I have written a script based to automate OpenVPN installation process on Ubuntu servers. You can download it here:
The script uses Port 80 and works perfectly well for ISPs outside Iran. However, to be able to use the server for clients inside Iran, I need to use my server's DNS server instead of public DNS servers. The reason is that (at least) in Iran ISPs seem to have blocked public DNS IPs, so that if one use any of the public DNS IPs (Like Google etc.), one can connect to OpenVPN server but can not visit any website.
To overcome this obstacle, I am trying to make set OpenVPN to use the very server's DNS server. In order to do so, I have set up unbound DNS server on my OpenVPn server, following this tutorial:
My original openvpn.conf is like this:
Code: Select all
dev tun proto tcp # Notice: here we set the listening port to be 80 port 80 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun #status openvpn-status.log #verb 3 client-to-client push "redirect-gateway def1" push "dhcp-option DNS 126.96.36.199" push "dhcp-option DNS 188.8.131.52" comp-lzo
Now to make OpenVPN useful for users inside Iran, the problem is that how should I modify the openvpn.conf to be able to push my own DNS server, which is defined as:
access-control: 10.0.0.0/16 allow
I have made some trial and error changes to
(like using ' 10.0.0.0' or the server's IP address instead of the common public DNS IPs) in push dhcp-option but none of them worked in tests (outside Iran) and I've ran out of ideas.push "dhcp-option DNS 184.108.40.206"
push "dhcp-option DNS 220.127.116.11"
So I really appreciate your hints to solve this crucial problem.