Followed your link, but get the same results. (The file is empty) Very strange. There must be something I have done different after my last clean install en config. But no idea what. I'll keep searching.
I stopped Adblock / Banip / vpn-policy-routing to see if they are the ones to blame, I think I am the one myself...
Because the variables are there when I start the VPN I'm clueless at the moment.
One thing I did, because it wasn't working. I removed openvpn-openssl and luci-app-openvpn, removed the interface and the firewall settings and installed all again and overwrite all settings.
Is it possible that I did something there?
Is resolv.conf.auto in 21.02-snapshot located in /tmp/resolv.conf.d/ instead of in /tmp as in 19.07-snapshot?
@vgaetera ok an update /workaround, but not how it should work i think.
I use the script in my vpn script for up and down (from the link in your post)
When the VPN goes up, the file /tmp/resolv.conf.vpn is made and the DNS server is in there. So vpn works with correct DNS.
When the VPN goed down, the file /tmp/resolv.conf.auto is made, but empty.
So as an temperary solution I copied the content of /tmp/resolv.conf.d/resolv.conf.d/resolv.conf.auto to that file and now it works.
I didn't had a previous file resolv.conf.auto in /tmp by the way.
If I eventualy have the need to give the vpn connected clients the vpn's dns server and the normal wan users the dns who is given in the interface setting. (the thing I said was not needed at first)
Do I need a multiple instance dnsmasq then? I asume I have to edit the client.sh file so that only one instance of dnsmasq is altered?
That's correct if you need dynamic configuration and/or process DNS queries with Dnsmasq.
Another option is to provide custom static DNS with DHCP bypassing Dnsmasq DNS.
I'm trying to follow your first link form the wiki.
I've got two instances lan (eth0.1) for normal users and vpnclient (tun0) for my vpn users.
When I want to make multiple instances, I tried to do the following in /etc/config/dhcp,
but the differents with the wiki example is that tun0 uses the dhcp settings for lan, because tun0 hasn't any. So my config can't be correct like this, I only have no clue what to edit to make it work.
If this works, the client.sh script who is executed on VPN up/down needs to editted so only the tun0 instance is changed, or at least updated with the last dns settings form my vpn provider. (i think up and down command have to be the same and have to point to the tun0 instance?
Somewhere after @dnsmasq[0] ?
#!/bin/sh
env | sed -n -e "
/^foreign_option_.*=dhcp-option.*DNS/s//nameserver/p
/^foreign_option_.*=dhcp-option.*DOMAIN/s//search/p
" | sort -u > /tmp/resolv.conf.vpn
case ${script_type} in
(up) uci set dhcp.@dnsmasq[0].resolvfile="/tmp/resolv.conf.vpn" ;;
(down) uci set dhcp.@dnsmasq[0].resolvfile="/tmp/resolv.conf.d/resolv.conf.auto" ;;
esac
/etc/init.d/dnsmasq restart &
my current /etc/config/dhcp file (there is no dhcp for tun0)
Ok, I'm a bit lost here, nothing worked anymore, so I'm back to my default to make it work again.
The client.sh script does make the next thing happen;
-If al users are on WAN, so VPN is down the DNS from my network (etc/config/network) is being used.
-If al users are on VPN (so tun0 is up) the DNS from my VPN provider is used.
So far so good
On my vpn-policy-routing I set all clients op VPN that needs VPN and on WAN when it is not needed.
But the non VPN users now have to use the VPN providers DNS, this is in some cases not working well.
So what I need is that my clients that go over WAN, use the VPN provided in /etc/config/network
/tmp/resolv.conf.vpn is my VPN DNS server setting.
/tmp/resolv.conf.d/resolv.conf.auto is my own DNS setting.
I asume I need multiple instances of dnsmasq, but my tun0 does not serve IP's, my normal LAN does.
How can I config my /etc/config/dhcp file that normal LAN to WAN users use the file /tmp/resolv.conf.d/resolv.conf.auto and my VPN users use /tmp/resolv.conf.vpn
You need to force the VPN clients to use different resolvers.
A common approach is to route the guest network to VPN, and LAN to WAN.
This way you can easily configure separate DHCP and DNS instances for each network.