I’ve started with a fresh install of CoreELEC on my Odroid N2 yesterday. Used the latest image of Matrix 19.3 which went smootly.
The first thing i’ve started configuring is OpenVPN, because this is always the hardest to get right and in the past i took some “shortcuts” to get things working.
Anyway, the thing i had problems with last time is the nameservers; i could not get CoreELEC to use the nameservers provided by my VPN provider. In the end i resorted to handing out the VPN providers nameservers through my routers DHCP options, which means i can’t use DNS until the VPN is up and i have to resort to connecting to IP addresses of my VPN provider instead of hostnames.
Upon connecting the OpenVPN i can see that a nameserver is being provided:
CoreELEC openvpn[4913]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.0.1
However, when i do a lookup i see the nameserver being used that my router provides through DHCP:
I’m still struggling to get an OpenVPN setup that i am satisfied with regarding DNS. I would like to prevent DNS leaking, but i’m running into 2 main problems:
I can’t get CoreELEC to use the nameservers pushed by the OpenVPN server.
Automatically installed host routes to the nameservers provided by the local router’s DHCP.
The first problem has a few workarounds, but they create new problems:
Use up/down scripts to set the nameservers as the VPN status changes: I would have to set it to a pre-defined nameserver, this will break if my VPN provider changes nameservers and I’m not sure the down script will function properly if the VPN fails/stops/gets stopped, with the risk of the VPN not able to come back up because I’ve set a nameserver that’s only reachable with the VPN up.
This last part is fixable by changing the hostname of the VPN service to IP addresses, but these are not static I’ve noticed.
The second problem; the automatic host (/32) routes to the nameservers received by DHCP are a pain in my ass. I want DNS requests to go into the tunnel, not towards my router. I could make a script to delete these specific routes when the tunnel comes up, but that won’t work if the nameservers get changed in the routers DHCP sometime in the future or if I use my CoreELEC box somewhere else with different DHCP servers.
Any help pointing me in the right direction is much appreciated.