Re: [Openvpn-users] Remote DNS server

Mon, 11 Dec 2023 03:45:21 -0800 

On 11/12/2023 11:09, Jason Long wrote:

On 06/12/2023 11:09, Jason Long via Openvpn-users wrote:



Hello,
Suppose the OpenVPN server is located in another country, but the DNS server is 
inside the company. What options should be included in the server and client 
configuration >file?

Thank you.



For OpenVPN 2.6 and newer, the new --dns option is preferred.
For OpenVPN 2.5 and older, use --dhcp-option.



If you operate in a mixed environment with clients running both 2.5 and
2.6, you can push both --dns and --dhcp-option from the server to
clients (via --push).  And once all your client is updated to 2.6,
remove the --dhcp-option.



The reason for preferring --dns is that it should have a consistent
behavior across platforms.  The --dhcp-option has several corner cases
where it does slightly different things depending on if you're on
Windows, macOS or Linux.  *BSD and some Linux setups will not do the DNS
setup out-of-the-box and will require additional script hooks to be
enabled (the exception is when starting VPN sessions via
NetworkManager).  Hosts running OpenVPN 3 Linux will get DNS setup
out-of-the-box, and that should support the --dns option as well.




--
kind regards,



David Sommerseth
OpenVPN Inc




Hello,
Thank you so much.
Do you mean the below lines for "server.conf":

OpenVPN 2.5        ==> push "dhcp-option DNS IP"
OpenVPN 2.6        ==> dns IP

?


I'm pretty sure I said:

>> you can push both --dns and --dhcp-option from the server to
>> clients (via --push)



Do clients need special settings?


What makes you think so?  Wouldn't that defeat the purpose of --push?


Now, as I said ... If you have both OpenVPN 2.5 and OpenVPN 2.6 clients 
connecting, you should push *both*  dhcp-option and dns option(s) until 
all your clients are running OpenVPn 2.6.  OpenVPN 2.5 does only support 
dhcp-options.  OpenVPN 2.6 supports both, but will prefer --dns options 
over dhcp-options for DNS configurations.




Is "dns search-domains domain [domain ...]" necessary? For example, your local network 
has a domain like "example.xyz".



Depends on your own requirements for your DNS setup.  The man page 
explains what it does.  On *nix systems, this maps to the "search" line 
in /etc/resolv.conf.



--
kind regards,

David Sommerseth
OpenVPN Inc



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to