[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How do automatically set a new nameserver using OpenVPN 2.0rc6 on Mac OSX?


  • Subject: Re: [Openvpn-users] How do automatically set a new nameserver using OpenVPN 2.0rc6 on Mac OSX?
  • From: Davis Goodman <davis.goodman@xxxxxxxxxxxx>
  • Date: Tue, 11 Jan 2005 13:13:50 -0500

Here are two scripts that will do the job:

==========  up.sh  ==============
#!/bin/sh
#Script to setup the resolv.conf file for the OpenVPN connection
# Runs when the openvpn connection comes up
#Davis Goodman August 13th, 2004

dnsaddress=`echo $foreign_option_1 |cut -b 17-`
domain=`echo $foreign_option_4 |cut -b 20-`
cp /etc/resolv.conf /etc/resolv.conf.orig
echo search $domain  > /etc/resolv.conf
echo nameserver $dnsaddress  >> /etc/resolv.conf

=============================

============  down.sh  ================


#!/bin/sh #Script runs when the OpenVPN connection is torned down and restores the resolv.conf file #Davis Goodman August 13th, 2004 # # mv /etc/resolv.conf.orig /etc/resolv.conf

==================================

You also have to had to your config file the following:

# The up and down script are necessary
# on a Unix Box for setting up
# the resolv.conf file otherwise comment out
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh



____________________________________
*Davis Goodman*
Manager, QA & Support

 <http://www.algolith.com>

400 Isabey
Montréal (Québec)
Canada H4T 1V3

Tel. : 514.335.9867 #3279
Cell. : 514.994.7360
Fax : 514.333.9873
davis.goodman <mailto:davis.goodman@xxxxxxxxxxxx>@algolith.com
<mailto:davis.goodman@xxxxxxxxxxxx>
www.algolith.com <http://www.algolith.com/>



Tim Bruijnzeels wrote:

Hi,

I have the following problem:

I am using OpenVPN 2.0rc6 with lzo-1.8.0 on a Mac (OSX v.10.3.7) using Matthias Nissler's Tun/Tap driver (http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ <http://www-user.rhrk.uni-kl.de/%7Enissler/tuntap/> see install notes for mac) to connect as a client to a Linux OpenVPN server.

Connecting to the VPN seems to work fine, but for name resolution. My machine still wants to use the old nameserver it got via DHCP from the network it was connected to; this is a problem as I need to be able to resolve names that exist in the internal network only. I know for windows clients it's possible to specify your new (internal) nameserver using:
dhcp-option DNS xxx.xxx.xxx.xxx


But this does not work for Mac.

I have tried using:
push dhcp-option DNS xxx.xxx.xxx.xxx

On the server to coerce clients to use this as their new nameserver, but this didn't work either.

I can access the new nameserver over the VPN however: dig @xxx.xxx.xxx.xxx works fine. So, if I manually edited /etc/resolv.conf to point to the new nameserver I get better results from the commandline (dig works without @..). But my applications (thunderbird, safari, etc.) refuse to use the new nameserver settings then. Pointing my email client to my mailserver' s internal ip-address instead of its name works fine.
Manually changing /etc/resolv.conf is not something I like to do. It seems it doesn't even do the job :(. But in the light of troubleshooting...


So my question is: is there any way to make my mac correctly use a new nameserver upon connecting? Preferably automatic, and preferably reverting to the old nameserver when I disconnect. Much like what's implemented for windows clients.

An excerpt of my config-file follows below..

Thanks for your help,

Tim Bruijnzeels

--------------- client config-file --------
port 5000
dev tun
remote fully.qualified.domain.name
tls-client
ca    /path/to/ca.crt
cert /path/to/my.crt
key  /path/to/my.key
dh   /path/to/dh.pem
dhcp-option DNS xxx.xxx.xxx.xxx
ping 10
comp-lzo
ping-restart 20
resolv-retry 1800
ping-timer-rem
persist-key
persist-tun
pull
verb 4



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users