How do I make kresd use OpenVPN-supplied DNS servers when available?

mattventura · October 25, 2023, 5:37pm

I have an OpenVPN config with push "dhcp-option DNS 192.168.1.1" in the server-side config. On the Omnia, I can see that it has pulled this nameserver into /tmp/resolv.conf.d/:

# cat /tmp/resolv.conf.d/resolv.conf.vpn.bs1tun
nameserver 192.168.1.1

But how do I make the resolver actually make use of this? Neither /tmp/resolv.conf.d/resolv.conf.auto nor /tmp/kresd.config picks up on this - they only show the DNS servers from my WAN’s DHCP server.

vcunat · October 25, 2023, 7:54pm

Why not manually configure the DNS that you want on this client Omnia?

From what you write I assume you want forwarding, so in ReForis you choose that, click “Custom Forwarder” button and configure it there. I expect that will just work.

mattventura · October 25, 2023, 8:06pm

The DNS server in question is only reachable if the VPN is up. Hence, setting it globally would break things, since it wouldn’t be able to resolve the DNS server in the first place.

Does kresd support something like dnsmasq’s ability to forward requests for a particular domain to a specific nameserver? That would also work for me.

vcunat · October 25, 2023, 8:25pm

It does, but there’s no clickable UI to set that up. It’s like

add custom config file
Knot resolver (i.e. kresd) - DNS advanced settings for Omnia and MOX [Turris wiki]
then a forwarding rule inside it, I suppose .STUB in your case
Query policies — Knot Resolver 5.6.0 documentation

mattventura · October 25, 2023, 8:46pm

Thanks, that got it working.

Was this setting removed/never ported to reForis?

vcunat · October 26, 2023, 5:46am

I didn’t even know about it.

mmtj · October 26, 2023, 10:42pm

Well, the same behaviour from Foris was ported to the reForis.

See screenshot (OpenVPN / Server Settings):
2023-10-27 00.22.39 omnia.home aaea5c26d11e

But this checkbox only applies to OpenVPN server on Turris router.
So in this case, “Use DNS via VPN” means that VPN clients can use DNS server provided by the Turris router.

However, I believe that your use-case is to use DNS server from VPN provider, to which your Turris router is connected as VPN client.
AFAIK (I could be wrong), that functionality was not implemented yet for OpenVPN client settings in reForis.

mattventura · October 27, 2023, 4:01am

My use case is that I’m using the Omnia as a travel router. I have it log into my VPN server to act as a site-to-site VPN (via a VPS) so that my home machines are accessible on the go. I can mostly work around it by simply forwarding the DNS domain for said machines to my home router. The only issue I have to work around is that the VPN server itself is on said domain, but that’s easy enough to solve by hardcoding the IP in the ovpn config (or putting it in /etc/hosts). Only an issue if the IP changes, but VPS IPs don’t just change randomly.

system · October 30, 2023, 4:02am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.