Ubuntu+NetworkManager+openvpn - completely replace /etc/resolv.conf with openvpn pushed DNS servers?

I am running Ubuntu 12.04 LTS but have configured NetworkManager to NOT use its built in dnsmasq for DNS resolution (by commenting out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf) as suggested by this Ubuntu bug report. This works fine and results in a /etc/resolv.conf file that contains actual DNS servers in it, rather than a reference to NetworkManager's dnsmasq running on localhost.

nameserver my.isps.name.server
search my.isp.com

The problem occurs when I attempt to connect to my VPN provider. My VPN provider is set up so that it pushes DNS server configuration down to the clients. And indeed this appears to be working, for when I connect to my VPN server, my resolv.conf gets updated to:

nameserver vpn.dns.server.1
nameserver vpn.dns.server.2
nameserver my.isps.name.server
search my.isp.com

My problem is that while the VPN connection is up, I want to completely eliminate my ISP's DNS settings from the picture (that is, get rid of the nameserver my.isps.name.server and search my.isp.com lines in my above examples, ONLY keeping the settings for the DNS servers that were pushed down by the VPN) Unfortunately I can't figure out a way to do this. I tried doing this with a custom up script, but it appears that NetworkManager-openvpn itself uses its own up script.

Any ideas?

Donald Burr

Posted 2014-01-17T09:06:53.317

Reputation: 603

Answers

I am/was having exactly the same problem with CrunchBang 11; it's possible my semi-satisfactory solution will work on Ubuntu since both are Debian-based.

I found by experiment that if I both:

install the resolvconf package, and
explicitly specify DNS servers in the VPN configuration in NetworkManager

then connecting to the VPN completely replaces the DNS servers in /etc/resolv.conf with those configured in NetworkManager for the VPN. I would rather just use the VPN server's provided DNS configuration, but I think using a public DNS (e.g. OpenNIC) in the VPN configuration is OK. I would assume (but can't be sure) that the DNS requests go out over the VPN, unlike requests to the local network's DNS server. (In my specific case, the /etc/resolv.conf used to contain a non-routable IP addess pointing to the local wifi router's built-in DNS, which in turn forwarded on to the local ISP.)

(It may be that this is a side-effect of specifying three or more DNS servers in the VPN configuration; I have four. Without resolvconf the generated resolv.conf file contains all four or five DNS servers with a warning comment about how only three may be used, and the local DNS server is last but still potentially usable. With resolvconf only three are included, which I think "squeezes out" the unwanted lowest priority non-VPN DNS server.)

Steve

Posted 2014-01-17T09:06:53.317

Reputation: 11

-1

Uninstall resolvconf package, since it does not work well with a combination of vpnc (have DNS server entries required to connect to VPN) and configured through the network-manager GUI. I can confirm that this solved the issue on Ubuntu 14.04 and 16.04 for me.

sudo apt-get purge resolvconf -y

askb

Posted 2014-01-17T09:06:53.317

Reputation: 99