Attention is currently required from: d12fk, flichtenheld, plaisthos. cron2 has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/838?usp=email )
Change subject: dns: apply settings via script on unixoid systems ...................................................................... Patch Set 22: (3 comments) Patchset: PS22: So, tested on FreeBSD, script works. Great :-) Tested on Gentoo/resolv.conf file (does not work), and on the "debian testing" box (now claims to "setting DNS using resolv.conf file") but it does not work either - same effect as on Gentoo, I end up with an empty `nameserver <nothing>` line (see copy-paste in the systemd-dns-updown.sh hunk) Tested on OpenBSD/resolv.conf file (does not work, different error) (see there). Also, it does not do anything for incoming pushed DHCP_OPTION DNS - depending on client UV_WANT_DNS I push DHCP-Options that are properly reflected to an ``--up`` script, but the `--dns-updown` script is not run at all. This is not how I understand what it should do - is this fixed in a later patch in the series? File distro/dns-scripts/resolvconf_file-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/838/comment/a6af4a0f_484144cd : PS22, Line 85: so, tested this on OpenBSD (7.6) and it does not work Incoming push info as on Linux (`,dns server 1 address 10.194.0.1,dns server 1 address fd00:abcd:194::1,dns server 2 resolve-domains open.vpn,dns server 2 address 10.194.1.1,dns server 2 address fd00:abcd:194:1::1`) and the script dies with ``` 2025-05-02 18:54:28 distro/dns-scripts/dns-updown sed: 1: "1i### openvpn tun1 begi ...: command i expects \ followed by text 2025-05-02 18:54:28 dns up command exited with status 1 ``` and nothing gets changed. File distro/dns-scripts/systemd-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/838/comment/9a1615d4_fd1db246 : PS22, Line 231: } this looks like it should work, but it doesn't behave for me... Gentoo, again, with pushed `--dns` settings, and the resulting resolv.conf looks like this: ``` ### openvpn tun8 begin ### nameserver ### openvpn tun8 end ### # Generated by netifrc for interface enp2s1 domain ov.greenie.net nameserver 2001:608::2 nameserver 195.30.0.1 nameserver 195.30.0.2 ``` the client invocation is like this (with the reference server that pushes --dns or --dhcp-option dns, depending on UV_WANT_DNS): ``` openvpn --client --ca /home/gert/t_client_keys/ca.crt --cert /home/gert/t_client_keys/cron2-gentoo.ov-amd64.crt --key /home/gert/t_client_keys/cron2-gentoo.ov-amd64.key --remote-cert-tls server --nobind --comp-lzo --verb 3 --tls-cert-profile insecure --dev tun --proto udp6 --remote conn-test-server.openvpn.org --port 51194 --push-peer-info --setenv UV_WANT_DNS dns --dns-updown ./distro/dns-scripts/dns-updown --script-security 2 ``` and the server pushes ``` dns server 1 resolve-domains open.vpn,dns server 1 address 10.194.0.1,dns server 1 address fd00:abcd:194::1,dns server 2 resolve-domains open.vpn,dns server 2 address 10.194.1.1,dns server 2 address fd00:abcd:194:1::1 ``` client logs ``` 2025-05-02 18:42:38 distro/dns-scripts/dns-updown setting DNS using resolv.conf file 2025-05-02 18:42:38 dns up command exited with status 0 ``` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/838?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ifbe4ffb44d3bfcaa50adb38cacb3436fcdc71b10 Gerrit-Change-Number: 838 Gerrit-PatchSet: 22 Gerrit-Owner: d12fk <he...@openvpn.net> Gerrit-Reviewer: cron2 <g...@greenie.muc.de> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Attention: d12fk <he...@openvpn.net> Gerrit-Comment-Date: Fri, 02 May 2025 17:13:48 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
