{"id":10806,"date":"2021-11-09T00:18:35","date_gmt":"2021-11-08T21:18:35","guid":{"rendered":"https:\/\/kifarunix.com\/?p=10806"},"modified":"2024-03-18T08:13:32","modified_gmt":"2024-03-18T05:13:32","slug":"configure-openvpn-clients-to-use-specific-dns-server","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-openvpn-clients-to-use-specific-dns-server\/","title":{"rendered":"Configure OpenVPN Clients to use specific DNS Server"},"content":{"rendered":"\n<p>This is a quick tutorial on how to configure OpenVPN clients to use specific DNS server. <a href=\"https:\/\/openvpn.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenVPN<\/a> server can be configured to enable the clients to use specific <a href=\"https:\/\/www.cloudflare.com\/learning\/dns\/what-is-dns\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">DNS<\/a> server for hostname resolution.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#install-and-configure-open-vpn-server\">Install and Configure OpenVPN Server<\/a><\/li><li><a href=\"#configuring-open-vpn-clients-to-use-specific-dns-server\">Configuring OpenVPN Clients to use specific DNS Server<\/a><ul><li><a href=\"#push-dns-addresses-to-clients-from-open-vpn-server\">Push DNS addresses to Clients from OpenVPN Server<\/a><\/li><li><a href=\"#define-dns-addresses-on-open-vpn-client-config\">Define DNS addresses on OpenVPN Client config<\/a><\/li><li><a href=\"#use-specific-dns-server-with-open-vpn-clients\"> Use specific DNS Server with OpenVPN Clients<\/a><ul><li><a href=\"#on-ubuntu-debian-systems\">On Ubuntu\/Debian Systems:<\/a><\/li><li><a href=\"#on-cent-os-rhel-rocky-linux\">On CentOS\/RHEL\/Rocky Linux:<\/a><\/li><\/ul><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-and-configure-open-vpn-server\">Install and Configure OpenVPN Server<\/h2>\n\n\n\n<p>In our previous tutorials, we have covered <a href=\"https:\/\/kifarunix.com\/?s=openvpn+server\">how to install and configure OpenVPN server<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configuring-open-vpn-clients-to-use-specific-dns-server\">Configuring OpenVPN Clients to use specific DNS Server<\/h2>\n\n\n\n<p>To use specific DNS server with OpenVPN clients;<\/p>\n\n\n\n<p>There are various ways in which you can push specific DNS servers for name resolution.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#push-dns-to-clients\">Push DNS addresses to Clients from OpenVPN Server<\/a><\/li>\n\n\n\n<li><a href=\"#dns-on-client\">Define DNS addresses on OpenVPN Client config<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"push-dns-addresses-to-clients-from-open-vpn-server\">Push DNS addresses to Clients from OpenVPN Server<\/h3>\n\n\n\n<p>To configure OpenVPN server to push DNS addresses to clients, edit the OpenVPN server configuration file and add the line;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>push \"dhcp-option DNS X.X.X.X\"<\/code><\/pre>\n\n\n\n<p>Where <code>X.X.X.X<\/code> is the DNS server IP address.<\/p>\n\n\n\n<p>You can add multiple DNS server entries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>push \"dhcp-option DNS 192.168.58.22\"\npush \"dhcp-option DNS 8.8.8.8\"<\/code><\/pre>\n\n\n\n<p>To specify the DNS domain part;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>push \"dhcp-option DOMAIN DOMAIN-NAME\"<\/code><\/pre>\n\n\n\n<p>For example;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>push \"dhcp-option DOMAIN kifarunix-demo.com\"<\/code><\/pre>\n\n\n\n<p>Here is a sample of my OpenVPN server configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/openvpn\/server\/server.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nport 1194\nproto udp\ndev tun\nca ca.crt\ncert issued\/server.crt\nkey private\/server.key  # This file should be kept secret\ndh dh.pem\ntopology subnet\nserver 10.8.0.0 255.255.255.0\nifconfig-pool-persist \/var\/log\/openvpn\/ipp.txt\npush \"redirect-gateway def1 bypass-dhcp\"\npush \"dhcp-option DNS 192.168.58.22\"\npush \"dhcp-option DNS 8.8.8.8\"\npush \"dhcp-option DOMAIN kifarunix-demo.com\"\nclient-to-client\nkeepalive 10 120\ntls-auth ta.key 0 # This file is secret\ncipher AES-256-CBC\ndata-ciphers AES-256-CBC\ncomp-lzo no\npersist-key\npersist-tun\nstatus \/var\/log\/openvpn\/openvpn-status.log\nlog-append  \/var\/log\/openvpn\/openvpn.log\nverb 3\nexplicit-exit-notify 1\nauth SHA512\n<\/code><\/pre>\n\n\n\n<p>Restart DNS Server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart openvpn-server@server.service<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"define-dns-addresses-on-open-vpn-client-config\">Define DNS addresses on OpenVPN Client config<\/h3>\n\n\n\n<p>If you dont have access to the OpenVPN server to enforce the above configurations, then you can edit your OpenVPN client configuration file and add the lines;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dhcp-option DNS X.X.X.X\ndhcp-option DNS DNS-IP-1\ndhcp-option DNS DNS-IP-2\npush \"dhcp-option DOMAIN DOMAIN-NAME\"<\/code><\/pre>\n\n\n\n<p>Here is a sample OpenVPN client;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat client-1.ovpn<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nclient\ntls-client\npull\ndev tun\nproto udp4\nremote 192.168.58.22 1194\nresolv-retry infinite\nnobind\n#user nobody\n#group nogroup\npersist-key\npersist-tun\nkey-direction 1\nremote-cert-tls server\nauth-nocache\ncomp-lzo\nverb 3\nauth SHA512\ncipher AES-256-CBC\ndata-ciphers AES-256-CBC\ncomp-lzo no\n<tls-auth>\n#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\nec31b288a9a3865c4b5f3583b481ff5c\n434e957be6569ed573a58a102ce53efc\nb9528f15f5412046c5a603e6916b565b\nfe2c6a0f955dcec2d3f7e6cec7e373bb\ndff40b041f1488d4177c3de04bdff43b\ne361eff6328c499621e0846ec72565ef\n734fc02e51540d1c5c19102156a080f7\nfde124822bf6fc802dff9facf24998de\n6f91f081dafcdd28f4bca9223afe694d\n12d57beb6aed96753d651a2ca4722214\n5fa87829b9f53f2ccb89d9f15112c9cd\n3594ead75bc1df737b50188c2829d724\n3aff136577b3c79e6f863112aadf5aeb\n8b6d53c607874c71104acfa22e587bd3\n22b14a2c0a91e15569d99d5e35a52a8b\n0aa4f24ccf10d8757dfd75da14fd21ac\n-----END OpenVPN Static key V1-----\n<\/tls-auth>\n<ca>\n-----BEGIN CERTIFICATE-----\nMIIDSzCCAjOgAwIBAgIUW5NhoHubpdB2QE1IdTqCZeD4CK4wDQYJKoZIhvcNAQEL\nBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcxNDQ4WhcNMzEx\nMTAzMTcxNDQ4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBALGvwj57vpugazdMtjIVngKybzapSfT7rm1Rv+d2\nSssBwsTf4kDXqfwQiQLPEDo5mpxIO1XBEhsNS3CeBBSfGHgvT3EbiXKLS0mpMiIK\nnayJJh2+v3xg+3EU5jemNJ8p3iqsWz566ds\/C6haZsp9cM5oGBOOSbHOMJo4S6+6\nXmZfi8sdCWlSxrntd74MmEPI7wvmClA5xaM3hfzpHXdhrcTr9JDVMf0sYSkXUbc5\nnyDQrLtcZiVyoPCJxB41OoTYd1aLDV\/7F+A6ShSQSw\/04jQq3yoyQd9qMZUfPieE\nedjBiVtaN\/ecNGdJM7u7k2L3ADe+ObX9o3Dq6evmxWPUtSECAwEAAaOBkDCBjTAd\nBgNVHQ4EFgQUvMfE2qXU2IZw4c5X+i48cGji1\/owUQYDVR0jBEowSIAUvMfE2qXU\n2IZw4c5X+i48cGji1\/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRbk2Gg\ne5ul0HZATUh1OoJl4PgIrjAMBgNVHRMEBTADAQH\/MAsGA1UdDwQEAwIBBjANBgkq\nhkiG9w0BAQsFAAOCAQEAn5mckexf90rXn\/xjzhKSbc2pNarQJ\/YcmQ5xpRwv8D6x\nGQieEk9BB8iWzaufH0cW+LI80zZYpjMg1qygKDoPIRryn0MVsr03XRCxnQRlkC7f\now62PMXOp31ru1vq0ar\/BjYE9EhQVEFdErhmc0FMmrkWP7H5rwRX7GO5T3wNfO3q\n+rftpJiCVeY4lFWyNuHKZv3n8DtfwOoT5ybpJ31\/mn6i\/SWfaJa5gY9I8+jh6q7m\nbRcTvNQk+G1ApgJZuoV5shAPZg6oJZVvU9q8FryMmcPxB4dTZwA3NIZfjQs8Q7lD\nB0\/XhJ+bjQvtC2YLfNLZgsEwOrUGs+ZCbL3T1FyLpg==\n-----END CERTIFICATE-----\n<\/ca>\n<cert>\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            a8:92:f9:c5:d7:40:22:75:38:b8:b6:b6:1e:b1:8c:2c\n        Signature Algorithm: sha256WithRSAEncryption\n        Issuer: CN=Easy-RSA CA\n        Validity\n            Not Before: Nov  5 17:20:19 2021 GMT\n            Not After : Feb  8 17:20:19 2024 GMT\n        Subject: CN=koromicha\n        Subject Public Key Info:\n            Public Key Algorithm: rsaEncryption\n                RSA Public-Key: (2048 bit)\n                Modulus:\n                    00:d1:f5:5f:c8:1e:6c:c5:35:fe:9a:68:d1:91:2d:\n                    cb:11:b3:08:ed:47:3a:b8:32:74:df:f1:b7:78:be:\n                    25:fc:95:73:be:6b:de:c8:89:1d:39:5e:72:4d:ea:\n                    a3:13:2a:c9:29:44:2e:17:fc:48:d9:6c:8b:2f:ca:\n                    a4:e5:90:43:a9:8b:a2:7a:bb:b5:c8:7a:6a:fe:9d:\n                    4b:aa:67:78:e8:3f:53:9e:9d:b3:25:77:a1:22:f3:\n                    b1:f0:82:97:9e:f5:14:b2:93:de:c5:20:84:05:54:\n                    d5:70:ad:d5:4f:41:04:a6:56:04:08:e9:45:ea:eb:\n                    c2:00:da:ee:1b:b4:30:74:c5:9e:76:6d:49:0c:8c:\n                    7e:45:8a:e5:93:1a:d0:f6:70:1a:73:df:b2:eb:68:\n                    2d:7a:1e:68:00:9e:b1:1f:1d:14:75:1b:89:56:b2:\n                    e8:8e:84:e6:ea:39:50:93:0d:0e:30:6d:fc:97:3e:\n                    6a:66:c3:cc:f3:93:12:5c:38:b4:62:ef:58:7f:a7:\n                    70:05:2c:2d:f0:54:5e:7e:7a:98:ea:af:8d:6d:2e:\n                    9c:47:80:1f:26:67:b4:2d:44:11:2f:6d:a5:9a:96:\n                    7f:b5:ae:f8:48:61:ca:5c:f8:d5:1b:44:40:8b:fc:\n                    97:01:5e:15:24:28:c6:24:81:39:d4:e0:3d:1f:81:\n                    9a:11\n                Exponent: 65537 (0x10001)\n        X509v3 extensions:\n            X509v3 Basic Constraints: \n                CA:FALSE\n            X509v3 Subject Key Identifier: \n                B1:97:65:D8:90:01:7E:57:CA:11:73:4D:E2:E3:83:6F:71:B9:1B:6E\n            X509v3 Authority Key Identifier: \n                keyid:BC:C7:C4:DA:A5:D4:D8:86:70:E1:CE:57:FA:2E:3C:70:68:E2:D7:FA\n                DirName:\/CN=Easy-RSA CA\n                serial:5B:93:61:A0:7B:9B:A5:D0:76:40:4D:48:75:3A:82:65:E0:F8:08:AE\n\n            X509v3 Extended Key Usage: \n                TLS Web Client Authentication\n            X509v3 Key Usage: \n                Digital Signature\n    Signature Algorithm: sha256WithRSAEncryption\n         57:ae:78:40:08:84:4f:4a:ec:53:b3:85:96:e8:c9:25:2b:3f:\n         37:16:37:53:e4:7b:eb:c5:0b:29:36:75:44:75:cc:47:a2:b1:\n         3a:fa:a1:07:88:89:99:b4:6e:21:82:1a:8e:42:1d:6c:b9:b5:\n         e2:21:85:55:a8:34:9e:80:52:27:81:c2:f7:af:e7:94:27:bf:\n         cb:7c:a2:cf:39:90:95:95:29:75:a1:c7:9c:68:5b:5e:5c:aa:\n         81:3d:c7:8a:79:54:9c:bc:9c:73:a2:76:02:56:42:56:4f:82:\n         80:23:0e:a3:8d:2f:86:0e:3e:08:7d:a8:b6:55:e7:2a:8f:6b:\n         4a:68:99:93:44:57:02:19:11:7d:cc:cf:05:a6:ce:4a:a0:41:\n         df:a1:88:8e:b3:0d:f3:67:cf:f9:82:27:41:bc:3b:4e:fb:7f:\n         60:e5:43:bb:7f:61:63:71:89:cf:55:fc:ce:82:bb:8c:2a:11:\n         9b:e7:e0:97:e3:ba:e0:cd:b0:12:35:56:41:58:62:0d:63:58:\n         ec:55:50:2b:82:5a:b5:4f:42:23:c7:e8:e6:8a:91:10:8b:a2:\n         40:47:85:ed:98:7f:e5:df:96:06:30:6b:ec:6f:9c:2d:5a:5a:\n         0a:71:fb:e2:1d:3e:f6:35:cd:ec:19:9b:67:c2:44:e3:b7:b6:\n         9f:81:51:c5\n-----BEGIN CERTIFICATE-----\nMIIDWDCCAkCgAwIBAgIRAKiS+cXXQCJ1OLi2th6xjCwwDQYJKoZIhvcNAQELBQAw\nFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcyMDE5WhcNMjQwMjA4\nMTcyMDE5WjAUMRIwEAYDVQQDDAlrb3JvbWljaGEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDR9V\/IHmzFNf6aaNGRLcsRswjtRzq4MnTf8bd4viX8lXO+\na97IiR05XnJN6qMTKskpRC4X\/EjZbIsvyqTlkEOpi6J6u7XIemr+nUuqZ3joP1Oe\nnbMld6Ei87Hwgpee9RSyk97FIIQFVNVwrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52\nbUkMjH5FiuWTGtD2cBpz37LraC16HmgAnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyX\nPmpmw8zzkxJcOLRi71h\/p3AFLC3wVF5+epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1\nrvhIYcpc+NUbRECL\/JcBXhUkKMYkgTnU4D0fgZoRAgMBAAGjgaIwgZ8wCQYDVR0T\nBAIwADAdBgNVHQ4EFgQUsZdl2JABflfKEXNN4uODb3G5G24wUQYDVR0jBEowSIAU\nvMfE2qXU2IZw4c5X+i48cGji1\/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB\nghRbk2Gge5ul0HZATUh1OoJl4PgIrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV\nHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFeueEAIhE9K7FOzhZboySUrPzcW\nN1Pke+vFCyk2dUR1zEeisTr6oQeIiZm0biGCGo5CHWy5teIhhVWoNJ6AUieBwvev\n55Qnv8t8os85kJWVKXWhx5xoW15cqoE9x4p5VJy8nHOidgJWQlZPgoAjDqONL4YO\nPgh9qLZV5yqPa0pomZNEVwIZEX3MzwWmzkqgQd+hiI6zDfNnz\/mCJ0G8O077f2Dl\nQ7t\/YWNxic9V\/M6Cu4wqEZvn4JfjuuDNsBI1VkFYYg1jWOxVUCuCWrVPQiPH6OaK\nkRCLokBHhe2Yf+XflgYwa+xvnC1aWgpx++IdPvY1zewZm2fCROO3tp+BUcU=\n-----END CERTIFICATE-----\n<\/cert>\n<key>\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9V\/IHmzFNf6a\naNGRLcsRswjtRzq4MnTf8bd4viX8lXO+a97IiR05XnJN6qMTKskpRC4X\/EjZbIsv\nyqTlkEOpi6J6u7XIemr+nUuqZ3joP1OenbMld6Ei87Hwgpee9RSyk97FIIQFVNVw\nrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52bUkMjH5FiuWTGtD2cBpz37LraC16HmgA\nnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyXPmpmw8zzkxJcOLRi71h\/p3AFLC3wVF5+\nepjqr41tLpxHgB8mZ7QtRBEvbaWaln+1rvhIYcpc+NUbRECL\/JcBXhUkKMYkgTnU\n4D0fgZoRAgMBAAECggEBAMBTVd7Zx+dK06Ob+sRTP15CMx4vjmFmjtsI73jiLafX\nO0QmSdhGiYegtXIcSi9nlQeBFfwQtKa+IC2yIiTLZr+rUjW9NwKi6Nm9Oq+owv9z\n6uQ0LwNWNzvuIYRgDAWnGMOQYpMOewDrOe1Sv0AvHdREnMOQ8+QC\/B6ObWjhQTXk\nmqyvCY2IEg22upif5kDPLul6FtGuGwzUQwxYVfyOem0ECVJ4yotuS4ie8D36fxKD\nutY18RJGhG9J1gRHJmQYcuB9jRkuVuno8pBdR3jabCE68DzpzOXvV4LHTIAxJtEz\nNEZbzgwmf7TPg84pahaLYQOyxQpu8P6xm6QhBfTEPAECgYEA+UIKiGTlvy\/EX8st\n5I7PI8yhPJI8fbq\/9oqjd5nwsUbzngdeuyy7HxruzAPQA\/bFGSTikyf9jHPYAqZ0\n7GGx9KCgbXyGNUk90ipHEqzXomrEjIh9y3qAQu+VLt4XILAfrDgV+QUITXIsRCnY\ntOg4CdUJFJg5uQblR\/AZCSx+9MECgYEA16M1SiSImoydUKvtl+4Jzqn4CSg3cKya\nxWWtXYQLrh6PMOoKy\/idGV6Xcl5H57xASqxjehyL5VzaBw6mSmcIuuovbuMWpI4Q\nzVZQEgizsDtEFNr8tQ+qtlXR7DwEkUOLtfQaULDD9LR1OMM06x9Py9UxCbfi3\/Dl\nKod8GFazaVECgYAleV1WBj1YUhknAcgDjcjsq+4tyhqYGISVz2AmMhmyvWURBDCk\n2WPEmGsAdy5F+krFrfr2ftOq0xvNwjLf+wwjKCcWbttKlZlayIpo7114CK9GJZss\nBV3VMmnuYut9OZ15afE7wBrwcdLf6J6xDByotcOouf4rqDK+bwWEkJEBwQKBgQDN\n4OIhDq5puDT+b5fhhYBRkw\/gVkhQSEtgigoyjb7FGCIoVlvGkHAVZ616oS9Pvfk4\nEkzLqnOaocL8F+2GfcblBnARE7lrlMPP+EdsYGiGqp7+tnGtwO6BNYC+ZjMKKg46\nw3tYbNw6RwzgC+f7UCLUfpBaMfnnS0zRBRfi+OxEcQKBgEMEes7DT5sqoQkam9lk\nAmP8NK+eAoB7RWk8A1ADBlz48xmIH\/lR99su9bWWd0xthYuBvx3ZpPRTqp0Z2ehm\n7w3jnw+A7BZn1\/gmcXLCXexQl+tn0nfm87xpwXCDmHjZzdldzLMpjOMHZDmOcufN\ny30Rsmt3vdeo5Rv+whSSypnq\n-----END PRIVATE KEY-----\n<\/key>\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"use-specific-dns-server-with-open-vpn-clients\"> Use specific DNS Server with OpenVPN Clients<\/h3>\n\n\n\n<p>So depending on the method you used above to define the DNS server address you can proceed as follows.<\/p>\n\n\n\n<p>In this tutorial, we are using a Linux system, specifically, Debian 11\/Rocky Linux 8 as our OpenVPN clients for demonstration purposes.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"on-ubuntu-debian-systems\">On Ubuntu\/Debian Systems:<\/h4>\n\n\n\n<p>install <strong>openresol<\/strong> package.On Ubuntu\/Debian systems;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install openresolv<\/code><\/pre>\n\n\n\n<p>Next, edit the OpenVPN client configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim client-1.ovpn<\/code><\/pre>\n\n\n\n<p>and add the lines below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>script-security 2\nup \/etc\/openvpn\/update-resolv-conf\ndown \/etc\/openvpn\/update-resolv-conf<\/code><\/pre>\n\n\n\n<p>See my sample updated OpenVPN client configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat client-1.ovpn<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nclient\ntls-client\npull\ndev tun\nproto udp4\nremote 192.168.58.22 1194\nresolv-retry infinite\nnobind\npersist-key\npersist-tun\nkey-direction 1\nremote-cert-tls server\nauth-nocache\ncomp-lzo\nverb 3\nauth SHA512\ncipher AES-256-CBC\ndata-ciphers AES-256-CBC\ncomp-lzo no\n<strong>script-security 2\nup \/etc\/openvpn\/update-resolv-conf\ndown \/etc\/openvpn\/update-resolv-conf<\/strong>\n<tls-auth>\n-----BEGIN OpenVPN Static key V1-----\nec31b288a9a3865c4b5f3583b481ff5c\n434e957be6569ed573a58a102ce53efc\nb9528f15f5412046c5a603e6916b565b\nfe2c6a0f955dcec2d3f7e6cec7e373bb\ndff40b041f1488d4177c3de04bdff43b\ne361eff6328c499621e0846ec72565ef\n734fc02e51540d1c5c19102156a080f7\nfde124822bf6fc802dff9facf24998de\n6f91f081dafcdd28f4bca9223afe694d\n12d57beb6aed96753d651a2ca4722214\n5fa87829b9f53f2ccb89d9f15112c9cd\n3594ead75bc1df737b50188c2829d724\n3aff136577b3c79e6f863112aadf5aeb\n8b6d53c607874c71104acfa22e587bd3\n22b14a2c0a91e15569d99d5e35a52a8b\n0aa4f24ccf10d8757dfd75da14fd21ac\n-----END OpenVPN Static key V1-----\n<\/tls-auth>\n<ca>\n-----BEGIN CERTIFICATE-----\nMIIDSzCCAjOgAwIBAgIUW5NhoHubpdB2QE1IdTqCZeD4CK4wDQYJKoZIhvcNAQEL\nBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcxNDQ4WhcNMzEx\nMTAzMTcxNDQ4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBALGvwj57vpugazdMtjIVngKybzapSfT7rm1Rv+d2\nSssBwsTf4kDXqfwQiQLPEDo5mpxIO1XBEhsNS3CeBBSfGHgvT3EbiXKLS0mpMiIK\nnayJJh2+v3xg+3EU5jemNJ8p3iqsWz566ds\/C6haZsp9cM5oGBOOSbHOMJo4S6+6\nXmZfi8sdCWlSxrntd74MmEPI7wvmClA5xaM3hfzpHXdhrcTr9JDVMf0sYSkXUbc5\nnyDQrLtcZiVyoPCJxB41OoTYd1aLDV\/7F+A6ShSQSw\/04jQq3yoyQd9qMZUfPieE\nedjBiVtaN\/ecNGdJM7u7k2L3ADe+ObX9o3Dq6evmxWPUtSECAwEAAaOBkDCBjTAd\nBgNVHQ4EFgQUvMfE2qXU2IZw4c5X+i48cGji1\/owUQYDVR0jBEowSIAUvMfE2qXU\n2IZw4c5X+i48cGji1\/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRbk2Gg\ne5ul0HZATUh1OoJl4PgIrjAMBgNVHRMEBTADAQH\/MAsGA1UdDwQEAwIBBjANBgkq\nhkiG9w0BAQsFAAOCAQEAn5mckexf90rXn\/xjzhKSbc2pNarQJ\/YcmQ5xpRwv8D6x\nGQieEk9BB8iWzaufH0cW+LI80zZYpjMg1qygKDoPIRryn0MVsr03XRCxnQRlkC7f\now62PMXOp31ru1vq0ar\/BjYE9EhQVEFdErhmc0FMmrkWP7H5rwRX7GO5T3wNfO3q\n+rftpJiCVeY4lFWyNuHKZv3n8DtfwOoT5ybpJ31\/mn6i\/SWfaJa5gY9I8+jh6q7m\nbRcTvNQk+G1ApgJZuoV5shAPZg6oJZVvU9q8FryMmcPxB4dTZwA3NIZfjQs8Q7lD\nB0\/XhJ+bjQvtC2YLfNLZgsEwOrUGs+ZCbL3T1FyLpg==\n-----END CERTIFICATE-----\n<\/ca>\n<cert>\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            a8:92:f9:c5:d7:40:22:75:38:b8:b6:b6:1e:b1:8c:2c\n        Signature Algorithm: sha256WithRSAEncryption\n        Issuer: CN=Easy-RSA CA\n        Validity\n            Not Before: Nov  5 17:20:19 2021 GMT\n            Not After : Feb  8 17:20:19 2024 GMT\n        Subject: CN=koromicha\n        Subject Public Key Info:\n            Public Key Algorithm: rsaEncryption\n                RSA Public-Key: (2048 bit)\n                Modulus:\n                    00:d1:f5:5f:c8:1e:6c:c5:35:fe:9a:68:d1:91:2d:\n                    cb:11:b3:08:ed:47:3a:b8:32:74:df:f1:b7:78:be:\n                    25:fc:95:73:be:6b:de:c8:89:1d:39:5e:72:4d:ea:\n                    a3:13:2a:c9:29:44:2e:17:fc:48:d9:6c:8b:2f:ca:\n                    a4:e5:90:43:a9:8b:a2:7a:bb:b5:c8:7a:6a:fe:9d:\n                    4b:aa:67:78:e8:3f:53:9e:9d:b3:25:77:a1:22:f3:\n                    b1:f0:82:97:9e:f5:14:b2:93:de:c5:20:84:05:54:\n                    d5:70:ad:d5:4f:41:04:a6:56:04:08:e9:45:ea:eb:\n                    c2:00:da:ee:1b:b4:30:74:c5:9e:76:6d:49:0c:8c:\n                    7e:45:8a:e5:93:1a:d0:f6:70:1a:73:df:b2:eb:68:\n                    2d:7a:1e:68:00:9e:b1:1f:1d:14:75:1b:89:56:b2:\n                    e8:8e:84:e6:ea:39:50:93:0d:0e:30:6d:fc:97:3e:\n                    6a:66:c3:cc:f3:93:12:5c:38:b4:62:ef:58:7f:a7:\n                    70:05:2c:2d:f0:54:5e:7e:7a:98:ea:af:8d:6d:2e:\n                    9c:47:80:1f:26:67:b4:2d:44:11:2f:6d:a5:9a:96:\n                    7f:b5:ae:f8:48:61:ca:5c:f8:d5:1b:44:40:8b:fc:\n                    97:01:5e:15:24:28:c6:24:81:39:d4:e0:3d:1f:81:\n                    9a:11\n                Exponent: 65537 (0x10001)\n        X509v3 extensions:\n            X509v3 Basic Constraints: \n                CA:FALSE\n            X509v3 Subject Key Identifier: \n                B1:97:65:D8:90:01:7E:57:CA:11:73:4D:E2:E3:83:6F:71:B9:1B:6E\n            X509v3 Authority Key Identifier: \n                keyid:BC:C7:C4:DA:A5:D4:D8:86:70:E1:CE:57:FA:2E:3C:70:68:E2:D7:FA\n                DirName:\/CN=Easy-RSA CA\n                serial:5B:93:61:A0:7B:9B:A5:D0:76:40:4D:48:75:3A:82:65:E0:F8:08:AE\n\n            X509v3 Extended Key Usage: \n                TLS Web Client Authentication\n            X509v3 Key Usage: \n                Digital Signature\n    Signature Algorithm: sha256WithRSAEncryption\n         57:ae:78:40:08:84:4f:4a:ec:53:b3:85:96:e8:c9:25:2b:3f:\n         37:16:37:53:e4:7b:eb:c5:0b:29:36:75:44:75:cc:47:a2:b1:\n         3a:fa:a1:07:88:89:99:b4:6e:21:82:1a:8e:42:1d:6c:b9:b5:\n         e2:21:85:55:a8:34:9e:80:52:27:81:c2:f7:af:e7:94:27:bf:\n         cb:7c:a2:cf:39:90:95:95:29:75:a1:c7:9c:68:5b:5e:5c:aa:\n         81:3d:c7:8a:79:54:9c:bc:9c:73:a2:76:02:56:42:56:4f:82:\n         80:23:0e:a3:8d:2f:86:0e:3e:08:7d:a8:b6:55:e7:2a:8f:6b:\n         4a:68:99:93:44:57:02:19:11:7d:cc:cf:05:a6:ce:4a:a0:41:\n         df:a1:88:8e:b3:0d:f3:67:cf:f9:82:27:41:bc:3b:4e:fb:7f:\n         60:e5:43:bb:7f:61:63:71:89:cf:55:fc:ce:82:bb:8c:2a:11:\n         9b:e7:e0:97:e3:ba:e0:cd:b0:12:35:56:41:58:62:0d:63:58:\n         ec:55:50:2b:82:5a:b5:4f:42:23:c7:e8:e6:8a:91:10:8b:a2:\n         40:47:85:ed:98:7f:e5:df:96:06:30:6b:ec:6f:9c:2d:5a:5a:\n         0a:71:fb:e2:1d:3e:f6:35:cd:ec:19:9b:67:c2:44:e3:b7:b6:\n         9f:81:51:c5\n-----BEGIN CERTIFICATE-----\nMIIDWDCCAkCgAwIBAgIRAKiS+cXXQCJ1OLi2th6xjCwwDQYJKoZIhvcNAQELBQAw\nFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcyMDE5WhcNMjQwMjA4\nMTcyMDE5WjAUMRIwEAYDVQQDDAlrb3JvbWljaGEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDR9V\/IHmzFNf6aaNGRLcsRswjtRzq4MnTf8bd4viX8lXO+\na97IiR05XnJN6qMTKskpRC4X\/EjZbIsvyqTlkEOpi6J6u7XIemr+nUuqZ3joP1Oe\nnbMld6Ei87Hwgpee9RSyk97FIIQFVNVwrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52\nbUkMjH5FiuWTGtD2cBpz37LraC16HmgAnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyX\nPmpmw8zzkxJcOLRi71h\/p3AFLC3wVF5+epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1\nrvhIYcpc+NUbRECL\/JcBXhUkKMYkgTnU4D0fgZoRAgMBAAGjgaIwgZ8wCQYDVR0T\nBAIwADAdBgNVHQ4EFgQUsZdl2JABflfKEXNN4uODb3G5G24wUQYDVR0jBEowSIAU\nvMfE2qXU2IZw4c5X+i48cGji1\/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB\nghRbk2Gge5ul0HZATUh1OoJl4PgIrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV\nHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFeueEAIhE9K7FOzhZboySUrPzcW\nN1Pke+vFCyk2dUR1zEeisTr6oQeIiZm0biGCGo5CHWy5teIhhVWoNJ6AUieBwvev\n55Qnv8t8os85kJWVKXWhx5xoW15cqoE9x4p5VJy8nHOidgJWQlZPgoAjDqONL4YO\nPgh9qLZV5yqPa0pomZNEVwIZEX3MzwWmzkqgQd+hiI6zDfNnz\/mCJ0G8O077f2Dl\nQ7t\/YWNxic9V\/M6Cu4wqEZvn4JfjuuDNsBI1VkFYYg1jWOxVUCuCWrVPQiPH6OaK\nkRCLokBHhe2Yf+XflgYwa+xvnC1aWgpx++IdPvY1zewZm2fCROO3tp+BUcU=\n-----END CERTIFICATE-----\n<\/cert>\n<key>\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9V\/IHmzFNf6a\naNGRLcsRswjtRzq4MnTf8bd4viX8lXO+a97IiR05XnJN6qMTKskpRC4X\/EjZbIsv\nyqTlkEOpi6J6u7XIemr+nUuqZ3joP1OenbMld6Ei87Hwgpee9RSyk97FIIQFVNVw\nrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52bUkMjH5FiuWTGtD2cBpz37LraC16HmgA\nnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyXPmpmw8zzkxJcOLRi71h\/p3AFLC3wVF5+\nepjqr41tLpxHgB8mZ7QtRBEvbaWaln+1rvhIYcpc+NUbRECL\/JcBXhUkKMYkgTnU\n4D0fgZoRAgMBAAECggEBAMBTVd7Zx+dK06Ob+sRTP15CMx4vjmFmjtsI73jiLafX\nO0QmSdhGiYegtXIcSi9nlQeBFfwQtKa+IC2yIiTLZr+rUjW9NwKi6Nm9Oq+owv9z\n6uQ0LwNWNzvuIYRgDAWnGMOQYpMOewDrOe1Sv0AvHdREnMOQ8+QC\/B6ObWjhQTXk\nmqyvCY2IEg22upif5kDPLul6FtGuGwzUQwxYVfyOem0ECVJ4yotuS4ie8D36fxKD\nutY18RJGhG9J1gRHJmQYcuB9jRkuVuno8pBdR3jabCE68DzpzOXvV4LHTIAxJtEz\nNEZbzgwmf7TPg84pahaLYQOyxQpu8P6xm6QhBfTEPAECgYEA+UIKiGTlvy\/EX8st\n5I7PI8yhPJI8fbq\/9oqjd5nwsUbzngdeuyy7HxruzAPQA\/bFGSTikyf9jHPYAqZ0\n7GGx9KCgbXyGNUk90ipHEqzXomrEjIh9y3qAQu+VLt4XILAfrDgV+QUITXIsRCnY\ntOg4CdUJFJg5uQblR\/AZCSx+9MECgYEA16M1SiSImoydUKvtl+4Jzqn4CSg3cKya\nxWWtXYQLrh6PMOoKy\/idGV6Xcl5H57xASqxjehyL5VzaBw6mSmcIuuovbuMWpI4Q\nzVZQEgizsDtEFNr8tQ+qtlXR7DwEkUOLtfQaULDD9LR1OMM06x9Py9UxCbfi3\/Dl\nKod8GFazaVECgYAleV1WBj1YUhknAcgDjcjsq+4tyhqYGISVz2AmMhmyvWURBDCk\n2WPEmGsAdy5F+krFrfr2ftOq0xvNwjLf+wwjKCcWbttKlZlayIpo7114CK9GJZss\nBV3VMmnuYut9OZ15afE7wBrwcdLf6J6xDByotcOouf4rqDK+bwWEkJEBwQKBgQDN\n4OIhDq5puDT+b5fhhYBRkw\/gVkhQSEtgigoyjb7FGCIoVlvGkHAVZ616oS9Pvfk4\nEkzLqnOaocL8F+2GfcblBnARE7lrlMPP+EdsYGiGqp7+tnGtwO6BNYC+ZjMKKg46\nw3tYbNw6RwzgC+f7UCLUfpBaMfnnS0zRBRfi+OxEcQKBgEMEes7DT5sqoQkam9lk\nAmP8NK+eAoB7RWk8A1ADBlz48xmIH\/lR99su9bWWd0xthYuBvx3ZpPRTqp0Z2ehm\n7w3jnw+A7BZn1\/gmcXLCXexQl+tn0nfm87xpwXCDmHjZzdldzLMpjOMHZDmOcufN\ny30Rsmt3vdeo5Rv+whSSypnq\n-----END PRIVATE KEY-----\n<\/key>\n<\/code><\/pre>\n\n\n\n<p>Connect client to VPN;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openvpn client-1.ovpn<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n2021-11-08 14:25:09 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless \"allow-compression yes\" is also set.\n2021-11-08 14:25:09 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH\/PKTINFO] [AEAD] built on May 14 2021\n2021-11-08 14:25:09 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10\n2021-11-08 14:25:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\n2021-11-08 14:25:09 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication\n2021-11-08 14:25:09 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication\n2021-11-08 14:25:09 TCP\/UDP: Preserving recently used remote address: [AF_INET]192.168.58.22:1194\n2021-11-08 14:25:09 Socket Buffers: R=[212992->212992] S=[212992->212992]\n2021-11-08 14:25:09 UDPv4 link local: (not bound)\n2021-11-08 14:25:09 UDPv4 link remote: [AF_INET]192.168.58.22:1194\n2021-11-08 14:25:09 TLS: Initial packet from [AF_INET]192.168.58.22:1194, sid=0a6596f7 2db76aa3\n2021-11-08 14:25:09 VERIFY OK: depth=1, CN=Easy-RSA CA\n2021-11-08 14:25:09 VERIFY KU OK\n2021-11-08 14:25:09 Validating certificate extended key usage\n2021-11-08 14:25:09 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication\n2021-11-08 14:25:09 VERIFY EKU OK\n2021-11-08 14:25:09 VERIFY OK: depth=0, CN=server\n2021-11-08 14:25:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA\n2021-11-08 14:25:09 [server] Peer Connection Initiated with [AF_INET]192.168.58.22:1194\n2021-11-08 14:25:09 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.58.22,dhcp-option DNS 8.8.8.8,dhcp-option DOMAIN kifarunix-demo.com,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-CBC'\n2021-11-08 14:25:09 OPTIONS IMPORT: timers and\/or timeouts modified\n2021-11-08 14:25:09 OPTIONS IMPORT: --ifconfig\/up options modified\n2021-11-08 14:25:09 OPTIONS IMPORT: route options modified\n2021-11-08 14:25:09 OPTIONS IMPORT: route-related options modified\n2021-11-08 14:25:09 OPTIONS IMPORT: --ip-win32 and\/or --dhcp-option options modified\n2021-11-08 14:25:09 OPTIONS IMPORT: peer-id set\n2021-11-08 14:25:09 OPTIONS IMPORT: adjusting link_mtu to 1625\n2021-11-08 14:25:09 OPTIONS IMPORT: data channel crypto options modified\n2021-11-08 14:25:09 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key\n2021-11-08 14:25:09 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication\n2021-11-08 14:25:09 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key\n2021-11-08 14:25:09 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication\n2021-11-08 14:25:09 net_route_v4_best_gw query: dst 0.0.0.0\n2021-11-08 14:25:09 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3\n2021-11-08 14:25:09 ROUTE_GATEWAY 10.0.2.2\/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:36:23:40\n2021-11-08 14:25:09 TUN\/TAP device tun0 opened\n2021-11-08 14:25:09 net_iface_mtu_set: mtu 1500 for tun0\n2021-11-08 14:25:09 net_iface_up: set tun0 up\n2021-11-08 14:25:09 net_addr_v4_add: 10.8.0.2\/24 dev tun0\n<strong>2021-11-08 14:25:09 \/etc\/openvpn\/update-resolv-conf tun0 1500 1625 10.8.0.2 255.255.255.0 init\ndhcp-option DNS 192.168.58.22\ndhcp-option DNS 8.8.8.8\ndhcp-option DOMAIN kifarunix-demo.com<\/strong>\n2021-11-08 14:25:10 net_route_v4_add: 192.168.58.22\/32 via 10.0.2.2 dev [NULL] table 0 metric -1\n2021-11-08 14:25:10 net_route_v4_add: 0.0.0.0\/1 via 10.8.0.1 dev [NULL] table 0 metric -1\n2021-11-08 14:25:10 net_route_v4_add: 128.0.0.0\/1 via 10.8.0.1 dev [NULL] table 0 metric -1\n2021-11-08 14:25:10 Initialization Sequence Completed\n<\/code><\/pre>\n\n\n\n<p>This updates the <code><strong>\/etc\/resolv.conf<\/strong><\/code> file with your custom DNS entries;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># Generated by resolvconf\nsearch kifarunix-demo.com\nnameserver 192.168.58.22\nnameserver 8.8.8.8<\/code><\/pre>\n\n\n\n<p>My internal DNS resolution;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dig debian11.kifarunix-demo.com +short<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>192.168.59.14<\/code><\/pre>\n\n\n\n<p>Refer to our DNS guide;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-bind-dns-server-using-webmin-on-debian-11\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure BIND DNS Server using Webmin on Debian 11<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"on-cent-os-rhel-rocky-linux\">On CentOS\/RHEL\/Rocky Linux:<\/h4>\n\n\n\n<p>install update-systemd-resolved<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone https:\/\/github.com\/jonathanio\/update-systemd-resolved.git\ncd update-systemd-resolved\nmake<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\nSuccessfully installed update-systemd-resolved to \/etc\/openvpn\/scripts\/update-systemd-resolved.\n\nNow would be a good time to update \/etc\/nsswitch.conf:\n\n  # Use systemd-resolved first, then fall back to \/etc\/resolv.conf\n  hosts: files resolve dns myhostname\n  # Use \/etc\/resolv.conf first, then fall back to systemd-resolved\n  hosts: files dns resolve myhostname\n\nYou should also update your OpenVPN configuration:\n\n  setenv PATH \/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin\n  script-security 2\n  up \/etc\/openvpn\/scripts\/update-systemd-resolved\n  up-restart\n  down \/etc\/openvpn\/scripts\/update-systemd-resolved\n  down-pre\n\nor pass &#8211;config \/etc\/openvpn\/scripts\/update-systemd-resolved.conf\nin addition to any other &#8211;config arguments to your openvpn command.\n\n\n\n<p>Next, enable <code>systemd-resolved.service<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now systemd-resolved.service<\/code><\/pre>\n\n\n\n<p>Update<strong> <\/strong>the <code>\/etc\/nsswitch.conf<\/code>&nbsp;file to look up DNS via the&nbsp;<code>resolve<\/code> (systemd-resolved.service)&nbsp;service. (Use \/etc\/resolv.conf first, then fall back to systemd-resolved)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i '\/hosts:\/s\/dns\/dns resolve\/' \/etc\/nsswitch.conf<\/code><\/pre>\n\n\n\n<p>Next, update the client configuration file to include the lines;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>setenv PATH \/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin\nscript-security 2\nup \/etc\/openvpn\/scripts\/update-systemd-resolved\nup-restart\ndown \/etc\/openvpn\/scripts\/update-systemd-resolved\ndown-pre<\/code><\/pre>\n\n\n\n<p>And this is how my sample config looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat client-1.ovpn<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nclient\ntls-client\npull\ndev tun\nproto udp4\nremote 192.168.58.22 1194\nresolv-retry infinite\nnobind\npersist-key\npersist-tun\nkey-direction 1\nremote-cert-tls server\nauth-nocache\ncomp-lzo\nverb 3\nauth SHA512\ncipher AES-256-CBC\ncomp-lzo no\nsetenv PATH \/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin\nscript-security 2\nup \/etc\/openvpn\/scripts\/update-systemd-resolved\nup-restart\ndown \/etc\/openvpn\/scripts\/update-systemd-resolved\ndown-pre\n<tls-auth>\n#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\nec31b288a9a3865c4b5f3583b481ff5c\n434e957be6569ed573a58a102ce53efc\nb9528f15f5412046c5a603e6916b565b\nfe2c6a0f955dcec2d3f7e6cec7e373bb\ndff40b041f1488d4177c3de04bdff43b\ne361eff6328c499621e0846ec72565ef\n734fc02e51540d1c5c19102156a080f7\nfde124822bf6fc802dff9facf24998de\n6f91f081dafcdd28f4bca9223afe694d\n12d57beb6aed96753d651a2ca4722214\n5fa87829b9f53f2ccb89d9f15112c9cd\n3594ead75bc1df737b50188c2829d724\n3aff136577b3c79e6f863112aadf5aeb\n8b6d53c607874c71104acfa22e587bd3\n22b14a2c0a91e15569d99d5e35a52a8b\n0aa4f24ccf10d8757dfd75da14fd21ac\n-----END OpenVPN Static key V1-----\n<\/tls-auth>\n<ca>\n-----BEGIN CERTIFICATE-----\nMIIDSzCCAjOgAwIBAgIUW5NhoHubpdB2QE1IdTqCZeD4CK4wDQYJKoZIhvcNAQEL\nBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcxNDQ4WhcNMzEx\nMTAzMTcxNDQ4WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBALGvwj57vpugazdMtjIVngKybzapSfT7rm1Rv+d2\nSssBwsTf4kDXqfwQiQLPEDo5mpxIO1XBEhsNS3CeBBSfGHgvT3EbiXKLS0mpMiIK\nnayJJh2+v3xg+3EU5jemNJ8p3iqsWz566ds\/C6haZsp9cM5oGBOOSbHOMJo4S6+6\nXmZfi8sdCWlSxrntd74MmEPI7wvmClA5xaM3hfzpHXdhrcTr9JDVMf0sYSkXUbc5\nnyDQrLtcZiVyoPCJxB41OoTYd1aLDV\/7F+A6ShSQSw\/04jQq3yoyQd9qMZUfPieE\nedjBiVtaN\/ecNGdJM7u7k2L3ADe+ObX9o3Dq6evmxWPUtSECAwEAAaOBkDCBjTAd\nBgNVHQ4EFgQUvMfE2qXU2IZw4c5X+i48cGji1\/owUQYDVR0jBEowSIAUvMfE2qXU\n2IZw4c5X+i48cGji1\/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRbk2Gg\ne5ul0HZATUh1OoJl4PgIrjAMBgNVHRMEBTADAQH\/MAsGA1UdDwQEAwIBBjANBgkq\nhkiG9w0BAQsFAAOCAQEAn5mckexf90rXn\/xjzhKSbc2pNarQJ\/YcmQ5xpRwv8D6x\nGQieEk9BB8iWzaufH0cW+LI80zZYpjMg1qygKDoPIRryn0MVsr03XRCxnQRlkC7f\now62PMXOp31ru1vq0ar\/BjYE9EhQVEFdErhmc0FMmrkWP7H5rwRX7GO5T3wNfO3q\n+rftpJiCVeY4lFWyNuHKZv3n8DtfwOoT5ybpJ31\/mn6i\/SWfaJa5gY9I8+jh6q7m\nbRcTvNQk+G1ApgJZuoV5shAPZg6oJZVvU9q8FryMmcPxB4dTZwA3NIZfjQs8Q7lD\nB0\/XhJ+bjQvtC2YLfNLZgsEwOrUGs+ZCbL3T1FyLpg==\n-----END CERTIFICATE-----\n<\/ca>\n<cert>\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            a8:92:f9:c5:d7:40:22:75:38:b8:b6:b6:1e:b1:8c:2c\n        Signature Algorithm: sha256WithRSAEncryption\n        Issuer: CN=Easy-RSA CA\n        Validity\n            Not Before: Nov  5 17:20:19 2021 GMT\n            Not After : Feb  8 17:20:19 2024 GMT\n        Subject: CN=koromicha\n        Subject Public Key Info:\n            Public Key Algorithm: rsaEncryption\n                RSA Public-Key: (2048 bit)\n                Modulus:\n                    00:d1:f5:5f:c8:1e:6c:c5:35:fe:9a:68:d1:91:2d:\n                    cb:11:b3:08:ed:47:3a:b8:32:74:df:f1:b7:78:be:\n                    25:fc:95:73:be:6b:de:c8:89:1d:39:5e:72:4d:ea:\n                    a3:13:2a:c9:29:44:2e:17:fc:48:d9:6c:8b:2f:ca:\n                    a4:e5:90:43:a9:8b:a2:7a:bb:b5:c8:7a:6a:fe:9d:\n                    4b:aa:67:78:e8:3f:53:9e:9d:b3:25:77:a1:22:f3:\n                    b1:f0:82:97:9e:f5:14:b2:93:de:c5:20:84:05:54:\n                    d5:70:ad:d5:4f:41:04:a6:56:04:08:e9:45:ea:eb:\n                    c2:00:da:ee:1b:b4:30:74:c5:9e:76:6d:49:0c:8c:\n                    7e:45:8a:e5:93:1a:d0:f6:70:1a:73:df:b2:eb:68:\n                    2d:7a:1e:68:00:9e:b1:1f:1d:14:75:1b:89:56:b2:\n                    e8:8e:84:e6:ea:39:50:93:0d:0e:30:6d:fc:97:3e:\n                    6a:66:c3:cc:f3:93:12:5c:38:b4:62:ef:58:7f:a7:\n                    70:05:2c:2d:f0:54:5e:7e:7a:98:ea:af:8d:6d:2e:\n                    9c:47:80:1f:26:67:b4:2d:44:11:2f:6d:a5:9a:96:\n                    7f:b5:ae:f8:48:61:ca:5c:f8:d5:1b:44:40:8b:fc:\n                    97:01:5e:15:24:28:c6:24:81:39:d4:e0:3d:1f:81:\n                    9a:11\n                Exponent: 65537 (0x10001)\n        X509v3 extensions:\n            X509v3 Basic Constraints: \n                CA:FALSE\n            X509v3 Subject Key Identifier: \n                B1:97:65:D8:90:01:7E:57:CA:11:73:4D:E2:E3:83:6F:71:B9:1B:6E\n            X509v3 Authority Key Identifier: \n                keyid:BC:C7:C4:DA:A5:D4:D8:86:70:E1:CE:57:FA:2E:3C:70:68:E2:D7:FA\n                DirName:\/CN=Easy-RSA CA\n                serial:5B:93:61:A0:7B:9B:A5:D0:76:40:4D:48:75:3A:82:65:E0:F8:08:AE\n\n            X509v3 Extended Key Usage: \n                TLS Web Client Authentication\n            X509v3 Key Usage: \n                Digital Signature\n    Signature Algorithm: sha256WithRSAEncryption\n         57:ae:78:40:08:84:4f:4a:ec:53:b3:85:96:e8:c9:25:2b:3f:\n         37:16:37:53:e4:7b:eb:c5:0b:29:36:75:44:75:cc:47:a2:b1:\n         3a:fa:a1:07:88:89:99:b4:6e:21:82:1a:8e:42:1d:6c:b9:b5:\n         e2:21:85:55:a8:34:9e:80:52:27:81:c2:f7:af:e7:94:27:bf:\n         cb:7c:a2:cf:39:90:95:95:29:75:a1:c7:9c:68:5b:5e:5c:aa:\n         81:3d:c7:8a:79:54:9c:bc:9c:73:a2:76:02:56:42:56:4f:82:\n         80:23:0e:a3:8d:2f:86:0e:3e:08:7d:a8:b6:55:e7:2a:8f:6b:\n         4a:68:99:93:44:57:02:19:11:7d:cc:cf:05:a6:ce:4a:a0:41:\n         df:a1:88:8e:b3:0d:f3:67:cf:f9:82:27:41:bc:3b:4e:fb:7f:\n         60:e5:43:bb:7f:61:63:71:89:cf:55:fc:ce:82:bb:8c:2a:11:\n         9b:e7:e0:97:e3:ba:e0:cd:b0:12:35:56:41:58:62:0d:63:58:\n         ec:55:50:2b:82:5a:b5:4f:42:23:c7:e8:e6:8a:91:10:8b:a2:\n         40:47:85:ed:98:7f:e5:df:96:06:30:6b:ec:6f:9c:2d:5a:5a:\n         0a:71:fb:e2:1d:3e:f6:35:cd:ec:19:9b:67:c2:44:e3:b7:b6:\n         9f:81:51:c5\n-----BEGIN CERTIFICATE-----\nMIIDWDCCAkCgAwIBAgIRAKiS+cXXQCJ1OLi2th6xjCwwDQYJKoZIhvcNAQELBQAw\nFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTA1MTcyMDE5WhcNMjQwMjA4\nMTcyMDE5WjAUMRIwEAYDVQQDDAlrb3JvbWljaGEwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQDR9V\/IHmzFNf6aaNGRLcsRswjtRzq4MnTf8bd4viX8lXO+\na97IiR05XnJN6qMTKskpRC4X\/EjZbIsvyqTlkEOpi6J6u7XIemr+nUuqZ3joP1Oe\nnbMld6Ei87Hwgpee9RSyk97FIIQFVNVwrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52\nbUkMjH5FiuWTGtD2cBpz37LraC16HmgAnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyX\nPmpmw8zzkxJcOLRi71h\/p3AFLC3wVF5+epjqr41tLpxHgB8mZ7QtRBEvbaWaln+1\nrvhIYcpc+NUbRECL\/JcBXhUkKMYkgTnU4D0fgZoRAgMBAAGjgaIwgZ8wCQYDVR0T\nBAIwADAdBgNVHQ4EFgQUsZdl2JABflfKEXNN4uODb3G5G24wUQYDVR0jBEowSIAU\nvMfE2qXU2IZw4c5X+i48cGji1\/qhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENB\nghRbk2Gge5ul0HZATUh1OoJl4PgIrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV\nHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFeueEAIhE9K7FOzhZboySUrPzcW\nN1Pke+vFCyk2dUR1zEeisTr6oQeIiZm0biGCGo5CHWy5teIhhVWoNJ6AUieBwvev\n55Qnv8t8os85kJWVKXWhx5xoW15cqoE9x4p5VJy8nHOidgJWQlZPgoAjDqONL4YO\nPgh9qLZV5yqPa0pomZNEVwIZEX3MzwWmzkqgQd+hiI6zDfNnz\/mCJ0G8O077f2Dl\nQ7t\/YWNxic9V\/M6Cu4wqEZvn4JfjuuDNsBI1VkFYYg1jWOxVUCuCWrVPQiPH6OaK\nkRCLokBHhe2Yf+XflgYwa+xvnC1aWgpx++IdPvY1zewZm2fCROO3tp+BUcU=\n-----END CERTIFICATE-----\n<\/cert>\n<key>\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9V\/IHmzFNf6a\naNGRLcsRswjtRzq4MnTf8bd4viX8lXO+a97IiR05XnJN6qMTKskpRC4X\/EjZbIsv\nyqTlkEOpi6J6u7XIemr+nUuqZ3joP1OenbMld6Ei87Hwgpee9RSyk97FIIQFVNVw\nrdVPQQSmVgQI6UXq68IA2u4btDB0xZ52bUkMjH5FiuWTGtD2cBpz37LraC16HmgA\nnrEfHRR1G4lWsuiOhObqOVCTDQ4wbfyXPmpmw8zzkxJcOLRi71h\/p3AFLC3wVF5+\nepjqr41tLpxHgB8mZ7QtRBEvbaWaln+1rvhIYcpc+NUbRECL\/JcBXhUkKMYkgTnU\n4D0fgZoRAgMBAAECggEBAMBTVd7Zx+dK06Ob+sRTP15CMx4vjmFmjtsI73jiLafX\nO0QmSdhGiYegtXIcSi9nlQeBFfwQtKa+IC2yIiTLZr+rUjW9NwKi6Nm9Oq+owv9z\n6uQ0LwNWNzvuIYRgDAWnGMOQYpMOewDrOe1Sv0AvHdREnMOQ8+QC\/B6ObWjhQTXk\nmqyvCY2IEg22upif5kDPLul6FtGuGwzUQwxYVfyOem0ECVJ4yotuS4ie8D36fxKD\nutY18RJGhG9J1gRHJmQYcuB9jRkuVuno8pBdR3jabCE68DzpzOXvV4LHTIAxJtEz\nNEZbzgwmf7TPg84pahaLYQOyxQpu8P6xm6QhBfTEPAECgYEA+UIKiGTlvy\/EX8st\n5I7PI8yhPJI8fbq\/9oqjd5nwsUbzngdeuyy7HxruzAPQA\/bFGSTikyf9jHPYAqZ0\n7GGx9KCgbXyGNUk90ipHEqzXomrEjIh9y3qAQu+VLt4XILAfrDgV+QUITXIsRCnY\ntOg4CdUJFJg5uQblR\/AZCSx+9MECgYEA16M1SiSImoydUKvtl+4Jzqn4CSg3cKya\nxWWtXYQLrh6PMOoKy\/idGV6Xcl5H57xASqxjehyL5VzaBw6mSmcIuuovbuMWpI4Q\nzVZQEgizsDtEFNr8tQ+qtlXR7DwEkUOLtfQaULDD9LR1OMM06x9Py9UxCbfi3\/Dl\nKod8GFazaVECgYAleV1WBj1YUhknAcgDjcjsq+4tyhqYGISVz2AmMhmyvWURBDCk\n2WPEmGsAdy5F+krFrfr2ftOq0xvNwjLf+wwjKCcWbttKlZlayIpo7114CK9GJZss\nBV3VMmnuYut9OZ15afE7wBrwcdLf6J6xDByotcOouf4rqDK+bwWEkJEBwQKBgQDN\n4OIhDq5puDT+b5fhhYBRkw\/gVkhQSEtgigoyjb7FGCIoVlvGkHAVZ616oS9Pvfk4\nEkzLqnOaocL8F+2GfcblBnARE7lrlMPP+EdsYGiGqp7+tnGtwO6BNYC+ZjMKKg46\nw3tYbNw6RwzgC+f7UCLUfpBaMfnnS0zRBRfi+OxEcQKBgEMEes7DT5sqoQkam9lk\nAmP8NK+eAoB7RWk8A1ADBlz48xmIH\/lR99su9bWWd0xthYuBvx3ZpPRTqp0Z2ehm\n7w3jnw+A7BZn1\/gmcXLCXexQl+tn0nfm87xpwXCDmHjZzdldzLMpjOMHZDmOcufN\ny30Rsmt3vdeo5Rv+whSSypnq\n-----END PRIVATE KEY-----\n<\/key>\n<\/code><\/pre>\n\n\n\n<p>Connecting to the VPN;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openvpn client-1.ovpn<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nTue Nov  9 00:02:52 2021 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH\/PKTINFO] [AEAD] built on Apr 21 2021\nTue Nov  9 00:02:52 2021 library versions: OpenSSL 1.1.1g FIPS  21 Apr 2020, LZO 2.08\nTue Nov  9 00:02:52 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\nTue Nov  9 00:02:52 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication\nTue Nov  9 00:02:52 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication\nTue Nov  9 00:02:52 2021 TCP\/UDP: Preserving recently used remote address: [AF_INET]192.168.58.22:1194\nTue Nov  9 00:02:52 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]\nTue Nov  9 00:02:52 2021 UDPv4 link local: (not bound)\nTue Nov  9 00:02:52 2021 UDPv4 link remote: [AF_INET]192.168.58.22:1194\nTue Nov  9 00:02:52 2021 TLS: Initial packet from [AF_INET]192.168.58.22:1194, sid=f89234f0 4a96fc1e\nTue Nov  9 00:02:52 2021 VERIFY OK: depth=1, CN=Easy-RSA CA\nTue Nov  9 00:02:52 2021 VERIFY KU OK\nTue Nov  9 00:02:52 2021 Validating certificate extended key usage\nTue Nov  9 00:02:52 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication\nTue Nov  9 00:02:52 2021 VERIFY EKU OK\nTue Nov  9 00:02:52 2021 VERIFY OK: depth=0, CN=server\nTue Nov  9 00:02:52 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA\nTue Nov  9 00:02:52 2021 [server] Peer Connection Initiated with [AF_INET]192.168.58.22:1194\nTue Nov  9 00:02:53 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)\nTue Nov  9 00:02:53 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.58.22,dhcp-option DNS 8.8.8.8,dhcp-option DOMAIN kifarunix-demo.com,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-CBC'\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: timers and\/or timeouts modified\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: --ifconfig\/up options modified\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: route options modified\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: route-related options modified\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: --ip-win32 and\/or --dhcp-option options modified\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: peer-id set\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: adjusting link_mtu to 1625\nTue Nov  9 00:02:53 2021 OPTIONS IMPORT: data channel crypto options modified\nTue Nov  9 00:02:53 2021 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key\nTue Nov  9 00:02:53 2021 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication\nTue Nov  9 00:02:53 2021 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key\nTue Nov  9 00:02:53 2021 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication\nTue Nov  9 00:02:53 2021 ROUTE_GATEWAY 10.0.2.2\/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:3e:fe:0e\nTue Nov  9 00:02:53 2021 TUN\/TAP device tun0 opened\nTue Nov  9 00:02:53 2021 TUN\/TAP TX queue length set to 100\nTue Nov  9 00:02:53 2021 \/sbin\/ip link set dev tun0 up mtu 1500\nTue Nov  9 00:02:53 2021 \/sbin\/ip addr add dev tun0 10.8.0.2\/24 broadcast 10.8.0.255\nTue Nov  9 00:02:53 2021 \/etc\/openvpn\/scripts\/update-systemd-resolved tun0 1500 1605 10.8.0.2 255.255.255.0 init\n<14>Nov  9 00:02:53 update-systemd-resolved: Link 'tun0' coming up\n<14>Nov  9 00:02:53 update-systemd-resolved: Adding IPv4 DNS Server 192.168.58.22\n<14>Nov  9 00:02:53 update-systemd-resolved: Adding IPv4 DNS Server 8.8.8.8\n<14>Nov  9 00:02:53 update-systemd-resolved: Adding DNS Domain kifarunix-demo.com\n<14>Nov  9 00:02:53 update-systemd-resolved: SetLinkDNS(22 2 2 4 192 168 58 22 2 4 8 8 8 8)\n<14>Nov  9 00:02:53 update-systemd-resolved: SetLinkDomains(22 1 kifarunix-demo.com false)\nTue Nov  9 00:02:53 2021 \/sbin\/ip route add 192.168.58.22\/32 via 10.0.2.2\nTue Nov  9 00:02:53 2021 \/sbin\/ip route add 0.0.0.0\/1 via 10.8.0.1\nTue Nov  9 00:02:53 2021 \/sbin\/ip route add 128.0.0.0\/1 via 10.8.0.1\nTue Nov  9 00:02:53 2021 Initialization Sequence Completed\n<\/code><\/pre>\n\n\n\n<p>Your local DNS should now be working when connected to VPN.<\/p>\n\n\n\n<p>Read more about <a href=\"https:\/\/github.com\/jonathanio\/update-systemd-resolved#dns-leakage\" target=\"_blank\" rel=\"noreferrer noopener\">DNS leakage<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/make-permanent-dns-changes-on-resolv-conf-in-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Make Permanent DNS Changes on resolv.conf in Linux<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/easily-install-and-setup-powerdns-admin-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Easily Install and Setup PowerDNS Admin on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a quick tutorial on how to configure OpenVPN clients to use specific DNS server. OpenVPN server can be configured to enable the clients<\/p>\n","protected":false},"author":1,"featured_media":9411,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,282,321],"tags":[4257,4256,4259,4258,4260,4261],"class_list":["post-10806","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-openvpn","category-vpn","tag-configure-openvpn-clients-to-use-specific-dns-server","tag-easily-install-and-setup-powerdns-admin-on-ubuntu-20-04","tag-openvpn-client-dns","tag-openvpn-dhcp-option-dns-not-working","tag-openvpn-dhcp-option-domain","tag-openvpn-override-dns","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10806"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=10806"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10806\/revisions"}],"predecessor-version":[{"id":21615,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/10806\/revisions\/21615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9411"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=10806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=10806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=10806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}