps not the right word) for networkmanager starting openvpn doesn’t work for rev 2.4.6, I have created a connection for the VPN using the normal wired connection BUT with this trick to set the DNS. Then I run openvpn from the command line.

The ipv4 section of the connection file found in /etc/NetworkManager/system-connections contains:


[ipv4]
dns=10.8.0.1;
ignore-auto-dns=true
method=auto
dns-priority=-1

The use of semicolons seems odd, but I suspect the dns line is parsed differently in that it could contain comma separated values.

The resulting contents of /etc/resolv.conf is:


# Generated by NetworkManager
nameserver 10.8.0.1
nameserver fe80::1%eth0

I have turned off auto connection since there are times I may not want to use the VPN. Each connection method will need a plain and VPN flavor.

I assume the next or at least future version of NetworkManager will be set up to run openvpn 2.4.6 or greater, making this trick unnecessary eventually.