Cannot run OpenVPN on port 53 (DNS Stops Working)

Question

So I'm trying to get OpenVPN to work on port 53 - sadly this isn't working.

I used IP tables to map port 53 to port 1194 (standard OpenVPN port)

Here's what I run to do this:

iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 1194
iptables -I INPUT -p udp --dport 53 -j ACCEPT

This works as the connection is fine except for when I try to visit new domains! DNS just no longer works at all.

Here's my server configuration:

local xxx.xxx.xxx.xxx #- your_server_ip goes here
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
#status 1194.log
verb 3

I specify the DNS servers as 8.8.8.8 (Google's DNS Servers) so I don't know why DNS doesn't work!

Answer 1

Bind your NAT rule to the IP address openvpn is listening on. Your current rule is intercepting all traffic going through the server with a destination port of 53 (in this case, traffic traversing your tun interface). Always try to make your rules as specific as possible; if you don't, weird things like this will happen.

Try something like this:

iptables -t nat -A PREROUTING -p udp -d xxx.xxx.xxx.xxx -i appropriate_interface --dport 53 -j REDIRECT --to-port 1194

Answer 2

i faced this problem too , and solved it by flush the iptables :

sudo iptables -F

then change the listening port number in the OpenVPN Server Admin Panel > Network Settings to 53 , then Update the Server Button , and working for me without any port forwarding or DNS problems , hope it helps.