Looking at /etc/resolv conf file, it is clear that nameservers definitions are not changed. So - as I understand - client does not respond to "push DNS..." statement.
Below example of client /etc/sysconfig/network-scripts/vpn.d/openvpn config file on M5
- Code: Select all
dev tun
tls-client
remote server.example.com 1194
dhcp-option DNS 10.55.55.100
route 10.53.28.32 255.255.255.240
route 10.53.28.16 255.255.255.240
route-metric 50
pull
proto tcp-client
script-security 2
ca /home/maciek/dir_v/openvpn/ca.crt
comp-lzo
reneg-sec 0
auth-user-pass /home/maciek/dir_v/openvpn/login.conf
auth-nocache
And server config file on Synology:
- Code: Select all
Lilith> cat openvpn.conf
push "route 10.55.55.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option DNS 10.55.55.100"
dev tun
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0
dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh1024.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key
max-clients 5
comp-lzo
persist-tun
persist-key
verb 3
#log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto tcp6-server
port 1194
And server config file on M5:
- Code: Select all
[root@mackowiak openvpn]# cat server.conf
daemon
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.12.12.0 255.255.255.0
push "dhcp-option DNS 192.168.0.201"
keepalive 10 120
cipher AES-128-CBC # AES
comp-lzo
max-clients 10
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
client-cert-not-required
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
I try to use "up" and "down" entries in client config file to manually change content of /etc/resolv.conf. It is strange that "up" script works correctly but "down" - no. So after disconnecting, the content of resolv.conf file remains at the state changed by "up" script.
Does anybody can help mie with such "push DNS" problem?