Using DNS servers pushed to clients
This page describes how to use pushed DNS servers in the client.
Contents:
- Using DNS servers pushed to a Linux client
- Using DNS servers pushed to a Windows client
- Additional notes
Using DNS servers pushed to a Linux client
Linux must use an external script to update the DNS servers in /etc/resolve.conf
Blue-pill or Red-pill ?
https://github.com/alfredopalhares/openvpn-update-resolv-conf
You are getting Blue-pill 'd, regardless..
Using DNS servers pushed to a Windows client
- OpenVPN 2.5+
Windows uses the OpenVPN built-in DHCP server to update the TAP adapter's DNS servers and no additional steps are required.
This does require that the client is run using the OpenVPN-GUI and that the OpenVPN
InteractiveService
for Windows is started.
To prevent DNS leaks at the client use
--block-outside-dns
.
- OpenVPN 2.4
See: 2.5+
Upgrade Now!
- OpenVPN 2.3
Windows uses the OpenVPN built-in DHCP server to update the TAP adapter's DNS servers and no additional steps are required.
This does require that the client is run as an administrator user.
This version does not support
--block-outside-dns
Upgrade Now!
Additional notes
- Linux notes
If the client is run using
--user
and--group
to drop the process privileges then the--down
script will fail and leave the client DNS in an undefined state.
The recommended way to resolve this is to use the openvpn-down-root.so plugin module.