OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How to push Openvpn DNS with a client and debian on Freebox router

https://forums.openvpn.net/viewtopic.php?t=32230

Page 1 of 1

How to push Openvpn DNS with a client and debian on Freebox router

Posted: Wed May 05, 2021 10:21 am
by aka80
Hi guys

For two w,eeks, I have struggled with the configuration of Openvpn, installed on a debian VM, on my Freebox Delta.(router of my internet
provider)
I managed to put everything in place thanks to the YouTube tutorial accessible with the link below:

https://www.youtube.com/watch?v=MIuHwPy_UTs&t=1115s

Everything worked perfectly, and the vpn is working. But I have a big DNS and IPV6 leak problem
To correct this, I tried pushing the google DNS from the vpn's DNS server to the clients that will connect to it.

I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE.

I also tried disabling IPV6 in /etc/sysctl.conf, but it doesn't seem to work
the "Push DNS does not work either. impossible to have DNS swiped on clients

On my pc it is this DNS fd0f: ee: b0 :: 1, ipv6 of my internet access provider, and the active IPv6, instead of the DNS of the VPN.
How do I get DNS Push to work, and be able to prevent DNS and IPv6 leaks?
thank you

Re: DNS leak with Openvpn and debian on Freebox router

Posted: Wed May 05, 2021 11:13 am
by TinCanTech
aka80 wrote:
Wed May 05, 2021 10:21 am
 I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
Clients do not use push ..

You should start with the howto.

Re: DNS leak with Openvpn and debian on Freebox router

Posted: Wed May 05, 2021 11:47 am
by aka80
TinCanTech wrote:
Wed May 05, 2021 11:13 am
aka80 wrote:
Wed May 05, 2021 10:21 am
 I have modified the ".client.conf file, with:
push "redirect-gateway def1 bypass-dhcp", with the prior installation of "openvpn-systemd-resolved"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
script-security 2
up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved
Clients do not use push ..

You should start with the howto.
Hi,

Thank you for your answer

So from the client, i can't use push?
How can I push openvpn dns to clients and avoid DNS and ipv6 leaks?

Re: How to push Openvpn DNS with a client and debian on Freebox router

Posted: Wed May 05, 2021 9:53 pm
by 300000
on client you dont need push so just add this into your client it will work

"dhcp-option DNS 8.8.8.8"
"block-outside-dns"

block will make openvpn stop leak which you dont like . let add and try again . it is simple and should be done in 5 minutes.

Re: How to push Openvpn DNS with a client and debian on Freebox router

Posted: Thu May 06, 2021 6:26 am
by aka80
300000 wrote:
Wed May 05, 2021 9:53 pm
 on client you dont need push so just add this into your client it will work

"dhcp-option DNS 8.8.8.8"
"block-outside-dns"

block will make openvpn stop leak which you dont like . let add and try again . it is simple and should be done in 5 minutes.
Hi @300000,

Thank you for your answer.
Ok i use this with the lines "up / etc / openvpn / update-systemd-resolved
down / etc / openvpn / update-systemd-resolved" or not?

like this?

push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Re: How to push Openvpn DNS with a client and debian on Freebox router

Posted: Thu May 06, 2021 6:59 am
by 300000
No .just open your openvpn client config and add into that file then save it

Re: How to push Openvpn DNS with a client and debian on Freebox router

Posted: Thu May 06, 2021 7:55 am
by aka80
i have added this on my client.ovpn :

push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

but when i do "openvpn pvpn.ovpn,, i have those messages:

Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.

Re: How to push Openvpn DNS with a client and debian on Freebox router

Posted: Thu May 06, 2021 8:29 am
by aka80
aka80 wrote:
Thu May 06, 2021 7:55 am
 i have added this on my client.ovpn :

push "redirect-gateway def1 bypass-dhcp"
"dhcp-option DNS 8.8.8.8"
"dhcp-option DNS 8.8.4.4"
"block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

but when i do "openvpn pvpn.ovpn,, i have those messages:

Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:22: dhcp-option DNS 8.8.8.8 (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
root@VPN:/etc/openvpn# vim client.ovpn
root@VPN:/etc/openvpn# openvpn client.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in client.ovpn:24: block-outside-dns (2.4.7)
Use --help for more information.
ok i modified client.ovpn, addind to it:

systemd-resolve --status
push "redirect-gateway def1 bypass-dhcp"
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
push "block-outside-dns"
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Cert
<ca>

i have no error and i have a Sequence Completed. Then i copied the file client.ovpn to client.conf
i reboot with "systemctl rebboot". The client start and the vpn work, but on my Macbook, i don't have the Google DNS;
When i do "systemd-resolve --status", i have those infos:

Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 8.8.8.8
DNS Servers: 8.8.8.8
8.8.4.4
10.35.53.1
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
root@VPN:/etc/openvpn# vim client.ovpn
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/