[eduVPN-deploy] Support for dnsDomainSearch with Linux / NetworkManager

François Kooman fkooman at tuxed.net
Tue Dec 8 20:03:56 CET 2020 

On 08.12.20 17:59, Marc Langer via eduVPN-deploy wrote:
> Hi,

Hi Marc,

> we are using a profile with the following settings:
> 
>    'dnsDomain' => 'rz.uni-osnabrueck.de',
>    'dnsDomainSearch' => array(
>           0 => 'net.uni-osnabrueck.de',
>           1 => 'serv.uni-osnabrueck.de',
>           2 => 'uni-osnabrueck.de',
>         ),
> 
> This works as expected when using Windows 10 and the eduVPN Windows App.

This is exactly what we want to get working on all other platforms as 
well! This is the "official" way to do it since OpenVPN 2.5. Currently 
only on Windows and Android this is working in the eduVPN apps. I opened 
an issue that would fix it for macOS/iOS as well, but we didn't spend 
any time on that yet [1]. Hopefully soon.

In the meantime there is sort of a work around you can deploy. As I do 
not want to recommend this, how to do this is hidden in the source code 
[2] and a miracle it works at all (more or less everywhere). I was 
thinking a lot about making this the default in any case, but so far 
have decided against this and hopefully all apps can update quickly.

> On my Ubuntu 20.04 installation, I downloaded a .ovpn file from the
> Portal and imported it in NetworkManager.  But only rz.uni-osnabrueck.de
> is put in the DNS search list then. Is this a limitation of OpenVPN or
> NetworkManager? Is there any possibility to get this to work?

On my Fedora 33 the workaround works as well with NetworkManager as far 
as I can tell. I don't have a proper server setup to really test it, but:

$ resolvectl status

[ ... snip ... ]

Link 23 (tun0)
       Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
        LLMNR setting: yes
MulticastDNS setting: no
   DNSOverTLS setting: no
       DNSSEC setting: no
     DNSSEC supported: no
   Current DNS Server: 9.9.9.9
          DNS Servers: 9.9.9.9
                       2620:fe::fe
           DNS Domain: tuxed.net
                       foo.tuxed.net
                       bar.tuxed.net

I hope this works for you as well and we can get it fixed properly 
upstream [3] and then I can remove the dnsSuffix option.

Regards,
François

[1] https://github.com/passepartoutvpn/tunnelkit/issues/184
[2] 
https://github.com/eduvpn/vpn-server-node/blob/cd3f5d976d9de55a51b03b7b5d04d31e403d982d/src/OpenVpn.php#L367
[3] https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/56

More information about the eduVPN-deploy mailing list