How to push Openvpn DNS with a client and debian on Freebox router
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 05, 2021 10:07 am
How to push Openvpn DNS with a client and debian on Freebox router
Hi guys
For two w,eeks, I have struggled with the configuration of Openvpn, installed on a debian VM, on my Freebox Delta.(router of my internet
provider)
I managed to put everything in place thanks to the YouTube tutorial accessible with the link below:
https://www.youtube.com/watch?v=MIuHwPy_UTs&t=1115s
Everything worked perfectly, and the vpn is working. But I have a big DNS and IPV6 leak problem
To correct this, I tried pushing the google DNS from the vpn's DNS server to the clients that will connect to it.
I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE.
I also tried disabling IPV6 in /etc/sysctl.conf, but it doesn't seem to work
the "Push DNS does not work either. impossible to have DNS swiped on clients
On my pc it is this DNS fd0f: ee: b0 :: 1, ipv6 of my internet access provider, and the active IPv6, instead of the DNS of the VPN.
How do I get DNS Push to work, and be able to prevent DNS and IPv6 leaks?
thank you
For two w,eeks, I have struggled with the configuration of Openvpn, installed on a debian VM, on my Freebox Delta.(router of my internet
provider)
I managed to put everything in place thanks to the YouTube tutorial accessible with the link below:
https://www.youtube.com/watch?v=MIuHwPy_UTs&t=1115s
Everything worked perfectly, and the vpn is working. But I have a big DNS and IPV6 leak problem
To correct this, I tried pushing the google DNS from the vpn's DNS server to the clients that will connect to it.
I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE.
I also tried disabling IPV6 in /etc/sysctl.conf, but it doesn't seem to work
the "Push DNS does not work either. impossible to have DNS swiped on clients
On my pc it is this DNS fd0f: ee: b0 :: 1, ipv6 of my internet access provider, and the active IPv6, instead of the DNS of the VPN.
How do I get DNS Push to work, and be able to prevent DNS and IPv6 leaks?
thank you
Last edited by aka80 on Wed May 05, 2021 11:43 am, edited 2 times in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: DNS leak with Openvpn and debian on Freebox router
Clients do not use push ..aka80 wrote: ↑Wed May 05, 2021 10:21 amI have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
You should start with the howto.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 05, 2021 10:07 am
Re: DNS leak with Openvpn and debian on Freebox router
Hi,TinCanTech wrote: ↑Wed May 05, 2021 11:13 amClients do not use push ..aka80 wrote: ↑Wed May 05, 2021 10:21 amI have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
You should start with the howto.
Thank you for your answer
So from the client, i can't use push?
How can I push openvpn dns to clients and avoid DNS and ipv6 leaks?
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: How to push Openvpn DNS with a client and debian on Freebox router
on client you dont need push so just add this into your client it will work
"dhcp-option DNS 8.8.8.8"
"block-outside-dns"
block will make openvpn stop leak which you dont like . let add and try again . it is simple and should be done in 5 minutes.
"dhcp-option DNS 8.8.8.8"
"block-outside-dns"
block will make openvpn stop leak which you dont like . let add and try again . it is simple and should be done in 5 minutes.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 05, 2021 10:07 am
Re: How to push Openvpn DNS with a client and debian on Freebox router
Hi @300000,
Thank you for your answer.
Ok i use this with the lines "up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved" or not?
like this?
push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: How to push Openvpn DNS with a client and debian on Freebox router
No .just open your openvpn client config and add into that file then save it
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 05, 2021 10:07 am
Re: How to push Openvpn DNS with a client and debian on Freebox router
i have added this on my client.ovpn :
push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
but when i do "openvpn pvpn.ovpn,, i have those messages:
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
but when i do "openvpn pvpn.ovpn,, i have those messages:
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed May 05, 2021 10:07 am
Re: How to push Openvpn DNS with a client and debian on Freebox router
ok i modified client.ovpn, addind to it:aka80 wrote: ↑Thu May 06, 2021 7:55 ami have added this on my client.ovpn :
push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
but when i do "openvpn pvpn.ovpn,, i have those messages:
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
systemd-resolve --status
push "redirect-gateway def1 bypass-dhcp"
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
push "block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Cert
<ca>
i have no error and i have a Sequence Completed. Then i copied the file client.ovpn to client.conf
i reboot with "systemctl rebboot". The client start and the vpn work, but on my Macbook, i don't have the Google DNS;
When i do "systemd-resolve --status", i have those infos:
Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 8.8.8.8
DNS Servers: 8.8.8.8
8.8.4.4
10.35.53.1
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
root@VPN:/etc/openvpn# vim client.ovpn