# openvpn & resolv.conf [SOLVED]

## Bungopolis

I have a working OpenVPN client connection, but my /etc/resolv.conf is not being updated. I've installed openresolv to manage my resolv.conf, but I'm not sure where to go from there. How do I get OpenVPN to work with openresolv to update my resolv.conf?Last edited by Bungopolis on Wed Nov 12, 2008 6:16 pm; edited 1 time in total

----------

## bombcar

Ok. On the client side, you need to have the up and down lines defined. For example, on Ubuntu I have

```

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

```

Then, you need the server.conf on the server side to send DNS and DOMAIN information, such as:

```

push "dhcp-option DNS 10.8.0.1"

push "dhcp-option DOMAIN example.com"

```

Note - if you want your script to modify resolv.conf when going down you'll have to disable the user/group options because OpenVPN can't fiddle with it when not root.

----------

## Bungopolis

Thanks bombcar. However, I don't have an /etc/openvpn/update-resolv-conf -- I believe that's a Debian specific config file from its openvpn package. What's the preferred gentoo way of doing this?

----------

## bombcar

update-resolv-conf is just a script; you could use the Ubuntu one. It calls resolvconf (which is the program that openresolv runs anyway).

```

#!/bin/bash

# 

# Parses DHCP options from openvpn to update resolv.conf

# To use set as 'up' and 'down' script in your openvpn *.conf:

# up /etc/openvpn/update-resolv-conf

# down /etc/openvpn/update-resolv-conf

#

# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk> 

# and Chris Hanson

# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 

#

# 05/2006 chlauber@bnc.ch

# 

# Example envs set from openvpn:

# foreign_option_1='dhcp-option DNS 193.43.27.132'

# foreign_option_2='dhcp-option DNS 193.43.27.133'

# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'

[ -x /sbin/resolvconf ] || exit 0

case $script_type in

up)

   for optionname in ${!foreign_option_*} ; do

      option="${!optionname}"

      echo $option

      part1=$(echo "$option" | cut -d " " -f 1)

      if [ "$part1" == "dhcp-option" ] ; then

         part2=$(echo "$option" | cut -d " " -f 2)

         part3=$(echo "$option" | cut -d " " -f 3)

         if [ "$part2" == "DNS" ] ; then

            IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"

         fi

         if [ "$part2" == "DOMAIN" ] ; then

            IF_DNS_SEARCH="$part3"

         fi

      fi

   done

   R=""

   if [ "$IF_DNS_SEARCH" ] ; then

           R="${R}search $IF_DNS_SEARCH

"

   fi

   for NS in $IF_DNS_NAMESERVERS ; do

           R="${R}nameserver $NS

"

   done

   echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"

   ;;

down)

   /sbin/resolvconf -d "${dev}.inet"

   ;;

esac

```

[/topic][/profile]

----------

## UberLord

OpenVPN ships with up/down scripts that do just that.

What's more, they don't rely on bash  :Very Happy: 

----------

## JeliJami

 *UberLord wrote:*   

> OpenVPN ships with up/down scripts that do just that.
> 
> What's more, they don't rely on bash 

 

What version would that be?

```
 $ equery f openvpn

[ Searching for packages matching openvpn... ]

* Contents of net-misc/openvpn-2.0.7-r2:

/etc

/etc/init.d

/etc/init.d/openvpn

/etc/openvpn

/etc/openvpn/.keep_net-misc_openvpn-0

/usr

/usr/lib64

/usr/lib64/openvpn

/usr/lib64/openvpn/openvpn-auth-pam.so

/usr/lib64/openvpn/openvpn-down-root.so

/usr/sbin

/usr/sbin/openvpn

/usr/share

/usr/share/doc

/usr/share/doc/openvpn-2.0.7-r2

/usr/share/doc/openvpn-2.0.7-r2/AUTHORS.bz2

/usr/share/doc/openvpn-2.0.7-r2/ChangeLog.bz2

/usr/share/doc/openvpn-2.0.7-r2/PORTS.bz2

/usr/share/doc/openvpn-2.0.7-r2/README.bz2

/usr/share/man

/usr/share/man/man8

/usr/share/man/man8/openvpn.8.bz2

/usr/share/openvpn

/usr/share/openvpn/easy-rsa

/usr/share/openvpn/easy-rsa/README

/usr/share/openvpn/easy-rsa/build-ca

/usr/share/openvpn/easy-rsa/build-dh

/usr/share/openvpn/easy-rsa/build-inter

/usr/share/openvpn/easy-rsa/build-key

/usr/share/openvpn/easy-rsa/build-key-pass

/usr/share/openvpn/easy-rsa/build-key-pkcs12

/usr/share/openvpn/easy-rsa/build-key-server

/usr/share/openvpn/easy-rsa/build-req

/usr/share/openvpn/easy-rsa/build-req-pass

/usr/share/openvpn/easy-rsa/clean-all

/usr/share/openvpn/easy-rsa/inherit-inter

/usr/share/openvpn/easy-rsa/list-crl

/usr/share/openvpn/easy-rsa/openssl.cnf

/usr/share/openvpn/easy-rsa/pkitool

/usr/share/openvpn/easy-rsa/revoke-full

/usr/share/openvpn/easy-rsa/sign-req

/usr/share/openvpn/easy-rsa/vars

```

Or do I need the examples USE flag?

```
$ eix -e openvpn

[I] net-misc/openvpn

     Available versions:  2.0.6 2.0.7-r2 ~2.0.9 ~2.1_rc13 {examples iproute2 minimal pam passwordsave pkcs11 selinux ssl static threads userland_BSD}

     Installed versions:  2.0.7-r2(10:11:24 26-06-08)(iproute2 pam ssl threads -examples -minimal -passwordsave -selinux -static)

     Homepage:            http://openvpn.net/

     Description:         OpenVPN is a robust and highly flexible tunneling application compatible with many OSes.

```

----------

## UberLord

The 2.1 version installs them. I could have sworn the 2.0 versions did too, but I checked and they didn't

Ah well. Try 2.1 and the init script it supplies. You should be able to use the 2.1 init script with 2.0, along with the up/down scripts.

----------

## Bungopolis

Great, updating to 2.1 did the trick. Everything now works magically, and I don't need openresolv. Thanks!

----------

