Categories
Linux Networking

partial use of DNS in OpenVPN split-tunnel in Ubuntu

In Ubuntu 18.04 LTS my network configuration is setup by NetworkManager and DNS is provided by systemd. If you use a split-tunnel, which means you didn’t route all your traffic through the VPN connection, the DNS server announced by the VPN server will not be used in any situation.

To solve this issue, you can use the script update-systemd-resolved to automatically correct the DNS settings after OpenVPN connection.

As I wrote, NetworkManager didn’t support all OpenVPN options, you have to use openvpn directly and not via NetworkManager to use this solution.

Installation

First you have to save the script to your disk. I saved it in path /etc/openvpn/scripts/update-systemd-resolved.

Configuration

Then you have to modify your OpenVPN profile and add the following lines to the end:

dhcp-option DOMAIN-ROUTE myvpndomain.de.
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/scripts/update-systemd-resolved
up-restart
down /etc/openvpn/scripts/update-systemd-resolved
down-pre

This will run the update script after connection setup and before tear down. Additionally it will mark all DNS queries to myvpndomain.de to use the DNS server provided by the VPN tunnel and not the already defined DNS server.

To check if it is successful, you can run:

systemd-resolve --status

And the output should contain something like:

Link 34 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 10.10.20.1
          DNS Domain: ~myvpndomain.de

Link 3 (wlp4s0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.1
          DNS Domain: ~.