4

Here is the my openvpn.conf.

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/VPN.SERVERNAME.COM.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/VPN.SERVERNAME.COM.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

push "route 10.2.0.0 255.255.255.0"

When I connect from my client I get this error - 

 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: block-outside-dns (2.3.2)
user1050619
  • 649
  • 1
    You are probably connecting from a non-Windows platform, see the description of --block-outside-dns for details: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage – Tom Yan Aug 15 '17 at 22:19

2 Answers2

9

As far as I understand you don’t need this command in Linux. The command block-outside-dns is for windows only. To achieve the proper DNS configuration you need at least the three following lines in your client.conf:

script-security 2 
up /etc/openvpn/update-resolv-conf 
down /etc/openvpn/update-resolv-conf

/etc/openvpn/update-resolv-conf is the standard path if you didn't change it after openvpn installation via apt-get.

Post 4 in https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin/issues/12

https://github.com/Nyr/openvpn-install/commit/acca10ba1a87b86da3f402ef08e07ad42126913e

David Foerster
  • 36,264
  • 56
  • 94
  • 147
AlexOnLinux
  • 962
  • 7
  • 20
  • This approach also works by adding to the client.ovpn file retrieved via an OpenVPN access server – ScottMcC Nov 08 '19 at 06:24
  • 4
    I also had to install openresolv to make this work as well – ScottMcC Nov 08 '19 at 06:27
  • Thanks for sharing this <3 I remeber a lot of ip adresses at my work in my head. But i can't remeber them all. I should have searched for this better solution instead of looking up hosts ip in Nagios for 3 years =) – vovven Jun 27 '21 at 20:06
1

In my case the compress parameter was not understood. Furthermore, I could tunnel plaintext traffic between client but ssh wasn't working. I had the latest package installed on a Raspbian OS.

Here the errors message that I had:

Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: compress (2.3.4)

localhost ovpn-client[633]: write to TUN/TAP : Invalid argument (code=22)

I fixed my problems by building the latest version from source.

First, install the build dependencies:

sudo apt update
sudo apt install git build-essential
sudo apt build-dep openvpn

and then run the following commands:

git clone https://github.com/OpenVPN/openvpn.git
cd openvpn
git tag # check for the latest release tag, in my case it was v2.4.3
git checkout v2.4.3
git submodule update --init --recursive
autoreconf -i
sudo apt install libssl-dev liblz4-dev liblzo2-dev libpam-dev # More library might be required or the version might be different. The configure script will tell if something is missing.
./configure
make -j4
make check -j4
sudo make install

Edit: To use systemd then install libsystemd-dev and configure like this:

./configure --prefix=/usr --enable-systemd

To install instead of make install you can use checkinstall. It will complain about the version so you need to set it manually.

sudo mkdir -p /usr/lib/openpvn # checkinstall failed on my system because the folder did not exist.
sudo checkinstall

This will create a deb package and install the binaries and config files to the correct location.

mchid
  • 43,546
  • 8
  • 97
  • 150
01BTC10
  • 681
  • 2
  • 12
  • 22