| View previous topic :: View next topic |
| Author |
Message |
Bungopolis
Apprentice
Joined: 31 Jan 2004
Posts: 198
Location: San Francisco, CA, USA
|
 Posted: Tue Nov 11, 2008 11:51 pm Post subject: openvpn & resolv.conf [SOLVED] |
 |
|
I have a working OpenVPN client connection, but my /etc/resolv.conf is not being updated. I've installed openresolv to manage my resolv.conf, but I'm not sure where to go from there. How do I get OpenVPN to work with openresolv to update my resolv.conf?
Last edited by Bungopolis on Wed Nov 12, 2008 1:16 pm; edited 1 time in total |
|
| Back to top |
|
 |
bombcar
Guru
Joined: 08 Apr 2003
Posts: 419
Location: Lincoln Acres, CA
|
| Posted: Wed Nov 12, 2008 12:00 am Post subject: |
|
|
Ok. On the client side, you need to have the up and down lines defined. For example, on Ubuntu I have
| Code: |
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
|
Then, you need the server.conf on the server side to send DNS and DOMAIN information, such as:
| Code: |
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DOMAIN example.com"
|
Note - if you want your script to modify resolv.conf when going down you'll have to disable the user/group options because OpenVPN can't fiddle with it when not root. |
|
| Back to top |
|
|
Bungopolis
Apprentice
Joined: 31 Jan 2004
Posts: 198
Location: San Francisco, CA, USA
|
| Posted: Wed Nov 12, 2008 12:02 am Post subject: |
|
|
| Thanks bombcar. However, I don't have an /etc/openvpn/update-resolv-conf -- I believe that's a Debian specific config file from its openvpn package. What's the preferred gentoo way of doing this? |
|
| Back to top |
|
|
bombcar
Guru
Joined: 08 Apr 2003
Posts: 419
Location: Lincoln Acres, CA
|
| Posted: Wed Nov 12, 2008 12:13 am Post subject: |
|
|
update-resolv-conf is just a script; you could use the Ubuntu one. It calls resolvconf (which is the program that openresolv runs anyway).
| Code: |
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
[ -x /sbin/resolvconf ] || exit 0
case $script_type in
up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$part3"
fi
fi
done
R=""
if [ "$IF_DNS_SEARCH" ] ; then
R="${R}search $IF_DNS_SEARCH
"
fi
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
;;
down)
/sbin/resolvconf -d "${dev}.inet"
;;
esac
|
[/topic][/profile] |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6099
Location: Blighty
|
| Posted: Wed Nov 12, 2008 5:47 am Post subject: |
|
|
OpenVPN ships with up/down scripts that do just that.
What's more, they don't rely on bash 
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1082
Location: Belgium
|
| Posted: Wed Nov 12, 2008 8:26 am Post subject: |
|
|
| UberLord wrote: | OpenVPN ships with up/down scripts that do just that.
What's more, they don't rely on bash |
What version would that be?
| Code: | $ equery f openvpn
[ Searching for packages matching openvpn... ]
* Contents of net-misc/openvpn-2.0.7-r2:
/etc
/etc/init.d
/etc/init.d/openvpn
/etc/openvpn
/etc/openvpn/.keep_net-misc_openvpn-0
/usr
/usr/lib64
/usr/lib64/openvpn
/usr/lib64/openvpn/openvpn-auth-pam.so
/usr/lib64/openvpn/openvpn-down-root.so
/usr/sbin
/usr/sbin/openvpn
/usr/share
/usr/share/doc
/usr/share/doc/openvpn-2.0.7-r2
/usr/share/doc/openvpn-2.0.7-r2/AUTHORS.bz2
/usr/share/doc/openvpn-2.0.7-r2/ChangeLog.bz2
/usr/share/doc/openvpn-2.0.7-r2/PORTS.bz2
/usr/share/doc/openvpn-2.0.7-r2/README.bz2
/usr/share/man
/usr/share/man/man8
/usr/share/man/man8/openvpn.8.bz2
/usr/share/openvpn
/usr/share/openvpn/easy-rsa
/usr/share/openvpn/easy-rsa/README
/usr/share/openvpn/easy-rsa/build-ca
/usr/share/openvpn/easy-rsa/build-dh
/usr/share/openvpn/easy-rsa/build-inter
/usr/share/openvpn/easy-rsa/build-key
/usr/share/openvpn/easy-rsa/build-key-pass
/usr/share/openvpn/easy-rsa/build-key-pkcs12
/usr/share/openvpn/easy-rsa/build-key-server
/usr/share/openvpn/easy-rsa/build-req
/usr/share/openvpn/easy-rsa/build-req-pass
/usr/share/openvpn/easy-rsa/clean-all
/usr/share/openvpn/easy-rsa/inherit-inter
/usr/share/openvpn/easy-rsa/list-crl
/usr/share/openvpn/easy-rsa/openssl.cnf
/usr/share/openvpn/easy-rsa/pkitool
/usr/share/openvpn/easy-rsa/revoke-full
/usr/share/openvpn/easy-rsa/sign-req
/usr/share/openvpn/easy-rsa/vars
|
Or do I need the examples USE flag?
| Code: | $ eix -e openvpn
[I] net-misc/openvpn
Available versions: 2.0.6 2.0.7-r2 ~2.0.9 ~2.1_rc13 {examples iproute2 minimal pam passwordsave pkcs11 selinux ssl static threads userland_BSD}
Installed versions: 2.0.7-r2(10:11:24 26-06-08)(iproute2 pam ssl threads -examples -minimal -passwordsave -selinux -static)
Homepage: http://openvpn.net/
Description: OpenVPN is a robust and highly flexible tunneling application compatible with many OSes.
|
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6099
Location: Blighty
|
| Posted: Wed Nov 12, 2008 10:45 am Post subject: |
|
|
The 2.1 version installs them. I could have sworn the 2.0 versions did too, but I checked and they didn't
Ah well. Try 2.1 and the init script it supplies. You should be able to use the 2.1 init script with 2.0, along with the up/down scripts.
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
Bungopolis
Apprentice
Joined: 31 Jan 2004
Posts: 198
Location: San Francisco, CA, USA
|
| Posted: Wed Nov 12, 2008 1:16 pm Post subject: |
|
|
| Great, updating to 2.1 did the trick. Everything now works magically, and I don't need openresolv. Thanks! |
|
| Back to top |
|
|
|
Networking & Security
