DNS not working with OpenVPN

mvb · December 21, 2023, 3:35pm

I have set up OpenVPN as described here

It successfully connects, but DNS resolution is not working. I’m not able to reach any of our internal services without the hacky workaround of adding

networking.extraHosts = ''<IP> <domain>'';

to my configuration.nix. I think there is yet another person with a similar problem.

I’m kinda new to Linux and NixOS. I expected this to work “out of the box”, but it seems something is missing. Do you have any hints as to what I can try to make DNS resolution for internal services succeed?

Nebucatnetzer · December 21, 2023, 5:06pm

I had the same problem with my company VPN.

sudo nmcli connection modify id VPN-NAME ipv4.dns-search '~.' ipv4.dns-priority -5

nix-newbie · December 21, 2023, 7:19pm

services.openvpn.servers = {
  officeVPN = {
    autoStart = true;
    config = '' config /root/nixos/openvpn/officeVPN.conf '';
    updateResolvConf = true; # maybe this line could fix it
  };
};

mvb · December 21, 2023, 8:18pm

Yes, indeed, that seems to have done the trick, completely hack-free. Thanks heaps! I added this line to the docs

adminy · August 29, 2024, 1:59pm

That’s great, but what if you would like to run it directly from the binary cli and not as a service, what then?

nix-newbie · August 30, 2024, 8:15pm

never tried but maybe this could help you

github.com

NixOS/nixpkgs/blob/185eeca01db84cddafb4bbde24823f9b6afa6a57/nixos/modules/services/networking/openvpn.nix#L16


      
          
          
cfg = config.services.openvpn;
          
          
inherit (pkgs) openvpn;
          
          
makeOpenVPNJob = cfg: name:
            let
          
          
    path = makeBinPath (getAttr "openvpn-${name}" config.systemd.services).path;
          
          
    upScript = ''
                export PATH=${path}
          
          
      # For convenience in client scripts, extract the remote domain
                # name and name server.
                for var in ''${!foreign_option_*}; do
                  x=(''${!var})
                  if [ "''${x[0]}" = dhcp-option ]; then
                    if [ "''${x[1]}" = DOMAIN ]; then domain="''${x[2]}"
                    elif [ "''${x[1]}" = DNS ]; then nameserver="''${x[2]}"
                    fi