Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS Resolution #3

Open
yangchoo opened this issue Nov 30, 2022 · 5 comments · May be fixed by #5
Open

DNS Resolution #3

yangchoo opened this issue Nov 30, 2022 · 5 comments · May be fixed by #5

Comments

@yangchoo
Copy link

Posting here for visibility in case it helps anyone who runs into a similar issue or has a better solution.

Ran into an issue where the AWS configured DNS server was not being utilized, resulting in internal addresses not being able to be resolved. I'm unsure how the VPN client automatically handles this and I don't see any references in the exported OVPN file.

Option 1 - resolv.conf

Overwrite /etc/resolv.conf directly to use the new DNS server

nameserver xxx.xxx.xxx.xxx

This overrides ALL traffic to go through the AWS DNS server. If the gateway is properly configured (e.g. with split tunneling) and load/performance isn't an issue, this is the simplest.

Option 2 - dnsmasq

Use dnsmasq for more granular control of which nameservers to use for address ranges.

Overwrite /etc/resolv.conf to point to internal dnsmasq address, defaults to 127.0.0.1

nameserver 127.0.0.1

Uncomment no-dhcp-interface and add in default nameserver and nameservers for specific internal domains

server=xx.xx.xx.xx
server=/mydomain.com/yy.yy.yy.yy

Option 3 - route gateway config

This is the most advanced option. Note that I couldn't get this to work for my usecase, but this would be the most portable as the configuration should be encapsulated within the ovpn file.

This should be some combination of

route-gateway xx.xx.xx.xx
push "route-gateway xx.xx.xx.xx"
push "route yy.yy.0.0 255.255.0.0 xx.xxx.xx.xx 1"

The exact combination of addresses and gateway will depend on your route list.
@JonathanxD
Copy link
Owner

Hmm, I need to look how AWS Client does this, but I'm pretty sure it's possible to do since we do this on our VPN (not AWS tho, so I need to setup my own in order to test).

@outergod
Copy link

outergod commented Dec 8, 2022

The "right" way to do it is to utilize systemd-resolved on most modern systems, which can be configured through DBus calls. https://github.com/jonathanio/update-systemd-resolved provides a solution for this.

Overwriting /etc/resolv.conf is a subpar idea these days, as modern distros often supply local DNS servers configured as sole DNS, that should be configured, instead.

@outergod
Copy link

outergod commented Dec 8, 2022

For the record, NetworkManager's OpenVPN integration parses the OpenVPN output directly to set routes and DNS, but that's obviously not an option with a custom GUI.

@FelipeLema
Copy link

For the record, NetworkManager's OpenVPN integration parses the OpenVPN output directly to set routes and DNS, but that's obviously not an option with a custom GUI.

I don't see why not... aren't we capturing the openvpn output already?

@FelipeLema FelipeLema linked a pull request Apr 4, 2023 that will close this issue
Open
@nekinie
Copy link

nekinie commented Dec 15, 2024

For anyone using systemd-resolved (Ubuntu), the following can get you pretty far:

resolvectl dns tun0 10.100.0.2
resolvectl domain tun0 ~amazonaws.com

Update it to use your nameservers/domains and run after the VPN connection is online.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

read DNS ip address from openvpn output ( fix #3 ) FelipeLema/openaws-vpn-client
5 participants
@outergod @FelipeLema @nekinie @JonathanxD @yangchoo