OpenVPN server on pfsense and client on Ubuntu 16.04

OpenVPN

I have been setting up an OpenVPN server on my Netgate SG-3100 router. I hope this makes syncronizing backups to a physically separate location easier. There are many walkthroughs to set up an OpenVPN server on a pfsense router and that works nicely. However, I am using Ubuntu 16.04 at work and setting up the client requires a bit more than doing the same on MacOS or Windows.

On Ubuntu, it is mandatory to update DNS information manually after establishing the VPN tunnel if you have opted for the setting to route all internet traffic originating from the client through the VPN server. If you do no update the DNA resolver information on the Ubuntu client, you can access the the VPN-internal network (in my case 10.0.0.0/24), but you cannot use hostnames. E.g. ping www.google.com will fail, but ping 172.217.21.164 will succeed. Similarly, your browser will not find any URLs. And browsing with IP-addresses ("http://172.217.21.164") is not very practical.

The default configuration on Ubuntu does not allow for this update of the DNS resolver to happen automatically for security reasons. There is a script included in the Ubuntu package of openvpn that updates this information (/etc/openvpn/update-resolv-conf). But in order for this to work one needs to

  1. call the script from within the openvpn configuration file
  2. pass a parameter to openvpn when starting the service to allow script execution (openvpn --config pfsense.conf --script-security 2)

It gets even more complicated for the newest Ubuntu LTS 18.04 as the resolver update script that is installed by default is actually not functional anymore on 18.04. Instead, you need to manually install the openvpn-systemd-resolved update script (for details, check here: https://askubuntu.com/questions/1032476/ubuntu-18-04-no-dns-resolution-w...).