Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't execute "update-resolv-conf" script | missing –script-security parameter

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Starko
      last edited by

      Hello!
      I have an OpenVPN Server Running on pfSense 1.2.3-RC2 (We cannot upgrade due to the missing NAT-T Feature in 1.2.3-Release..)
      When I connect with an Ubuntu 10.04 client, using the openvpn package installed via apt on the CLI, my resolv.conf does not get updated.
      As far as I was able to find out, this is a known bug.
      To solve this the Ubuntu OpenVPN package is installed together with a script (/etc/openvpn/update-resolv-conf). This script is used by adding the following lines to the client config:

      up /etc/openvpn/update-resolv-conf
      down /etc/openvpn/update-resolv-conf
      

      This script edits the resolv.conf by adding the OpenVPN push parameters. And after the disconnecting it replaces the data with the original one.
      But my client refuses to execute external scripts, because I did not use "–script-security 2" on the server side, as far as I understood.
      But when I add it, the server does not start anymore, because this option is unknown in OpenVPN 2.0.6

      May 19 08:51:46	openvpn[20214]: Use --help for more information.
      May 19 08:51:46	openvpn[20214]: Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_server0.conf:29: script-security (2.0.6)
      May 19 08:51:46	openvpn[11958]: SIGTERM[hard,] received, process exiting
      May 19 08:51:44	openvpn[11958]: /etc/rc.filter_configure tun0 1500 1542 10.66.66.1 10.66.66.2 init
      May 19 08:51:44	openvpn[11958]: event_wait : Interrupted system call (code=4)
      

      So now I have two questions.
      Is there a way to use the "/etc/openvpn/update-resolv-conf" script?
      Or is there a different way to make my Ubuntu add the additional DNS Servers to its config?

      Thank you! I hope I explained everythin correct.

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        The "–script-security 2" option applies to client, not server. The client is the one that needs to run the script when a connection is made.

        1 Reply Last reply Reply Quote 0
        • S
          Starko
          last edited by

          Thank you very much. That solved the problem with the script!
          I do not know why I thought that script-security was a server parameter.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.