You’ve recently upgraded to Ubuntu 18.04 and found that your OpenVPN connection no longer resolves DNS properly ? This frustrating issue affects many users who upgraded from earlier Ubuntu versions,
particularly those coming from Ubuntu 16.04 where everything worked smoothly. In this article, I’ll walk you through why this happens and provide several tested solutions to get your VPN’s DNS resolution working again.
The core issue stems from how Ubuntu 18.04 handles DNS resolution differently from previous versions. In Ubuntu 16.04, when you connected to a VPN, the /etc/resolv.conf file would be automatically updated with the DNS servers provided by your VPN network. However, in Ubuntu 18.04, this file typically contains only:
nameserver 127.0.0.53 search myprovider.com
This points to a local DNS stub resolver managed by systemd-resolved, which is the default DNS resolution service in Ubuntu 18.04. The problem occurs because the traditional OpenVPN scripts that used to update the DNS settings are no longer compatible with this new approach.
Read: Fixing OpenVPN DNS Issues on Ubuntu 18.04
When you connect to an OpenVPN server, your system needs to know which DNS servers to use for resolving domain names. In Ubuntu 18.04, the default OpenVPN scripts attempt to update DNS settings using the resolvconf utility, which is no longer the primary DNS management tool. As a result, even though your VPN connection might be established successfully, DNS queries either fail completely or don’t route through the VPN as expected.
The most straightforward and recommended solution is to use the systemd-resolved helper script designed specifically for OpenVPN. This approach ensures that DNS settings are properly integrated with Ubuntu 18.04’s DNS resolution system.
First, install the OpenVPN helper for systemd-resolved:
sudo apt install openvpn-systemd-resolved
I’ve found this package to be a lifesaver when dealing with DNS issues in Ubuntu 18.04. It provides the necessary integration between OpenVPN and systemd-resolved.
Read: How to Troubleshoot and Optimize Ubuntu Startup: Manage Systemd Services for Faster Boot Time
Next, modify your OpenVPN client configuration file to use the new helper scripts. If you’re using a .ovpn file, add or modify the following lines:
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
These lines tell OpenVPN to use the systemd-resolved helper scripts when establishing or terminating the connection.
To prevent DNS leakage, which can compromise your privacy when using a VPN, add this line to your configuration:
dhcp-option DOMAIN-ROUTE .
This ensures that all DNS queries are routed through the VPN tunnel.
Read: Troubleshooting Ethernet and DNS Issues in Ubuntu 24.04
If the package installation doesn’t work for you, or if you prefer a more manual approach, you can download and install the helper scripts directly:
sudo mkdir -p /etc/openvpn/scripts
sudo wget https://raw.githubusercontent.com/jonathanio/update-systemd-resolved/master/update-systemd-resolved -P /etc/openvpn/scripts/
sudo chmod +x /etc/openvpn/scripts/update-systemd-resolved
Edit your OpenVPN client configuration file by adding or modifying the following lines:
script-security 2
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
I’ve implemented this solution on several client machines, and it works reliably across different OpenVPN server configurations.
Read: How to Install OpenVPN on Ubuntu 16.04 And 18.04
If you prefer using NetworkManager’s GUI for managing your VPN connections, you can fix the DNS resolution issue by adjusting the DNS priority:
sudo apt install network-manager-openvpn-gnome
Adjust the DNS priority for your VPN connection to ensure it takes precedence:
sudo nmcli -p connection modify YOUR_VPN_CONNECTION_NAME ipv4.dns-priority -1
Replace YOUR_VPN_CONNECTION_NAME with the actual name of your VPN connection as it appears in NetworkManager.
If you want to specify particular DNS servers for your VPN connection:
sudo nmcli connection modify YOUR_VPN_CONNECTION_NAME ipv4.dns "DNS_SERVER_IP"
Replace DNS_SERVER_IP with the IP address of your preferred DNS server.
For those who prefer a command-line approach but still want to use NetworkManager, you can set up your VPN connection completely via the terminal:
sudo nmcli connection add type vpn vpn-type openvpn con-name YOUR_VPN_NAME ifname --
sudo nmcli connection modify YOUR_VPN_NAME ipv4.dns DNS_SERVER_IP
sudo nmcli connection modify YOUR_VPN_NAME ipv4.dns-search YOUR_DOMAIN_SEARCH
sudo nmcli connection modify YOUR_VPN_NAME ipv4.never-default yes
Then, set the VPN data including certificates and connection details:
sudo nmcli connection modify YOUR_VPN_NAME vpn.data 'ca = /path/to/ca.crt, key = /path/to/client.key, dev = tun, cert = /path/to/client.crt, cert-pass-flags = 1, comp-lzo = adaptive, remote = your.vpn.server:1194, connection-type = tls'
This approach gives you fine-grained control over your VPN configuration while still benefiting from NetworkManager’s integration with the system.
If you encounter this error, it’s likely related to the compression settings. Check that your client configuration matches the server’s compression settings. If the server uses LZO compression, ensure your client configuration includes:
comp-lzo yes
This can happen if your system is still caching DNS responses from before the VPN connection. Try flushing your DNS cache:
sudo systemd-resolve --flush-caches
If you get an error about the scripts not being found, double-check the paths in your configuration file. The paths should be absolute and point to the correct location of the scripts.
After applying one of the solutions above, you can verify that DNS resolution is working correctly through your VPN by using the following commands:
resolvectl status
nslookup example.com
dig example.com | grep SERVER
If these commands show that your queries are being resolved by the VPN’s DNS servers, then your configuration is working correctly.
The shift from the traditional resolvconf utility to systemd-resolved in Ubuntu 18.04 is part of a broader move toward systemd integration. The systemd-resolved service provides a DNS stub resolver that listens on 127.0.0.53 and manages DNS settings in a centralized way.
When you connect to a VPN, the OpenVPN client needs to inform systemd-resolved about the DNS servers provided by the VPN server. The helper scripts we’ve discussed establish this communication, ensuring that DNS queries are properly routed through the VPN tunnel when needed.
DNS resolution issues with OpenVPN on Ubuntu 18.04 can be frustrating, but they’re solvable with the right approach. The most reliable solution is to use the openvpn-systemd-resolved package, which provides the necessary integration between OpenVPN and Ubuntu’s DNS resolution system.
By following the steps outlined in this guide, you should be able to get your VPN’s DNS resolution working correctly, allowing you to access resources both inside and outside your VPN network without issues.
Remember that the specific solution you need may depend on your exact setup and requirements. Don’t hesitate to try different approaches if the first one doesn’t work for your situation.
Ubuntu 18.04 switched to using systemd-resolved as the default DNS resolver, which handles DNS resolution differently from the resolvconf utility used in Ubuntu 16.04. The traditional OpenVPN scripts that worked with resolvconf are not compatible with systemd-resolved.
resolvconf in Ubuntu 18.04?Yes, you can install resolvconf in Ubuntu 18.04, but it’s not recommended as it may conflict with systemd-resolved. It’s better to use the solutions described in this article that work with systemd-resolved.
This issue primarily affects OpenVPN connections. Other VPN protocols may have different integration methods with systemd-resolved.
Most of these solutions should work on Ubuntu 20.04 and newer versions, as they also use systemd-resolved. However, there might be slight differences in implementation details.
You can use online DNS leak test services or check which DNS servers are being used with the resolvectl status command. If your DNS queries are being resolved by servers other than those provided by your VPN, you might have a DNS leak.
If you want to use a custom DNS server with your VPN, you can specify it in your OpenVPN configuration using the dhcp-option DNS directive or configure it in NetworkManager.
These solutions should work on other Debian-based distributions that use systemd-resolved, though the exact paths and package names might differ slightly.
If you’re connecting to multiple VPNs, you might need to adjust the DNS priority for each connection or use more advanced routing configurations to ensure that DNS queries are sent to the appropriate servers.
The post How to fix DNS Resolution Issues with OpenVPN on Ubuntu 18.04 appeared first on net2.
In this article, we will see how to install clang tool on Ubuntu or Debian…
When working with Docker containers on Raspberry Pi devices, you might encounter frustrating signature verification…
Have you ever tried to open System Monitor on your Ubuntu 18.04 system only to…
System hardening means locking down a system and reducing its attack surface: removing unnecessary software…
Virtual machines have been a cornerstone of IT for years, but there’s a more efficient…
If you’ve recently switched to Ubuntu or another Snap-supporting Linux distribution, you might encounter an…