How to push Openvpn DNS with a client and debian on Freebox router

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
aka80
OpenVpn Newbie
Posts: 5
Joined: Wed May 05, 2021 10:07 am

How to push Openvpn DNS with a client and debian on Freebox router

Post by aka80 » Wed May 05, 2021 10:21 am

Hi guys

For two w,eeks, I have struggled with the configuration of Openvpn, installed on a debian VM, on my Freebox Delta.(router of my internet
provider)
I managed to put everything in place thanks to the YouTube tutorial accessible with the link below:

https://www.youtube.com/watch?v=MIuHwPy_UTs&t=1115s

Everything worked perfectly, and the vpn is working. But I have a big DNS and IPV6 leak problem
To correct this, I tried pushing the google DNS from the vpn's DNS server to the clients that will connect to it.

I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE.

I also tried disabling IPV6 in /etc/sysctl.conf, but it doesn't seem to work
the "Push DNS does not work either. impossible to have DNS swiped on clients

On my pc it is this DNS fd0f: ee: b0 :: 1, ipv6 of my internet access provider, and the active IPv6, instead of the DNS of the VPN.
How do I get DNS Push to work, and be able to prevent DNS and IPv6 leaks?
thank you
Last edited by aka80 on Wed May 05, 2021 11:43 am, edited 2 times in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: DNS leak with Openvpn and debian on Freebox router

Post by TinCanTech » Wed May 05, 2021 11:13 am

aka80 wrote:
Wed May 05, 2021 10:21 am
I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
Clients do not use push ..

You should start with the howto.

aka80
OpenVpn Newbie
Posts: 5
Joined: Wed May 05, 2021 10:07 am

Re: DNS leak with Openvpn and debian on Freebox router

Post by aka80 » Wed May 05, 2021 11:47 am

TinCanTech wrote:
Wed May 05, 2021 11:13 am
aka80 wrote:
Wed May 05, 2021 10:21 am
I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
Clients do not use push ..

You should start with the howto.
Hi,

Thank you for your answer

So from the client, i can't use push?
How can I push openvpn dns to clients and avoid DNS and ipv6 leaks?

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: How to push Openvpn DNS with a client and debian on Freebox router

Post by 300000 » Wed May 05, 2021 9:53 pm

on client you dont need push so just add this into your client it will work

"dhcp-option DNS 8.8.8.8"
"block-outside-dns"

block will make openvpn stop leak which you dont like . let add and try again . it is simple and should be done in 5 minutes.

aka80
OpenVpn Newbie
Posts: 5
Joined: Wed May 05, 2021 10:07 am

Re: How to push Openvpn DNS with a client and debian on Freebox router

Post by aka80 » Thu May 06, 2021 6:26 am

300000 wrote:
Wed May 05, 2021 9:53 pm
on client you dont need push so just add this into your client it will work

"dhcp-option DNS 8.8.8.8"
"block-outside-dns"

block will make openvpn stop leak which you dont like . let add and try again . it is simple and should be done in 5 minutes.
Hi @300000,

Thank you for your answer.
Ok i use this with the lines "up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved" or not?

like this?

push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: How to push Openvpn DNS with a client and debian on Freebox router

Post by 300000 » Thu May 06, 2021 6:59 am

No .just open your openvpn client config and add into that file then save it

aka80
OpenVpn Newbie
Posts: 5
Joined: Wed May 05, 2021 10:07 am

Re: How to push Openvpn DNS with a client and debian on Freebox router

Post by aka80 » Thu May 06, 2021 7:55 am

i have added this on my client.ovpn :

push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

but when i do "openvpn pvpn.ovpn,, i have those messages:

Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.

aka80
OpenVpn Newbie
Posts: 5
Joined: Wed May 05, 2021 10:07 am

Re: How to push Openvpn DNS with a client and debian on Freebox router

Post by aka80 » Thu May 06, 2021 8:29 am

aka80 wrote:
Thu May 06, 2021 7:55 am
i have added this on my client.ovpn :

push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

but when i do "openvpn pvpn.ovpn,, i have those messages:

Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
ok i modified client.ovpn, addind to it:

systemd-resolve --status
push "redirect-gateway def1 bypass-dhcp"
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
push "block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Cert
<ca>

i have no error and i have a Sequence Completed. Then i copied the file client.ovpn to client.conf
i reboot with "systemctl rebboot". The client start and the vpn work, but on my Macbook, i don't have the Google DNS;
When i do "systemd-resolve --status", i have those infos:

Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 8.8.8.8
DNS Servers: 8.8.8.8
8.8.4.4
10.35.53.1
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
root@VPN:/etc/openvpn# vim client.ovpn

Post Reply