I have written a script based to automate OpenVPN installation process on Ubuntu servers. You can download it here:
http://www.mediafire.com/?pom582421i4iiy6
The script uses Port 80 and works perfectly well for ISPs outside Iran. However, to be able to use the server for clients inside Iran, I need to use my server's DNS server instead of public DNS servers. The reason is that (at least) in Iran ISPs seem to have blocked public DNS IPs, so that if one use any of the public DNS IPs (Like Google etc.), one can connect to OpenVPN server but can not visit any website.
To overcome this obstacle, I am trying to make set OpenVPN to use the very server's DNS server. In order to do so, I have set up unbound DNS server on my OpenVPn server, following this tutorial:
https://calomel.org/unbound_dns.html
My original openvpn.conf is like this:
Code: Select all
dev tun
proto tcp
# Notice: here we set the listening port to be 80
port 80
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
#status openvpn-status.log
#verb 3
client-to-client
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.222.220"
comp-lzo
Now to make OpenVPN useful for users inside Iran, the problem is that how should I modify the openvpn.conf to be able to push my own DNS server, which is defined as:
server:
interface: 0.0.0.0
access-control: 10.0.0.0/16 allow
verbosity: 1
I have made some trial and error changes to
(like using ' 10.0.0.0' or the server's IP address instead of the common public DNS IPs) in push dhcp-option but none of them worked in tests (outside Iran) and I've ran out of ideas.push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.222.220"
So I really appreciate your hints to solve this crucial problem.