1,575
edits
Changes
→OpenVPN Client Setup
As mentioned above, the crux of the problem is that the client's ''resolve.conf'' files doesn't contain everything it needs. We've already modified the ''server.conf'' file to tell the server to send the necessary options to the client, but we have to make some changes on the client to ensure these options actually get put where they need to go (in the ''resolve.conf'' file)
*''resolve.conf'' is automatically generated, and updated, by the OS. Therefore we can't really modify it directly or our changes will simply be lost. a package called ''resolveconf'' comes to the rescue. Once installed we replace the ''resolv.conf'' file (typically located at ''/etc/resolv.conf'' with a symlink to ''resolvconf's'' version of the file. This file gets modified by ''resolvconf'' which we can take advantage of with OpenVPN. The procedure is to installe install ''resolveconf''; then move/backup the original ''resolv.conf'' file; and create a symlink to ''resolvconf'' instance of the ''resolv.conf'' file. <pre>sudo apt install resolvconf sudo mv /etc/resolv.conf /etc/resolv.conf.orig sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf</pre>
*Now that we have setup ''resolvconf'' we can use it in the OpenVPN client configuration to take the DNS and DOMAIN information setup in the server's ''server.conf'' and insert them into the client's ''resolv.conf''. Add the following 2 lines to your ''client.ovpn'' file which will run ''update-resolv-conf'' each time you start, and stop, OpenVPN. <pre>up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf</pre>
*Lastly, in order to allow the OpenVPN to actually call ''update-resolv-conf'' we have to tell ''openvpn'' that we want to ease off its default security posture a bit. The follow command will allow you to connect to your OpenVPN server in a way that allows ''update-resolv-conf'' to run at start & stop. <pre>sudo openvpn --script-security 2 --config /path/to/client.ovpn</pre>
