OpenVPN push DNS doesn't work on Mint 20.2

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
cpk
Level 1
Level 1
Posts: 4
Joined: Thu Jan 12, 2017 4:41 pm

OpenVPN push DNS doesn't work on Mint 20.2

Post by cpk »

Hello,

After installing Mint 20.2 my company VPN stopped working as expected. It connects successfully, but push DNS are not added to /etc/resolv.conf

/etc/resolv.conf

Code: Select all

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad

OpenVPN connection output

Code: Select all

Thu Nov 25 20:08:53 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Thu Nov 25 20:08:53 2021 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Thu Nov 25 20:08:53 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Nov 25 20:08:53 2021 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Nov 25 20:08:53 2021 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Nov 25 20:08:53 2021 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Nov 25 20:08:53 2021 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Nov 25 20:08:53 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]172.65.222.117:4000
Thu Nov 25 20:08:53 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Nov 25 20:08:53 2021 UDP link local: (not bound)
Thu Nov 25 20:08:53 2021 UDP link remote: [AF_INET]172.65.222.117:4000
Thu Nov 25 20:08:53 2021 TLS: Initial packet from [AF_INET]172.65.222.117:4000, sid=165f7a7c e0b9857b
Thu Nov 25 20:08:53 2021 VERIFY OK: depth=1, CN=NEXMO_VPN_CA_2019-01-31
Thu Nov 25 20:08:53 2021 VERIFY X509NAME OK: CN=NEXMO_VPN_SERVER_prod_2019-10-30
Thu Nov 25 20:08:53 2021 VERIFY OK: depth=0, CN=NEXMO_VPN_SERVER_prod_2019-10-30
Thu Nov 25 20:08:53 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Nov 25 20:08:53 2021 [NEXMO_VPN_SERVER_prod_2019-10-30] Peer Connection Initiated with [AF_INET]172.65.222.117:4000
Thu Nov 25 20:08:54 2021 SENT CONTROL [NEXMO_VPN_SERVER_prod_2019-10-30]: 'PUSH_REQUEST' (status=1)
Thu Nov 25 20:08:54 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.69.0.1,topology subnet,ping 15,ping-restart 120,dhcp-option DNS 9.9.9.9,route 10.52.... ,push-continuation 2'
Thu Nov 25 20:08:54 2021 PUSH: Received control message: 'PUSH_REPLY,route 52.214.... 255.255.255.255,route 9.9.9.9 255.255.255.255,ifconfig ... 255.255.254.0,peer-id 18,push-continuation 1'
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: route options modified
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: route-related options modified
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: peer-id set
Thu Nov 25 20:08:54 2021 OPTIONS IMPORT: adjusting link_mtu to 1624
Thu Nov 25 20:08:54 2021 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Nov 25 20:08:54 2021 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Nov 25 20:08:54 2021 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp0s20f3 HWADDR=d0:00:1f:f1:a8:60
Thu Nov 25 20:08:54 2021 TUN/TAP device tun0 opened
Thu Nov 25 20:08:54 2021 TUN/TAP TX queue length set to 100
Thu Nov 25 20:08:54 2021 /sbin/ip link set dev tun0 up mtu 1500
Thu Nov 25 20:08:54 2021 /sbin/ip addr add dev tun0 10.69.0.40/23 broadcast 10.69.1.255
Thu Nov 25 20:08:54 2021 /etc/openvpn/update-systemd-resolved tun0 1500 1552 10.69.0.40 255.255.254.0 init
<14>Nov 25 20:08:54 update-systemd-resolved: Link 'tun0' coming up
<14>Nov 25 20:08:54 update-systemd-resolved: Adding DNS Routed Domain .
<14>Nov 25 20:08:54 update-systemd-resolved: Adding IPv4 DNS Server 9.9.9.9
<14>Nov 25 20:08:54 update-systemd-resolved: SetLinkDNS(18 1 2 4 9 9 9 9)
<14>Nov 25 20:08:54 update-systemd-resolved: SetLinkDomains(18 1 . true)
Thu Nov 25 20:08:54 2021 /sbin/ip route add 10.52. ... 10.69.0.1
Thu Nov 25 20:08:54 2021 /sbin/ip route add 10.52. ... 10.69.0.1
Thu Nov 25 20:08:54 2021 /sbin/ip route add 10.52. ... 10.69.0.1
...

Thu Nov 25 20:08:54 2021 Initialization Sequence Completed


cat /etc/NetworkManager/NetworkManager.conf

Code: Select all

[main]
plugins=ifupdown,keyfile
# dns=dnsmasq

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no
I spent a lot of time googling, but couldn't find a solution for this. resolv.conf would be updated with 9.9.9.9. It works with Mint 19.2
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
cpk
Level 1
Level 1
Posts: 4
Joined: Thu Jan 12, 2017 4:41 pm

Re: OpenVPN push DNS doesn't work on Mint 20.2

Post by cpk »

I've noticed, if I connect to a VPN as root, via command

Code: Select all

sudo openvpn my-vpn.ovpn 
it actually works. But it doesn't work via NetworkManager UI
Locked

Return to “Networking”