Opened 2 years ago

Last modified 2 years ago

#20830 new defect

OpenVPN client not updating DNSmasq servers

Reported by: qberdugo@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Chaos Calmer 15.05
Keywords: OpenVPN DNSmasq Cc:



I'm using openWRT and openVPN to create a network to network VPN. Everything works fine but it seems like the client side ignores the dhcp DNS option.

Client side logs:
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS,dhcp-option DOMAIN lan,route,route,topology net30,ping 10,ping-restart 120,ifconfig'

#cat /tmp/resolv.conf
search lan

cat /tmp/
# Interface wan

My understanding is that should be overridden by the addess pshed by the openVPN server (

Other than that, everything works fine : I'm able to resolve manually both on the client and server dnsmasq

Address 1: localhost

Address 1: 2a00:1450:401b:800::200e
Address 2:

Address 1: bb.lan

Address 1: 2a00:1450:4007:805::1001
Address 2:

Note : I do *not* push the default route to be the VPN server intentionally.


Debug info
[root@FriedNoodle:/overlay/work]#uname -a
Linux FriedNoodle 3.18.20 #1 Fri Sep 4 18:55:05 CEST 2015 mips GNU/Linux

[root@FriedNoodle:/overlay/work]#openvpn --version
OpenVPN 2.3.6 mipsel-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015
library versions: PolarSSL 1.3.11, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>

[root@FriedNoodle:/overlay/work]#cat /etc/config/openvpn
config openvpn 'noumezon_client'

option client '1'
option dev 'tun'
option proto 'udp'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option comp_lzo 'yes'
option verb '4'
option remote ' 1194'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/ovpn-friednoodle.crt'
option key '/etc/openvpn/ovpn-friednoodle.key'
option fast_io '1'
option enabled '1'
option remote_cert_tls server

CLIENT SIDE dnsmasq config :

config dnsmasq

option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/'

config openvpn 'tcp'

option enable '1'
option port '1194'
option proto 'tcp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/ovpn-bluebox.crt'
option key '/etc/openvpn/ovpn-bluebox.key'
option dh '/etc/openvpn/dh2048.pem'
option ifconfig_pool_persist '/tmp/ipp-tcp.txt'
option keepalive '10 120'
option comp_lzo 'adaptive'
option persist_key '1'
option persist_tun '1'
option status '/var/log/openvpn-status-tcp.log'
option verb '3'
option server ''
option client_to_client '1'
option crl_verify '/etc/openvpn/crl.pem'
option client_config_dir '/etc/openvpn/ccd'
list push 'dhcp-option DNS'
list push 'dhcp-option DOMAIN lan'
list push 'route'
option enabled '1'

Anything else, let me know

Attachments (0)

Change History (2)

comment:1 Changed 2 years ago by anonymous

did you solved this?

comment:2 Changed 2 years ago by eric_dtw

If I followed the script chain correctly. /tmp/ is created during IFUP events from /lib/dhcp* scripts called by udhcpc and odhcpv6c. That is where a VPN tunnel also needs to update on a virtual IFUP.

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.