I’ve been trying to configure OpenVPN in combination with dnscrypt-proxy2, but with little to no success. Since I can’t use the resolv.conf file, this leads to conflict over DNS requests.
I already have a working dnscrypt-proxy2 configuration, so I would prefer to keep using it.
Show OpenVPN Configuration
services.openvpn.servers = {
mullvad = {
config = ''
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288
cipher AES-256-GCM
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
proto tcp
auth-user-pass ${directory}/mullvad_userpass.txt
ca ${directory}/mullvad_ca.crt
script-security 2
up ${pkgs.writeScript "openvpn-up-script" ''}
#!${pkgs.runtimeShell}
# Nothing here
'';
down ${pkgs.writeScript "openvpn-down-script" ''}
#!${pkgs.runtimeShell}
# Nothing here
'';
remote-random
remote 141.98.255.83 443
'';
autoStart = true;
};
};
In order to “lie” about the resolv.conf file, I gave it some empty scripts.
Show dnscrypt-proxy Configuration
networking.nameservers = [ "127.0.0.1" ];
services.resolved.enable = false;
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv4_servers = false;
ipv6_servers = config.networking.enableIPv6;
block_ipv6 = !(config.networking.enableIPv6);
force_tcp = true;
ignore_system_dns = true;
proxy = "socks5://127.0.0.1:9050";
...
};
systemd.services = {
dnscrypt-proxy2 = {
serviceConfig = {
StateDirectory = "dnscrypt-proxy";
ReadWritePaths = "/persist/var/lib/dnscrypt-proxy";
};
after = ["tor.service"];
requires = ["tor.service"];
};
};
I’ve seen Encrypted DNS - NixOS Wiki, but I can’t get it to work with OpenVPN. This discourse issue doesn’t help much either. For reference, my OpenVPN setup is using Mullvad. I’m well aware that services.mullvad-vpn
exists, but it uses Wireguard and I would prefer to use the TCP port for Tor integration.