OpenVPN client with private DNS server behind tunnel

Hi forum

I have set up an OpenVPN client on a travel router to access my home network. In my home network I am using a local DNS server, which I also want to use on my travel router.

My problem is, when the connection to the VPN server is interrupted I can not automatically reconnect because then my local DNS server is not reachable anymore and then the DynDNS entry for my VPN sever does not get resolved.

So I always have to go into the config, use a public DNS server to connect to my VPN and then change back to my DNS server. Alternatively I can use the IP instead of the DynDNS for the time of the travel.

Both options are kind of not optimal, so if anyone has an idea how to improve that would be great :laughing:

That may be a simplistic answer but shouldn't the DNS be pushed by the ovpn server?

You are right it should be pushed but it is not working with my OpenWRT device. If I e.g. use my mobile OpenVPN app to connect to my OpenVPN server the DNS server is pushed.
I have the according option in the server config push "dhcp-option DNS IPaddress".

When using push there is no dns definition in the client ovpn file? It is also possible to push more than one dns, the second (a public one) serving as a backup and that would prevent blocking. I also vaguely remember that the android client app had a few oddities but I did not test this platform myself. I think it could help to provide the non private part of your server config and dns config but I am not sure I would be capable of helping you further because I was planning on doing almost exactly what you are trying to acheive!

Why not let the router itself use public resolvers, but intercept and forward all client DNS queries to your private server?

Hi @pavelgl I think this would be perfect. Can you advice how this could be configured, ideally in LuCI?

I presume the vpn interface/device is assigned to the wan firewall zone.

Network->Firewall->Port Forwards

image

Use the --custom-- field to enter the "Internal" IP address.

@pavelgl Thank you for the guide, unfortunately it is not working for me. I am still using the ISP DNS server...
@papagirafe I added dhcp-option DNS x.x.x.x to the client.conf, unfortunately this did not have any effect...

Seems to be more tricky than I anticipated :sweat_smile:

Solved the issue via up and down script, see here:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.