When working with OpenVPN connections, NetworkManager should automatically update /etc/resolv.conf when DNS servers are pushed from the VPN server. However, in many Linux distributions using NetworkManager, this functionality may break due to several configuration factors.

First, let's check the current DNS configuration:

cat /etc/resolv.conf
nmcli device show tun0 | grep IP4.DNS

You should also verify OpenVPN is actually receiving the DNS push:

journalctl -u openvpn --no-pager -n 50

1. NetworkManager Plugin Configuration

Edit the OpenVPN NetworkManager configuration file:

sudo nano /etc/NetworkManager/NetworkManager.conf

Ensure these lines exist:

[main]
plugins=keyfile,ifcfg-rh
dns=dnsmasq
rc-manager=resolvconf

2. DNS Handling Method

Modern Linux distributions may use different DNS resolution methods. Try these commands:

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo rm /etc/resolv.conf
sudo ln -s /run/NetworkManager/resolv.conf /etc/resolv.conf

3. NetworkManager OpenVPN Plugin

For RHEL/CentOS/Fedora:

sudo yum install NetworkManager-openvpn

For Debian/Ubuntu:

sudo apt-get install network-manager-openvpn

Until the automatic solution works, you can manually update resolv.conf:

sudo bash -c 'echo "nameserver 10.8.0.1" >> /etc/resolv.conf'
sudo bash -c 'echo "search ABC.COM" >> /etc/resolv.conf'

Check NetworkManager logs with:

journalctl -u NetworkManager --no-pager -n 100

Create an OpenVPN update script:

#!/bin/bash
case $script_type in
up)
    cp /etc/resolv.conf /etc/resolv.conf.bak
    echo "nameserver 10.8.0.1" > /etc/resolv.conf
    echo "search ABC.COM" >> /etc/resolv.conf
    ;;
down)
    mv /etc/resolv.conf.bak /etc/resolv.conf
    ;;
esac
exit 0

Add to your OpenVPN config:

script-security 2
up /path/to/update-resolv.sh
down /path/to/update-resolv.sh

After applying any changes:

sudo systemctl restart NetworkManager
sudo systemctl restart openvpn

---

When working with OpenVPN connections managed by NetworkManager, a common frustration occurs when DNS settings pushed from the server don't properly update the client's /etc/resolv.conf. This manifests when:

• VPN connection establishes successfully
• Routes appear in the routing table
• Manual DNS queries work with the VPN DNS server
• But NetworkManager fails to update the system's DNS configuration

First, verify what NetworkManager sees about your VPN connection:

nmcli connection show your-vpn-connection-name | grep dns

Check the current DNS configuration status:

nmcli dev show | grep DNS

Option 1: Modify NetworkManager Configuration

Edit /etc/NetworkManager/NetworkManager.conf:

[main]
dns=dnsmasq
rc-manager=unmanaged

Then restart NetworkManager:

sudo systemctl restart NetworkManager

Option 2: Use a NetworkManager Dispatch Script

Create /etc/NetworkManager/dispatcher.d/99vpn-dns:

#!/bin/bash

interface=$1
status=$2

if [[ "$interface" = "tun0" && "$status" = "up" ]]; then
    echo "nameserver 10.8.0.1" | sudo tee /etc/resolv.conf
    echo "search ABC.COM" | sudo tee -a /etc/resolv.conf
fi

Make it executable:

chmod +x /etc/NetworkManager/dispatcher.d/99vpn-dns

Option 3: Modify OpenVPN Client Configuration

Add these directives to your client configuration:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

After implementing any solution, verify:

1. The VPN connection status: nmcli connection show --active
2. Current DNS settings: cat /etc/resolv.conf
3. DNS resolution: dig example.com @10.8.0.1

For systems using systemd-resolved:

[Resolve]
DNS=10.8.0.1
Domains=~ABC.COM

Then query specific domains through the VPN:

systemd-resolve --interface=tun0 ABC.COM

• NetworkManager may overwrite changes made directly to resolv.conf
• The resolvconf package might conflict with NetworkManager's DNS handling
• Some distributions symlink resolv.conf to a NetworkManager-controlled file