# OpenVPN not updating /etc/resolv.conf

## LinuxDigger

Hi. I have installed OpenVPN on my system and trying to connect to ProtonVPN. I have update-resolv-conf and configured it according to the instructions given in it's GitHub repo. But, it didn't work and my system isn't updating resolv.conf and using proton's DNS server, What should I do?

----------

## alamahant

Isnt it supposed to do so?

Which dns would you like it to use?

Did Proton provide any .ovpn file for connecting to them?

Can you post it?

What is the problem exactly?

Can you pkease be more specific?

Ah you mean it keeps using proton dns AFTER disconnecting from proton?

Have you installed "openresolv"?

----------

## Hu

I think OP is trying to say that the system continues to use the non-VPN resolv.conf even when connected to the VPN, and he considers this undesirable.  He wants to switch to DNS servers pushed by the VPN provider, but no such switch happens.

----------

## Anon-E-moose

How are you determining that its not using your vpn's dns server?

----------

## alamahant

I think he doesnt see a modifiied resolv.conf.

----------

## LinuxDigger

 *Hu wrote:*   

> I think OP is trying to say that the system continues to use the non-VPN resolv.conf even when connected to the VPN, and he considers this undesirable.  He wants to switch to DNS servers pushed by the VPN provider, but no such switch happens.

 

You have exactly said what I wanted to mean.

----------

## LinuxDigger

 *Anon-E-moose wrote:*   

> How are you determining that its not using your vpn's dns server?

 

I see an unchanged resolv.conf file and testing with sites like ipleak.net or dnsleaktest.com

----------

## alamahant

Do you have a proton .ovpn file?

Can you plz post it?

----------

## pa4wdh

OpenVPN does not change your DNS settings by itself. If you want it to update your DNS you should use up/down scripts to modify your DNS, the gentoo openvpn package provides /etc/openvpn/up.sh and /etc/openvpn/down.sh for that. In your openvpn configuration you should have statements like this:

```

up /etc/openvpn/up.sh

down /etc/openvpn/down.sh

```

Does your ovpn file have that?

----------

## LinuxDigger

 *pa4wdh wrote:*   

> OpenVPN does not change your DNS settings by itself. If you want it to update your DNS you should use up/down scripts to modify your DNS, the gentoo openvpn package provides /etc/openvpn/up.sh and /etc/openvpn/down.sh for that. In your openvpn configuration you should have statements like this:
> 
> ```
> 
> up /etc/openvpn/up.sh
> ...

 

I am using update-resolv-conf script. My. ovpn has the following

```

script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

```

----------

## tld

Have you checked to see if PEER_DNS is set to "yes" in /etc/conf.d/openvpn?:

```
cat /etc/conf.d/openvpn 

# OpenVPN automatically creates an /etc/resolv.conf (or sends it to

# resolvconf) if given DNS information by the OpenVPN server.

# Set PEER_DNS="no" to stop this.

PEER_DNS="no"

...etc...
```

A "yes" setting is actually the default. In my case above I expressly wanted it set to "no".

Tom

----------

## LinuxDigger

 *tld wrote:*   

> Have you checked to see if PEER_DNS is set to "yes" in /etc/conf.d/openvpn?:
> 
> ```
> cat /etc/conf.d/openvpn 
> 
> ...

 

i have it set to yes.

----------

## alamahant

do you have openresolv or resolvconf installed?

----------

## LinuxDigger

 *alamahant wrote:*   

> do you have openresolv or resolvconf installed?

 

Yes, I have openresolv installed.

----------

## LinuxDigger

 *pa4wdh wrote:*   

> OpenVPN does not change your DNS settings by itself. If you want it to update your DNS you should use up/down scripts to modify your DNS, the gentoo openvpn package provides /etc/openvpn/up.sh and /etc/openvpn/down.sh for that. In your openvpn configuration you should have statements like this:
> 
> ```
> 
> up /etc/openvpn/up.sh
> ...

 

How to use those scripts? Is it enough to put those two lines?

----------

## alamahant

Maybe try to put them in the .ovpn file provided by proton.

Did proton provide you with a .ovpn file?

It must have.

----------

## LinuxDigger

 *alamahant wrote:*   

> Maybe try to put them in the .ovpn file provided by proton.
> 
> Did proton provide you with a .ovpn file?
> 
> It must have.

 

Yes, and I put those two lines. Still, no results.

----------

## alamahant

How do you connet to proton?

Do you use something

like

```

openvpn --config /path/to/proton/ovpn

[quote]

[/quote]
```

----------

## LinuxDigger

 *alamahant wrote:*   

> How do you connet to proton?
> 
> Do you use something
> 
> like
> ...

 

```
sudo openvpn /path/to/proton.ovpn
```

----------

## alamahant

please append 

--config

Do you see 

```

Initialization Sequence Completed

```

in the terminal when running the above?

Also try running the above command as pure root.

----------

## LinuxDigger

 *alamahant wrote:*   

> please append 
> 
> --config
> 
> Do you see 
> ...

 

Yes, I see that. Let me try with --config.

----------

## alamahant

Also please after connecting open a browser and go to one of these pages that tell you your external ip.

Is it different than when not running the vpn script?

----------

## LinuxDigger

 *alamahant wrote:*   

> Also please after connecting open a browser and go to one of these pages that tell you your external ip.
> 
> Is it different than when not running the vpn script?

 

IP address is ok. But, dns server isn't. Didn't work also with --config.

----------

## mvaterlaus

Hi,

i'm using the following line in my openvpn Config File:

```

...

dhcp-option DNS xxx.xxx.xxx.xxx

```

This is only useful, if you know the IP Address of the DNS server provided by ProtonVPN.

----------

## alamahant

Have you tried with

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

If everything else fails you will have to write a minimal bash script to do this for you.

```

sed -i '/nameserver/d' /etc/resolv.conf

echo "nameserver <your proton name server>" >> /etc/resolv.conf

openvpn --config proton.ovpn

trap "sed -i '/nameserver/d' /etc/resolv.conf;echo 'nameserver <your-normal name server>' >> /etc/resolv.conf" SIGINT

```

Then building on the concept you can make it polished end expanded

----------

## Anon-E-moose

Did you even bother checking with protons main site, ie support?

https://protonvpn.com/support/linux-vpn-setup/

 :Rolling Eyes: 

----------

## LinuxDigger

 *Anon-E-moose wrote:*   

> Did you even bother checking with protons main site, ie support?
> 
> https://protonvpn.com/support/linux-vpn-setup/
> 
> 

 

Yes, I did and followed exactly their instructions.

----------

## Anon-E-moose

I'm thinking you don't really understand vpn's or understand what you need to do

Again from their website

 *Quote:*   

> ProtonVPN DNS leak protection
> 
> We do not use third party DNS servers. Each VPN server runs a DNS server as well, and our native apps have a default DNS leak protection feature that forces your internet connection to resolve DNS queries via our DNS servers. This means that when you are connected to ProtonVPN, your DNS queries through our encrypted VPN tunnel. 

 

----------

## LinuxDigger

 *Anon-E-moose wrote:*   

> I'm thinking you don't really understand vpn's or understand what you need to do
> 
> Again from their website
> 
>  *Quote:*   ProtonVPN DNS leak protection
> ...

 

Yes, but my DNS isn't being resolved by Proton. It's leaking.

----------

## krumpf

I'm using another vpn provider, no DNS leaks, here's how I did

Create a openvpn.conf file in /etc/openvpn

Get the .ovpn file from my provider (mine got client side configuration and keys included)

Copy/paste the .ovpn content to the openvpn.conf

Start the openvpn service using either rc-service openvpn start or /etc/init.d/openvpn start

Check DNS leak using https://ipleak.net/ or any website that does DNS leak tests

You can also set the openvpn service to start at boot with rc-update (but it will take a few more seconds to boot your computer)

Afaik, the up & down scripts provided by gentoo are tailored to work with a file named openvpn.conf, I think you gotta rename them if your .conf file uses another name.

Edit: I got openresolv installed

----------

