By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS VPN on Ubuntu and incorrect nameserver order

0

Hi! I've setup AWS VPN on my Ubuntu LTS 24 using your GUI client. The connection works flawlessly however I'm having trouble connecting to our organization's RDS instance db_name.some_id.eu-west-3.rds.amazonaws.com.

When I connect to the VPN, my resolv.conf changes from:

nameserver 192.168.0.1
search .

to

nameserver 192.168.0.1
nameserver 172.101.0.239
nameserver 172.101.4.72
search .

Since AWS nameservers are after my default nameserver, my default nameserver is resolving the host's IP to its external IP: 13.37.X.X and the connection to the RDS instance fails. If I manually edit the resolv.conf file and move AWS nameservers above the default nameserver:

nameserver 172.101.0.239
nameserver 172.101.4.72
nameserver 192.168.0.1
search .

the IP is correctly resolved to 172.16.X.X and I can connect to the instance. How to fix this issue? It's extremely frustrating.

Topics
Networking & Content Delivery
Tags
AWS Client VPN
Language
English
Mike
asked a month ago48 views
1 Answer
0
Accepted Answer

This issue is related to how DNS queries are handled after establishing a VPN connection on Ubuntu systems. The problem occurs because the VPN connection is not overriding the default system nameserver, causing DNS queries to still go to your local DNS server (192.168.0.1) instead of using the AWS-provided nameservers.

To resolve this issue, you can try the following steps:

  1. Modify the OpenVPN configuration file for your AWS Client VPN connection. You'll need to add the following directive:

    dhcp-option DOMAIN-ROUTE .

    This tells the system to route all DNS queries through the VPN tunnel.

  2. Additionally, you may need to adjust how systemd-resolved handles DNS resolution. You can do this by creating a symlink for /etc/resolv.conf. Use one of these commands depending on your desired behavior:

    For stub resolution: sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

    For full DNS resolution through systemd-resolved: sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

  3. If you're using the OpenVPN command line client, ensure that you have the resolvconf package installed and add the following lines to your OpenVPN configuration file:

    script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf

These changes should help ensure that DNS queries are properly routed through the VPN tunnel and that the AWS-provided nameservers are used first. After making these changes, reconnect to the VPN and check if the RDS instance can be resolved correctly.

If you continue to experience issues, you may need to consult with your network administrator or AWS support for further assistance, as there could be specific configurations in your environment that need to be addressed.
Sources
Troubleshooting AWS Client VPN connections with Linux-based clients - AWS Client VPN

profile picture
re:Post Agent
answered a month ago
profile picture
EXPERT
Adeleke Adebowale Julius
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content