Setting up VPN on ubuntu 19.10 and getting DNS to work correctly

Setting up VPN on ubuntu 19.10 and getting DNS to work correctly

A bit late to post this? May be. But it is still relevant, so here goes. We shall see how to setup openvpn client on Ubuntu versions greater than 18.10 (or was it 18.04?) It certainly matters for 19.10 though!

A few things changed back then that caused issues in openvpn connection and DNS resolution. There was a fix found, and package released bundling the scripts so that normal users like us can install and enable those scripts. This solved the CLI problem. But I personally, do not like the idea of having to run a sudo command every time I need to use VPN and keep a terminal running. I like the flexibility Network Manager gives and also the fact that it nicely indicates with an icon if I am connected to VPN or not.

But to achieve this setup, a few steps are required:

  • Download your ovpn config file. This might require you to login to your OpenVpn server and download the ‘autologin’ config file.
  • Run this command: apt install openvpn-systemd-resolved. This will install the packages / scripts required to handle DNS resolution on VPN.
  • modify your ovpn file, add these lines before ca certs and after setenv:
    script-security 2
    up /etc/openvpn/update-systemd-resolved
    down /etc/openvpn/update-systemd-resolved
    down-pre
  • At the end of the file, after all certs and everything, add: dhcp-option DOMAIN-ROUTE .
    (note the “dot” in the command above.)
  • Connect to vpn using command: sudo openvpn --config <path to modified config file>

We have now achieved the basic setup, you can stop here. Just open terminal when you need to connect to VPN and run the above command; press Ctrl+C to disconnect from VPN. To integrate with Network Manager, follow through next steps:

  • We now need to import this file into Network Manager and use Network Manager UI to connect/disconnect from VPN.
  • Install sudo apt install network-manager-openvpn-gnome. Even if you are running KDE, the same command works.
  • Next, run this command to import the config file: sudo nmcli connection import type openvpn <modified config file>
  • This should bring a new network in your Network Manager Settings UI, under VPN header. The name of the connection will be same as the name of the file.
  • If this is a work VPN, which means you will need to use this VPN for connecting to work machines only, and rest of the traffic should go outside of VPN. To enable this, go to IPV4 settings, and select ‘Use this VPN for resources on this network only’. On most work VPNs, if you do not enable this, you will lose ability to use anything other than vpn servers, even google wont work.
  • Now the next, tricky part. This sets us up for most of the things, but in my experience DNS servers still do not resolve properly. To enable DNS resolution via Network Manager, in IPV4 settings of the VPN network add “~.” (without quotes) as search domain. In my experience, without the ~. as search domains, the DNS resolution did not work.

This is it. The benefit is a built in, native, visual representation of VPN connectivity right on your System Tray!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.