Comment 50 for bug 1169437

I have been running OpenVPN within 16.04 for some time and didn't have any DNS issues to begin with, even though I wasn't calling any scripts such as /etc/openvpn/update-resolv-conf via the up/down commands in my configuration; it just worked.

Something must have changed through updates however, as it stopped working. Upon investigation I found this thread and tried the solution in comment #44, which doesn't seem to work for me.

I have found that commenting out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf, as in comment #42 does not entirely work for me either. The problem I've found with this solution is as follows:

The original name servers (x2) as supplied via DHCP for the base network connection are pushed to /etc/resolv.conf via resolverconf. I start OpenVPN and use /etc/openvpn/update-resolv-conf to push the name servers supplied from the VPN server to /etc/resolv.conf. After that /etc/resolv.conf contains 3 nameserver entries. The first two entries are those supplied from the VPN server; the last one is a nameserver entry as supplied by the DHCP server for the base connection.

While you could use the connection in this state, it's clearly not great because there's the potential for DNS leakage. Also, it's quite possible you won't be able to contact the ISP's DNS servers anyway, because you're no longer sending queries from within their network.

I'm writing what I have found here for the benefit of other OpenVPN users with DNS issues, although it would appear that what I've found is a revolvconf issue rather than an OpenVPN one.

I have attached a modified update-resolv-conf file which works for me. It backs up and then deletes the NetworkManager connection before adding the OpenVPN supplied DNS information. Upon disconnection it deletes the OpenVPN entry and restores the NetworkManager information from the backup.

I hope this might be useful to some folk.