3

Background

I'm running Debian stretch/stable; I installed openvpn from the repo abd downloaded the configuration file us1041.conf (as an example) from my VPN provider into /etc/openvpn/us1041.conf. I want openvpn to run at boot, so following the VPN provider's instructions, I created /etc/openvpn/auth.txt with my credentials, add auth-user-pass auth.txt to the configuration file, and added AUTOSTART="us1041" to /etc/default/openvpn.

If I manually add the nameservers to /etc/resolv.conf:

nameserver 78.46.223.24
nameserver 162.242.211.137

the VPN works. Great! However, once I reboot, /etc/resolv.conf is overwritten with the nameservers from my ISP, and no connections resolve.

Also, I'm not using network manager or any GUI app to configure the network. I didn't install a graphical interface and network configuration worked "out of the box." This is /etc/network/interfaces:

source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
allow-hotplug enp0s31f6
iface enp0s31f6 inet dhcp

Question

I think I need to use the /etc/openvpn/update-resolv-conf script, but I'm not sure how to configure that with the configuration files that came from my VPN provider.

How can I get the VPN's nameservers to persist across reboots?

Michael A
  • 1,593
  • 5
  • 19
  • 33

2 Answers2

1

Possible solutions

Override DNS servers from from your ISP's DHCP server:

/etc/dhcp/dhclient.conf:

supersede domain-name-servers 78.46.223.24, 162.242.211.137

Edit /etc/network/interfaces (or are you using NetworkManager?)

Include dns-nameservers 78.46.223.24 162.242.211.137 along with your internet interface's definitions (ip, gateway, etc.) if you define them there.

Edit your NetworkManager configuration

Using the nm-connection-editor or nmcli, for example, specify DNS servers manually.

Use a helper script

Integrate OpenVPN with systemd-resolved via DBus, for example.

Community
  • 1
Andrew Siplas
  • 464
0

The first 2 lines of /etc/resolv.conf is

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

I think you didn't read it...

You have 2 choices: - put these lines into your openvpn.conf (the preferred way)

dhcp-option DNS 78.46.223.24
dhcp-option DNS 162.242.211.137
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

or these to /etc/resolvconf/resolv.conf.d/head (can cause problems when vpn is down)

nameserver 78.46.223.24
nameserver 162.242.211.137
Ipor Sircer
  • 14,546
  • 1
  • 27
  • 39
  • The first two lines of said file aren't what you claim they are. At least not always. My resolv.conf was updated (trashed) by I think dhclient, and the only line is a nameserver entry… Not everyone uses (or used in 2017) resolvconf. I tried it shortly after it was introduced, and soon found it very lacking and never used it again. – Jürgen A. Erhard Nov 15 '22 at 17:44