OpenVPN - DNS doesnt work on client


After getting IPv6 connectivity (on router side), opevnpn (configured as IPv4 and working fine untill this moment) dont propagate DNS server to the client (Android). I tried to make it work with IPv6 additions into config by Ondrej Caletka, but still no progress :frowning: Connections to the LAN works.

config openvpn 'myvpn'
    option enabled '1'
    option verb '1'
    option port '1194'
    option proto 'udp6'
    option dev 'tun'
    option 'persist_key' '1'
    option 'persist_tun' '1'
    option server ''
    option server_ipv6 '2001:db8:dead:beef::1/64'
    option ca '/etc/openvpn/ca.crt'
    option cert '/etc/openvpn/server.crt'
    option key '/etc/openvpn/server.key'
    option dh '/etc/openvpn/dh1024.pem'
    option keepalive "10 120"
    option comp_lzo adaptive
    option topology subnet
    option status '/tmp/openvpn-status.log'
    option ifconfig_pool_persist '/tmp/ipp.txt'
    list 'push' 'dhcp-option DNS'
    list 'push' 'route'
    list 'push' 'route-ipv6 2000::/3'
    list 'push' 'redirect-gateway def1'

 config interface 'vpn0'
    option ifname 'tun0'
    option proto 'static'
    option ipaddr ''
    option netmask ''
    option ip6assign '64'
    option ip6hint 'beef'


config zone
    option name 'lan'
    list network 'lan'
    list network 'vpn0'

    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

and opened port for WAN incoming udp…

I dont need IPv6 connectivity for clients inside OpenVPN (yet), but I need to have working DNS here. Android client (tester) getprop net.dns1 shows me correct (Lan), I can even ping router. But DNS resolving doesnt work. With public DNS push it works for clients.

I cant push 6, (illegal comma (’,’) in string), I can push public DNS as workaround, but it isnt optimal solution for this…

DNS settings on router: Forwarding on, DNSSEC disabled (ISP do DNSSEC in his DNS)

Make sure that your DNS resolver knows about the tun0 interface and allows traffic from it.

Something similar happened with dnsmasq, see Setting up a OpenVPN Server, however, dnsmasq is not the default. Just make sure your DNS resolver does not have the same issue.

unfortunatelly doesnt seems to be my case. restart of kresd didnt helped.

What does ‘netstat -anep | grep “:53”’ says? Does kresd listen on If not, what interfaces it does listen on?

yes, it does:
netstat -anep | grep ":53"
tcp 0 0* LISTEN 28892/kresd
tcp 0 0 :::53 :::* LISTEN 28892/kresd
udp 0 0* 28892/kresd
udp 0 0 :::53 :::* 28892/kresd