Can't execute "update-resolv-conf" script | missing –script-security parameter

  • Hello!
    I have an OpenVPN Server Running on pfSense 1.2.3-RC2 (We cannot upgrade due to the missing NAT-T Feature in 1.2.3-Release..)
    When I connect with an Ubuntu 10.04 client, using the openvpn package installed via apt on the CLI, my resolv.conf does not get updated.
    As far as I was able to find out, this is a known bug.
    To solve this the Ubuntu OpenVPN package is installed together with a script (/etc/openvpn/update-resolv-conf). This script is used by adding the following lines to the client config:

    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

    This script edits the resolv.conf by adding the OpenVPN push parameters. And after the disconnecting it replaces the data with the original one.
    But my client refuses to execute external scripts, because I did not use "–script-security 2" on the server side, as far as I understood.
    But when I add it, the server does not start anymore, because this option is unknown in OpenVPN 2.0.6

    May 19 08:51:46	openvpn[20214]: Use --help for more information.
    May 19 08:51:46	openvpn[20214]: Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_server0.conf:29: script-security (2.0.6)
    May 19 08:51:46	openvpn[11958]: SIGTERM[hard,] received, process exiting
    May 19 08:51:44	openvpn[11958]: /etc/rc.filter_configure tun0 1500 1542 init
    May 19 08:51:44	openvpn[11958]: event_wait : Interrupted system call (code=4)

    So now I have two questions.
    Is there a way to use the "/etc/openvpn/update-resolv-conf" script?
    Or is there a different way to make my Ubuntu add the additional DNS Servers to its config?

    Thank you! I hope I explained everythin correct.

  • The "–script-security 2" option applies to client, not server. The client is the one that needs to run the script when a connection is made.

  • Thank you very much. That solved the problem with the script!
    I do not know why I thought that script-security was a server parameter.

Log in to reply