How to ensure OpenVPN connection uses specific DNS?

Question

I'm using OpenVPN through Tunnelblick on MacOS X Lion.

I need to set specific DNS (with local IP, which works only when VPN is up) for the duration of this VPN session only.

I do not have access to the OpenVPN server configuration. Only client config. Also, DNS from the server doesn't work.

So it works like this: I connect to VPN, go the Network preferences and manually set DNS. After VPN is disconnected, I switch back to default. It works, but it needs to be automatic.

After some exploration I found that OpenVPN up- and down- scripts might help me with that. Unfortunately, I haven't found any specific documentation about how exactly it can be done.

How it can or can't be done? Any advice would be appreciated!

I've also considered ControlPlane app - no luck figuring it out :-) — Stanislav Shabalin, Aug 12 '12 at 13:11
@quanta Nice, but I'll have to list all domains - that's too much :-( (We have a few dozens of domains in our developer infrastructure.) — Stanislav Shabalin, Aug 12 '12 at 14:38

score 79 · Accepted Answer · answered Aug 12 '12 at 14:45

79

try adding:

# put actual dns name here
dhcp-option DNS 10.11.12.13

to your client's config

answered Aug 12 '12 at 14:45

pQd

29,561
5
64
106

2

Thank you! It worked. I've stumbled upon `push "dhcp-option DNS 10.11.12.13"` regarding server configs, didn't know how to convert it to client configs. Thanks again :-) – Stanislav Shabalin Aug 12 '12 at 15:09
this works, but still in openvpn I can see my local DNS still gets pushed: DNS servers '4.2.2.1 4.2.2.2 192.168.0.1' will be used for DNS queries when the VPN is active NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems. – meso_2600 Jun 21 '17 at 12:00

score 13 · Answer 2 · edited Mar 27 '20 at 10:05

13

If you (unlike the OP) have access to the OpenVPN server configuration, you can add this option in your OpenVPN server.conf if you want to push for all the clients:

push "dhcp-option DNS 8.8.8.8"

You can change the 8.8.8.8 to your desired DNS.

edited Mar 27 '20 at 10:05

Per Lundberg

171
1
9

answered Dec 27 '17 at 11:25

arbabnazar

499
6
9

3

OP is clearly saying that he doesn't have access to the server configuration. – Kennet Celeste Oct 14 '18 at 18:37
1

why is this still getting upvotes? clearly the a wrong answer, `push` inside a client conf doesn't work – xiamx Jun 04 '19 at 21:02
BCS "if you have access to the OpenVPN server configuration" – Petr May 13 '20 at 09:36

score 5 · Answer 3 · answered Jan 28 '19 at 16:24

5

add this to client config file:

#ipv4
pull-filter ignore "dhcp-option DNS"
#ipv6
pull-filter ignore "dhcp-option DNS6"

answered Jan 28 '19 at 16:24

cym

51
1
1

This fixed the 'no internet connectivity detected' issue with many Windows 10 apps (like Word, Excel, Outlook, Store Apps) for me. Was using OpenVPN, traffic routed over VPN with a custom DNS over VPN. – lvmeijer Jan 06 '20 at 09:48

How to ensure OpenVPN connection uses specific DNS?

3 Answers3

Linked

Related