Unable to get update-resolv-conf Script to Work with Proton VPN

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
RobKen
OpenVpn Newbie
Posts: 4
Joined: Mon Oct 02, 2023 5:31 pm

Unable to get update-resolv-conf Script to Work with Proton VPN

Post by RobKen » Mon Oct 02, 2023 5:45 pm

On my old Mac running Lion, I cannot use OpenVPN Connect. Lion is too old. Nor can I connect to ProtonVPN using an old version of Viscosity. (I can connect to Nord VPN and vpnbook usnig Viscosity). So I need to use openvpn on the command line to connect to ProtonVPN. That works.

But I am unable to get the Mac version of the `update-resolv-conf` Script found at https://github.com/andrewgdotcom/openvpn-mac-dns to work. I can connect to Proton VPN but I have a DNS leak.

I installed `openvpn2` using MacPorts into `/opt/local/sbin/`.
And I installed the `update-resolv-conf` script into `/opt/local/etc/openvpn2/` and made sure it was executable.
I also placed the following at the end of the `client.conf` file in `/opt/local/etc/openvpn2/`:

Code: Select all

script-security 2
up /opt/local/etc/openvpn2/update-resolv-conf
down /opt/local/etc/openvpn2/update-resolv-conf
But when I run openvpn2 to connect to Proton VPN, the `update-resolv-conf` script does not appear to run. I can connect to Proton VPN but the dns leak test fails.

Code: Select all

bash-3.2$ sudo openvpn2 /Users/rob/Downloads/us-free-41.protonvpn.net.tcp.ovpn 
Password:
2023-10-02 10:51:35 OpenVPN 2.6.6 x86_64-apple-darwin11.4.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD]
2023-10-02 10:51:35 library versions: OpenSSL 3.1.3 19 Sep 2023, LZO 2.10
Enter Auth Username:
Enter Auth Password:
2023-10-02 10:51:52 TCP/UDP: Preserving recently used remote address: [AF_INET]37.19.221.197:8443
2023-10-02 10:51:52 Attempting to establish TCP connection with [AF_INET]37.19.221.197:8443
2023-10-02 10:51:52 TCP connection established with [AF_INET]37.19.221.197:8443
2023-10-02 10:51:52 TCPv4_CLIENT link local: (not bound)
2023-10-02 10:51:52 TCPv4_CLIENT link remote: [AF_INET]37.19.221.197:8443
2023-10-02 10:51:52 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-10-02 10:51:52 [node-us-150.protonvpn.net] Peer Connection Initiated with [AF_INET]37.19.221.197:8443
2023-10-02 10:51:53 Opened utun device utun0
2023-10-02 10:51:53 /sbin/ifconfig utun0 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2023-10-02 10:51:53 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2023-10-02 10:51:53 /sbin/ifconfig utun0 10.98.0.3 10.98.0.3 netmask 255.255.0.0 mtu 1500 up
add net 10.98.0.0: gateway 10.98.0.3
add net 37.19.221.197: gateway 192.168.1.1
add net 0.0.0.0: gateway 10.98.0.1
add net 128.0.0.0: gateway 10.98.0.1
2023-10-02 10:51:53 Initialization Sequence Completed
FTI -- Proton VPN has its own `update-resolv-conf.sh` script for Linux. (but it uses openresolv)
See
https://protonvpn.com/support/linux-openvpn/
and
https://raw.githubusercontent.com/Proto ... lv-conf.sh

I am probably missing something really simple to get the Mac version of `update-resolv-conf` script to run.

Any help would be greatly appreciated.
Top
RobKen
OpenVpn Newbie
Posts: 4
Joined: Mon Oct 02, 2023 5:31 pm

Re: Unable to get update-resolv-conf Script to Work with Proton VPN

Post by RobKen » Tue Oct 03, 2023 3:23 pm

It looks like the `update-resolv-conf` script is never run.
I added `echo starting script` to the top of the script but it never appears on the screen.

Any ideas why the script is never run? What am I doing wrong with my statements in client.conf?
Top
RobKen
OpenVpn Newbie
Posts: 4
Joined: Mon Oct 02, 2023 5:31 pm

Re: Unable to get update-resolv-conf Script to Work with Proton VPN

Post by RobKen » Tue Oct 03, 2023 4:42 pm

Making Progress!!!

I was able to get the Mac version of the `uppdate-resolv-conf` script to work but I had to add the following to the actual Proton VPN .ovpn file. (The same statements in `client.conf` were never read!)

Code: Select all

script-security 2
up /opt/local/etc/openvpn2/update-resolv-conf
down /opt/local/etc/openvpn2/update-resolv-conf
No more DNS leaks!

For some reason openvpn2 is NOT reading the client.conf file in /opt/local/etc/client.conf which is location where MacPorts placed it.

I created a symlink between /etc/openvpn and /opt/local/etc/openvpn2/ but that did not do anything.

Code: Select all

sudo ln -s /opt/local/etc/openvpn2 /etc/openvpn
Any ideas? Or do I have to add the code above to each and every Proton VPN .ovpn file?
Last edited by RobKen on Tue Oct 03, 2023 8:40 pm, edited 1 time in total.
Top
RobKen
OpenVpn Newbie
Posts: 4
Joined: Mon Oct 02, 2023 5:31 pm

Re: Unable to get update-resolv-conf Script to Work with Proton VPN

Post by RobKen » Tue Oct 03, 2023 5:23 pm

I just figured it out!

I did not fully understand that difference between the client.conf file and the .ovpn files. I thought Openvpn first read client.conf and then read the .ovpn file overiding any settings if needed. That is not the case.

If one supplies a .ovpn file on the command line, the client.conf file is never read.

What really threw me was the Proton VPN website. When discussing its update-resolv.conf file for Linux, it never mentioned adding the UP and DOWN code to its .ovpn files.

Now I know I will need to add the following to all the Proton VPN .ovpn config files that I intend to use:

Code: Select all

script-security 2
up /opt/local/etc/openvpn2/update-resolv-conf
down /opt/local/etc/openvpn2/update-resolv-conf
Last edited by RobKen on Tue Oct 03, 2023 8:41 pm, edited 1 time in total.
Top
Post Reply

Return to “Scripting and Customizations”