On Fri, Jul 27, 2018 at 02:38:37PM -0400, Jim Popovitch wrote: > Hello, > > Is there a way to have an OpenVPN server push dhcp-options to the > clients that completely replace any existing entries in > /etc/resolv.conf? > The short answer is, "as long as you use NetworkManager, no."
I no longer have the link, but some time ago I found a page that explains it very clearly. Search terms: "openvpn networkmanager dns leak" Effectively, NetworkManager lacks a concept of "replace the active DNS settings when this connection becomes active." Instead, what it does is add the DNS servers to those already listed. There is supposed to be a way to specify the IPv4 DNS servers (you can do this in the NM gui), then you set the IPv4 DNS priority to -1 (meaning clear everything else out and use these instead) by editing the text configuration file. The problems with that, though, are the result of the -1 priority appears to prevent any other connection from having IPv4 DNS servers in resolv.conf. That may or may not be a problem for you. That approach also prevents you from taking advantage of DHCP push of DNS servers from the VPN server. I have seen some bugs requesting that they fix it, and even a commit that might be what you are asking for. However, I don't know when it might make its way into a Debian stable release (or even unstable). Regards, -Roberto -- Roberto C. Sánchez
