Stella Ashburne <rewe...@gmx.com> writes: > Yes, I was referring to using the old script update-resolv-conf with OpenVPN. > >> I never got that to do the right thing with any >> reliability. >> > Please explain what you meant by your statement. > > I've been using update-resolv-conf with OpenVPN without problems for > the past four to five years. The dozen or two commercial VPN providers > insist that I use update-resolv-conf to prevent DNS and data leaks.
If it works for you, great. My problem was that I usually ended up with the VPN's DNS and my router in resolv.conf so DNS leak was automatic. Also it didn't always remove the VPN DNS from resolv.conf when the VPN went down, with the end result that nothing could be resolved and openvpn couldn't reconnect. I think I mangled the script a little which helped but update-systemd-resolved just works. For me. > ? With systemd-resolved you can use update-systemd-resolved >> which actually seems to work. >> > Would you like to share with me how to invoke/launch systemd-resolved > and update-systemd-resolved in combination with OpenVPN please? Do I > need to install packages in order to have systemd-resolved and > update-systemd-resolved? Systemd-resolved is part of systemd and it's invoked as usual by systemctl, the service name is systemd-resolved.service. It also has the benefit that you can configure interface specific DNS so you can still use a local DNS for local names. Brilliant feature if you use VPNs but still want to use your LAN too. Systemd-resolved's usual config is to use it as stub resolver so you have nameserver 127.0.0.53 in /etc/resolv.conf and actual resolving config can be shown by resolvectl status. It definitely doesn't make life simpler but for me it works. update-systemd-resolved is in Debian package openvpn-systemd-resolved. To use it with openvpn and systemd-resolved it just needs a few options in openvpn's config like this: script-security 2 up /etc/openvpn/update-systemd-resolved up-restart down /etc/openvpn/update-systemd-resolved down-pre
