OpenVPN Anleitung für update-resolv-conf

    Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen

    • Währe das Problem nicht gegessen, wenn einfach im Router die DNS des Anbieters durch eine öffentliche DNS ersetzt wird? Also 1.1.1.1 oder 8.8.8.8. ?

      Dann müsste man mit diesem Script auf der sicheren Seite sein.
    • Hi Banana Joe, some trouble here with DNS leaks on openvpn and your update-resolv-conf
      from: OpenVPN Anleitung für update-resolv-conf

      I get the following with CAT:

      root@vusolose:~# cat /etc/resolv.conf
      domain UNITED
      nameserver 192.168.1.1

      when I run: openvpn --config /etc/openvpn/client.conf
      it gives me the following:
      Spoiler anzeigen


      root@vusolose:~# openvpn --config /etc/openvpn/client.conf
      Fri Jun 8 01:12:12 2018 WARNING: file '/etc/openvpn/userpass.txt' is group or others accessible
      Fri Jun 8 01:12:12 2018 OpenVPN 2.4.3 mipsel-oe-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2017
      Fri Jun 8 01:12:12 2018 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
      Fri Jun 8 01:12:12 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit
      Fri Jun 8 01:12:12 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Fri Jun 8 01:12:12 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
      Fri Jun 8 01:12:12 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
      Fri Jun 8 01:12:12 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]62.112.9.166:1194
      Fri Jun 8 01:12:12 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
      Fri Jun 8 01:12:12 2018 UDP link local: (not bound)
      Fri Jun 8 01:12:12 2018 UDP link remote: [AF_INET]62.112.9.166:1194
      Fri Jun 8 01:12:12 2018 TLS: Initial packet from [AF_INET]62.112.9.166:1194, sid=cf8eae0a 8ebd6355
      Fri Jun 8 01:12:12 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Fri Jun 8 01:12:12 2018 VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
      Fri Jun 8 01:12:12 2018 VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
      Fri Jun 8 01:12:12 2018 VERIFY KU OK
      Fri Jun 8 01:12:12 2018 Validating certificate extended key usage
      Fri Jun 8 01:12:12 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
      Fri Jun 8 01:12:12 2018 VERIFY EKU OK
      Fri Jun 8 01:12:12 2018 VERIFY OK: depth=0, CN=nl-02.protonvpn.com
      Fri Jun 8 01:12:13 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
      Fri Jun 8 01:12:13 2018 [nl-02.protonvpn.com] Peer Connection Initiated with [AF_INET]62.112.9.166:1194
      Fri Jun 8 01:12:14 2018 SENT CONTROL [nl-02.protonvpn.com]: 'PUSH_REQUEST' (status=1)
      Fri Jun 8 01:12:14 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.8.8 255.255.255.0,peer-id 14,cipher AES-256-GCM'
      Fri Jun 8 01:12:14 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: timers and/or timeouts modified
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: explicit notify parm(s) modified
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
      Fri Jun 8 01:12:14 2018 Socket Buffers: R=[163840->327680] S=[163840->327680]
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: --ifconfig/up options modified
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: route options modified
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: route-related options modified
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: peer-id set
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: adjusting link_mtu to 1657
      Fri Jun 8 01:12:14 2018 OPTIONS IMPORT: data channel crypto options modified
      Fri Jun 8 01:12:14 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
      Fri Jun 8 01:12:14 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
      Fri Jun 8 01:12:14 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
      Fri Jun 8 01:12:14 2018 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:1d:ec:09:d4:d2
      Fri Jun 8 01:12:14 2018 TUN/TAP device tun0 opened
      Fri Jun 8 01:12:14 2018 TUN/TAP TX queue length set to 100
      Fri Jun 8 01:12:14 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Fri Jun 8 01:12:14 2018 /sbin/ip link set dev tun0 up mtu 1500
      Fri Jun 8 01:12:14 2018 /sbin/ip addr add dev tun0 10.8.8.8/24 broadcast 10.8.8.255
      Fri Jun 8 01:12:14 2018 /etc/openvpn/update-resolv-conf-BJ tun0 1500 1585 10.8.8.8 255.255.255.0 init
      nameserver 10.8.8.1
      Fri Jun 8 01:12:14 2018 /sbin/ip route add 62.112.9.166/32 via 192.168.1.1
      Fri Jun 8 01:12:14 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
      Fri Jun 8 01:12:14 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
      Fri Jun 8 01:12:14 2018 Initialization Sequence Completed


      But am I missing something or should CAT display:

      Spoiler anzeigen
      root@vusolose:~# cat /etc/resolv.conf
      domain UNITED

      nameserver 10.8.8.1
      INSTEAD OF IN MY CASE DISPLAYING ONLY MY OWN ROUTER DNS :192.168.1.1
      root@vusolose:~# cat /etc/resolv.conf
      domain UNITED
      nameserver 192.168.1.1

      How do I fix this???? Please help or give my some pointers....
      I am using a VU SOLO SE v2 on OPENATV 6.1

      The only thing I changed was setting the PATH in your update-resolv-conf-BJ file to:
      ## manually if it still doesn't work, i.e.
      RESOLVCONF=/etc/network/if-down.d/resolvconf

      also:
      root@vusolose:~# nslookup abc.de
      Server: 192.168.1.1
      Address 1: 192.168.1.1 router.asus.com

      Name: abc.de
      Address 1: 194.49.7.145 mail.abc.de
      root@vusolose:~#

      and:
      root@vusolose:~# opkg info openresolv
      Package: openresolv
      Version: 3.5.2-r0
      Provides: resolvconf
      Conflicts: resolvconf
      Status: install user installed
      Section: base
      Architecture: all
      Maintainer: OE-Core Developers <openembedded-core@lists.openembedded.org>
      MD5Sum: 2fc414d32961b707001053ce3d6c1019
      Size: 10016
      Filename: openresolv_3.5.2-r0_all.ipk
      Source: openresolv-3.5.2.tar.bz2 file://000resolvconf.if-up file://000resolvconf.ppp.ip-down file://000resolvconf.ppp.ip-up file://resolvconf.conf file://resolvconf.if-down file://volatiles.99_openresolv
      Description: management framework for resolv.conf
      management framework for resolv.conf.
      Installed-Size: 35381
      Installed-Time: 1528412801
      and:
      My IP-adres does change to the paid protonvpn but the dns just doesn't change to 10.8.8.1

      PLEASE HELP,
      Thank in advance

      Dieser Beitrag wurde bereits 1 mal editiert, zuletzt von hgdo ()

    • Thanks for the quick reply Banana Joe,

      It's indeed in: /sbin/resolvconf

      Now I have:
      root@vusolose:~# cat /etc/resolv.conf
      nameserver 10.8.8.9
      nameserver 192.168.1.1 (my router IP is still showing/leaking?)

      root@vusolose:~# nslookup abc.de
      Server: 10.8.8.9
      Address 1: 10.8.8.9

      root@vusolose:~# wget -qO- plain ; echo
      62.112.9.165 (protonvpn ip-adres)[/i]



    • The first dns server in the list is used until it isn't responding anymore. This means you are fine as long as the first server is working correctly.

      I did not invented update-resolv-conf by myself. I just slightly changed the script to work with busybox.