Fixing OpenVPN DNS Issues on Ubuntu 18.04

This guide addresses common OpenVPN DNS troubleshooting Ubuntu 18.04 issues, where a successful VPN connection does not guarantee proper DNS resolution.

Understanding the Problem: DNS and VPNs

When you use a VPN, your internet traffic, including DNS requests, is routed through the VPN server. DNS requests translate domain names (like google.com) into IP addresses. If your VPN client isn’t configured to use the VPN’s DNS servers, or if there’s a conflict with local DNS settings, you’ll experience a “connected but no internet” problem.

Read: How to Install OpenVPN on Ubuntu 16.04 And 18.04

Common Causes and Solutions

1. systemd-resolved Conflicts

   Ubuntu uses systemd-resolved for DNS resolution, which can clash with OpenVPN’s DNS settings. Here’s how to diagnose and resolve this common systemd-resolved conflict resolution Ubuntu issue:

   1. Check Your Current DNS Resolver:

      systemd-resolve --status | grep "Current DNS Server"

      Run this command before and after connecting to your VPN. If it doesn’t show the VPN’s DNS server after connecting, this is likely the source of the problem.

   2. Option A: Use openresolv (Recommended for most users)openresolv manages DNS configurations from multiple sources, including VPNs, and integrates well with systemd-resolved. This is a common approach to achieve Ubuntu OpenVPN DNS configuration fixes.
      • • Install openresolv:

      sudo apt update
      sudo apt install openresolv

      • • Modify your OpenVPN client configuration file (.ovpn):

      script-security 2
      up /etc/openvpn/update-resolv-conf
      down /etc/openvpn/update-resolv-conf

      Explanation:

      • • script-security 2: Permits OpenVPN to execute scripts.
        • up and down: Specify scripts to run when the VPN connection is established and terminated, respectively.
        • /etc/openvpn/update-resolv-conf: A script (usually provided by OpenVPN or openresolv) that updates DNS settings based on the VPN connection. It interacts with resolvconf to manage the /etc/resolv.conf file.
      • If using NetworkManager, check the “Use this connection only for resources on its network” option in the GUI. This often handles DNS correctly without manual .ovpn edits.
   3. Option B: Temporarily Disable systemd-resolved (Not Recommended for Long-Term Use)This is a quick test, but *not* recommended for production. It can disrupt services relying on systemd-resolved.
      • • Disable and stop systemd-resolved:

      sudo systemctl stop systemd-resolved
      sudo systemctl disable systemd-resolved

      • • Manually edit /etc/resolv.conf:

      sudo nano /etc/resolv.conf

      • • Add your VPN provider’s DNS servers (replace with your VPN’s DNS):

      nameserver 10.8.0.1
      nameserver 8.8.8.8  # Optional: Fallback public DNS (Google DNS)

      • • Important: After disconnecting from the VPN, *manually* restore your original /etc/resolv.conf and re-enable systemd-resolved:

      sudo systemctl enable systemd-resolved
      sudo systemctl start systemd-resolved

2. DNS Leaks

   Even with DNS routed through the VPN, leaks (DNS requests going through your ISP) can occur. Enforce stricter DNS settings to prevent this:

   • Add the following to your .ovpn file or NetworkManager settings:

     block-outside-dns
     dhcp-option DNS 

     For example, to add to your .ovpn file:

     sudo nano /etc/openvpn/client.ovpn

     Then add (replace 1.1.1.1 with your VPN’s DNS server):

     dhcp-option DNS 1.1.1.1

   • Explanation:
     • block-outside-dns: (Primarily for Windows) Prevents DNS leaks.
     • dhcp-option DNS: Explicitly sets the DNS server, overriding local network settings.

3. Firewall Issues

   Rarely, your firewall (ufw) might block DNS traffic (port 53, UDP and TCP, usually UDP):

   sudo ufw allow out 53

   For restrictive firewalls, create specific rules allowing traffic to/from your VPN’s DNS server IP.

4. Check the logs

   Check the status of the openvpn service and the syslog to find valuable information:

   • • Check OpenVPN service status:

   sudo systemctl status openvpn

   • • Check syslog for OpenVPN-related messages:

   sudo tail -f /var/log/syslog | grep openvpn

Read: How to set up a UFW on Ubuntu 22.04

Testing and Verification

1. Restart OpenVPN:
   • If using systemd:

     sudo systemctl restart openvpn@service_identifier

     (Replace service_identifier with your actual service name, if applicable. If you are not using a systemd service, you can omit the `@` and what follows).

   • Or:

     sudo service openvpn restart

2. Check IP and DNS: Use sites like ipleak.net or dnsleaktest.com. Your public IP should be the VPN’s, and DNS servers should be those of your VPN.
3. Test DNS resolution:
   • Using dig:

     dig google.com

     Output should show google.com’s IP and the DNS server used (should be your VPN’s).

   • Using nslookup:

     nslookup google.com

     The nslookup command queries the DNS to obtain domain name or IP address mapping.

Common Pitfalls

• Forgetting to restart OpenVPN after configuration changes.
• Typographical errors in configuration files (.ovpn, /etc/resolv.conf).
• Conflicting network managers (NetworkManager vs. manual config edits). Stick to one method.
• Multiple active VPN connections with conflicting DNS settings.

Conclusion

DNS resolution problems with OpenVPN on Ubuntu 18.04 are often caused by conflicts with `systemd-resolved`, DNS leaks, or firewall issues. The most reliable long-term solution is typically using `openresolv` and correctly configuring your OpenVPN client. Always remember to restart the OpenVPN service after making configuration changes, and use online tools to verify your IP address and DNS server.

 

 

The post Fixing OpenVPN DNS Issues on Ubuntu 18.04 appeared first on net2.