Centos 7 with SElinux: openvpn and DNSWhat for is /etc/resolv.conf needed in newest Centos and Fedora?enabling CentOS selinuxopenvpn multiple instances route issue?openvpn: connection established, can't ping server tun interface (debian server, windows & os x clients)OpenVPN SELinux Permission DeniedCentos 7 and OpenVPN: how make them friends?SELinux on CentOS not workingOpenvpn server can ping via IP but not via hostnamecentos 7 & SELinux & ldconfigCentOS with SELinux, systemd and stunnelSELinux corrupted? Now unable to boot CentOS 7 with SELinux enabled
Multi tool use
Applicants clearly not having the skills they advertise
Unorthodox way of solving Einstein field equations
What does it mean by "d-ism of Leibniz" and "dotage of Newton" in simple English?
Why is Colorado so different politically from nearby states?
Is it possible to kill all life on Earth?
Do marked cards or loaded dice have any mechanical benefit?
How can I determine the spell save DC of a monster/NPC?
Beginner's snake game using PyGame
Will dual-learning in a glider make my airplane learning safer?
Is there any Biblical Basis for 400 years of silence between Old and New Testament?
What happens if you do emergency landing on a US base in middle of the ocean?
Is it OK to bring delicacies from hometown as tokens of gratitude for an out-of-town interview?
Does it cost a spell slot to cast a spell from a Ring of Spell Storing?
Responsibility for visa checking
Does any lore text explain why the planes of Acheron, Gehenna, and Carceri are the alignment they are?
Short story written from alien perspective with this line: "It's too bright to look at, so they don't"
How to apply the "glow" effect to a rectangle with tcolorbox?
You've spoiled/damaged the card
Strange math syntax in old basic listing
How to make thick Asian sauces?
Asking bank to reduce APR instead of increasing credit limit
Hygienic footwear for prehensile feet?
What is the right way to float a home lab?
Why was it possible to cause an Apple //e to shut down with SHIFT and paddle button 2?
Centos 7 with SElinux: openvpn and DNS
What for is /etc/resolv.conf needed in newest Centos and Fedora?enabling CentOS selinuxopenvpn multiple instances route issue?openvpn: connection established, can't ping server tun interface (debian server, windows & os x clients)OpenVPN SELinux Permission DeniedCentos 7 and OpenVPN: how make them friends?SELinux on CentOS not workingOpenvpn server can ping via IP but not via hostnamecentos 7 & SELinux & ldconfigCentOS with SELinux, systemd and stunnelSELinux corrupted? Now unable to boot CentOS 7 with SELinux enabled
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm trying to use openvpn as client on centos 7. It works fine, but i cannot get DNS from server. As you know, there is no resolvconf in new Centos, so, standard update-resolv-conf script doesn't work.
I rewrite it slightly:
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
set -e
## You might need to set the path manually here, i.e.
# RESOLVCONF=/usr/bin/resolvconf
#RESOLVCONF=$(which resolvconf)
#[ -x $RESOLVCONF ] || exit 0
#IPv4 ONLY!
NMCLI=/usr/bin/nmcli #$(which nmcli)
SYSTEMCTL=/usr/bin/systemctl #$(which systemctl)
[ -x $NMCLI ] || exit 0
[ -x $SYSTEMCTL ] || exit 0
#testing version for running from console
active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "tun" | head -1)
#it must be something like
#active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "$dev" | head -1)
active_con=$(echo $active_con_dev | awk 'print $1' FS=":")
active_dev=$(echo $active_con_dev | awk 'print $2' FS=":")
dns_list_file=/etc/openvpn/dns_list
case $script_type in
up)
#we take first active connection and device (but not tun devices. I don't know either NM can show it or no)
for optionname in $!foreign_option_* ; do
option="$!optionname"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
R=""
for DS in $IF_DNS_SEARCH ; do
# R="$Rsearch $DS"
R="$R$DS"
done
for NS in $IF_DNS_NAMESERVERS ; do
# R="$Rnameserver $NS"
R="$R$NS"
done
echo "$R" > "$dns_list_file"
#ipv4 only
#we must check existence of DNS, but I'm too lazy now
$NMCLI con mod $active_con +ipv4.dns "$R"
$SYSTEMCTL restart NetworkManager
#echo -n "$R" | $RESOLVCONF -p -a "$dev"
#echo -n "$R" | $RESOLVCONF -a "$dev.inet"
;;
down)
dns_list=$(echo "$dns_list_file")
if [ ! -z "$dns_list" -a "$dns_list" != " " ]; then
#we must check existence of this dns, but I'm too lazy now
$NMCLI con mod $active_con -ipv4.dns "$dns_list"
$SYSTEMCTL restart NetworkManager
fi
#$RESOLVCONF -d "$dev.inet"
;;
esac
I don't sure about search servers, but in case of nameservers only it works. Again, it must be tested with multiple servers (i didn't do it).
So, it can add DNS to your connection. But it does not work with SElinux when you run it from systemctl (systemctl start openvpn@config.service).
There are such strings in /var/log/audit.log:
type=AVC msg=audit(1414759817.198:2963): avc: denied execute for pid=1827 comm="update-resolv-c" name="systemctl" dev="dm-1" ino=787169
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
I must write policy for SElinux. Ok, but is there some more user friendly way to set up DNS? May be maintainers of packages and developers of RedHat/Centos thought about openvpn DNS, but i don't know about it?
domain-name-system centos openvpn selinux centos7
edited Apr 13 '17 at 12:14
Community♦
1
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
add a comment |
I'm trying to use openvpn as client on centos 7. It works fine, but i cannot get DNS from server. As you know, there is no resolvconf in new Centos, so, standard update-resolv-conf script doesn't work.
I rewrite it slightly:
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
set -e
## You might need to set the path manually here, i.e.
# RESOLVCONF=/usr/bin/resolvconf
#RESOLVCONF=$(which resolvconf)
#[ -x $RESOLVCONF ] || exit 0
#IPv4 ONLY!
NMCLI=/usr/bin/nmcli #$(which nmcli)
SYSTEMCTL=/usr/bin/systemctl #$(which systemctl)
[ -x $NMCLI ] || exit 0
[ -x $SYSTEMCTL ] || exit 0
#testing version for running from console
active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "tun" | head -1)
#it must be something like
#active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "$dev" | head -1)
active_con=$(echo $active_con_dev | awk 'print $1' FS=":")
active_dev=$(echo $active_con_dev | awk 'print $2' FS=":")
dns_list_file=/etc/openvpn/dns_list
case $script_type in
up)
#we take first active connection and device (but not tun devices. I don't know either NM can show it or no)
for optionname in $!foreign_option_* ; do
option="$!optionname"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
R=""
for DS in $IF_DNS_SEARCH ; do
# R="$Rsearch $DS"
R="$R$DS"
done
for NS in $IF_DNS_NAMESERVERS ; do
# R="$Rnameserver $NS"
R="$R$NS"
done
echo "$R" > "$dns_list_file"
#ipv4 only
#we must check existence of DNS, but I'm too lazy now
$NMCLI con mod $active_con +ipv4.dns "$R"
$SYSTEMCTL restart NetworkManager
#echo -n "$R" | $RESOLVCONF -p -a "$dev"
#echo -n "$R" | $RESOLVCONF -a "$dev.inet"
;;
down)
dns_list=$(echo "$dns_list_file")
if [ ! -z "$dns_list" -a "$dns_list" != " " ]; then
#we must check existence of this dns, but I'm too lazy now
$NMCLI con mod $active_con -ipv4.dns "$dns_list"
$SYSTEMCTL restart NetworkManager
fi
#$RESOLVCONF -d "$dev.inet"
;;
esac
I don't sure about search servers, but in case of nameservers only it works. Again, it must be tested with multiple servers (i didn't do it).
So, it can add DNS to your connection. But it does not work with SElinux when you run it from systemctl (systemctl start openvpn@config.service).
There are such strings in /var/log/audit.log:
type=AVC msg=audit(1414759817.198:2963): avc: denied execute for pid=1827 comm="update-resolv-c" name="systemctl" dev="dm-1" ino=787169
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
I must write policy for SElinux. Ok, but is there some more user friendly way to set up DNS? May be maintainers of packages and developers of RedHat/Centos thought about openvpn DNS, but i don't know about it?
domain-name-system centos openvpn selinux centos7
edited Apr 13 '17 at 12:14
Community♦
1
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
Where did you get this script? OpenVPN has no problems to edit the resolv.conf file by itself.
– Michael Hampton♦
Oct 31 '14 at 10:29
I get it in archwiki. Same script is used in Ubuntu. No, it doesn't work. I have addedscript-security 2in config, but there is no my dns in resolv.conf.
– ckorzhik
Oct 31 '14 at 10:48
add a comment |
I'm trying to use openvpn as client on centos 7. It works fine, but i cannot get DNS from server. As you know, there is no resolvconf in new Centos, so, standard update-resolv-conf script doesn't work.
I rewrite it slightly:
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
set -e
## You might need to set the path manually here, i.e.
# RESOLVCONF=/usr/bin/resolvconf
#RESOLVCONF=$(which resolvconf)
#[ -x $RESOLVCONF ] || exit 0
#IPv4 ONLY!
NMCLI=/usr/bin/nmcli #$(which nmcli)
SYSTEMCTL=/usr/bin/systemctl #$(which systemctl)
[ -x $NMCLI ] || exit 0
[ -x $SYSTEMCTL ] || exit 0
#testing version for running from console
active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "tun" | head -1)
#it must be something like
#active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "$dev" | head -1)
active_con=$(echo $active_con_dev | awk 'print $1' FS=":")
active_dev=$(echo $active_con_dev | awk 'print $2' FS=":")
dns_list_file=/etc/openvpn/dns_list
case $script_type in
up)
#we take first active connection and device (but not tun devices. I don't know either NM can show it or no)
for optionname in $!foreign_option_* ; do
option="$!optionname"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
R=""
for DS in $IF_DNS_SEARCH ; do
# R="$Rsearch $DS"
R="$R$DS"
done
for NS in $IF_DNS_NAMESERVERS ; do
# R="$Rnameserver $NS"
R="$R$NS"
done
echo "$R" > "$dns_list_file"
#ipv4 only
#we must check existence of DNS, but I'm too lazy now
$NMCLI con mod $active_con +ipv4.dns "$R"
$SYSTEMCTL restart NetworkManager
#echo -n "$R" | $RESOLVCONF -p -a "$dev"
#echo -n "$R" | $RESOLVCONF -a "$dev.inet"
;;
down)
dns_list=$(echo "$dns_list_file")
if [ ! -z "$dns_list" -a "$dns_list" != " " ]; then
#we must check existence of this dns, but I'm too lazy now
$NMCLI con mod $active_con -ipv4.dns "$dns_list"
$SYSTEMCTL restart NetworkManager
fi
#$RESOLVCONF -d "$dev.inet"
;;
esac
I don't sure about search servers, but in case of nameservers only it works. Again, it must be tested with multiple servers (i didn't do it).
So, it can add DNS to your connection. But it does not work with SElinux when you run it from systemctl (systemctl start openvpn@config.service).
There are such strings in /var/log/audit.log:
type=AVC msg=audit(1414759817.198:2963): avc: denied execute for pid=1827 comm="update-resolv-c" name="systemctl" dev="dm-1" ino=787169
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
I must write policy for SElinux. Ok, but is there some more user friendly way to set up DNS? May be maintainers of packages and developers of RedHat/Centos thought about openvpn DNS, but i don't know about it?
domain-name-system centos openvpn selinux centos7
edited Apr 13 '17 at 12:14
Community♦
1
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
I'm trying to use openvpn as client on centos 7. It works fine, but i cannot get DNS from server. As you know, there is no resolvconf in new Centos, so, standard update-resolv-conf script doesn't work.
I rewrite it slightly:
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
set -e
## You might need to set the path manually here, i.e.
# RESOLVCONF=/usr/bin/resolvconf
#RESOLVCONF=$(which resolvconf)
#[ -x $RESOLVCONF ] || exit 0
#IPv4 ONLY!
NMCLI=/usr/bin/nmcli #$(which nmcli)
SYSTEMCTL=/usr/bin/systemctl #$(which systemctl)
[ -x $NMCLI ] || exit 0
[ -x $SYSTEMCTL ] || exit 0
#testing version for running from console
active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "tun" | head -1)
#it must be something like
#active_con_dev=$($NMCLI -t -f NAME,DEVICE con show --active | grep "$dev" | head -1)
active_con=$(echo $active_con_dev | awk 'print $1' FS=":")
active_dev=$(echo $active_con_dev | awk 'print $2' FS=":")
dns_list_file=/etc/openvpn/dns_list
case $script_type in
up)
#we take first active connection and device (but not tun devices. I don't know either NM can show it or no)
for optionname in $!foreign_option_* ; do
option="$!optionname"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
R=""
for DS in $IF_DNS_SEARCH ; do
# R="$Rsearch $DS"
R="$R$DS"
done
for NS in $IF_DNS_NAMESERVERS ; do
# R="$Rnameserver $NS"
R="$R$NS"
done
echo "$R" > "$dns_list_file"
#ipv4 only
#we must check existence of DNS, but I'm too lazy now
$NMCLI con mod $active_con +ipv4.dns "$R"
$SYSTEMCTL restart NetworkManager
#echo -n "$R" | $RESOLVCONF -p -a "$dev"
#echo -n "$R" | $RESOLVCONF -a "$dev.inet"
;;
down)
dns_list=$(echo "$dns_list_file")
if [ ! -z "$dns_list" -a "$dns_list" != " " ]; then
#we must check existence of this dns, but I'm too lazy now
$NMCLI con mod $active_con -ipv4.dns "$dns_list"
$SYSTEMCTL restart NetworkManager
fi
#$RESOLVCONF -d "$dev.inet"
;;
esac
I don't sure about search servers, but in case of nameservers only it works. Again, it must be tested with multiple servers (i didn't do it).
So, it can add DNS to your connection. But it does not work with SElinux when you run it from systemctl (systemctl start openvpn@config.service).
There are such strings in /var/log/audit.log:
type=AVC msg=audit(1414759817.198:2963): avc: denied execute for pid=1827 comm="update-resolv-c" name="systemctl" dev="dm-1" ino=787169
scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
I must write policy for SElinux. Ok, but is there some more user friendly way to set up DNS? May be maintainers of packages and developers of RedHat/Centos thought about openvpn DNS, but i don't know about it?
domain-name-system centos openvpn selinux centos7
domain-name-system centos openvpn selinux centos7
edited Apr 13 '17 at 12:14
Community♦
1
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
edited Apr 13 '17 at 12:14
Community♦
1
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
1
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
asked Oct 31 '14 at 8:57
ckorzhikckorzhik
1053
1053
Where did you get this script? OpenVPN has no problems to edit the resolv.conf file by itself.
– Michael Hampton♦
Oct 31 '14 at 10:29
I get it in archwiki. Same script is used in Ubuntu. No, it doesn't work. I have addedscript-security 2in config, but there is no my dns in resolv.conf.
– ckorzhik
Oct 31 '14 at 10:48
add a comment |
Where did you get this script? OpenVPN has no problems to edit the resolv.conf file by itself.
– Michael Hampton♦
Oct 31 '14 at 10:29
I get it in archwiki. Same script is used in Ubuntu. No, it doesn't work. I have addedscript-security 2in config, but there is no my dns in resolv.conf.
– ckorzhik
Oct 31 '14 at 10:48
Where did you get this script? OpenVPN has no problems to edit the resolv.conf file by itself.
– Michael Hampton♦
Oct 31 '14 at 10:29
Where did you get this script? OpenVPN has no problems to edit the resolv.conf file by itself.
– Michael Hampton♦
Oct 31 '14 at 10:29
I get it in archwiki. Same script is used in Ubuntu. No, it doesn't work. I have added
script-security 2 in config, but there is no my dns in resolv.conf.– ckorzhik
Oct 31 '14 at 10:48
I get it in archwiki. Same script is used in Ubuntu. No, it doesn't work. I have added
script-security 2 in config, but there is no my dns in resolv.conf.– ckorzhik
Oct 31 '14 at 10:48
add a comment |
1 Answer
1
active
oldest
votes
Try this commands:
$ mkdir /etc/openvpn/scripts
$ mv /etc/openvpn/update-resolv-conf /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/update-resolv-conf
$ setsebool openvpn_run_unconfined on
$ nano -w /etc/openvpn/config.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
$ systemctl start openvpn@config.service
$ systemctl status openvpn@config.service
answered Nov 23 '14 at 0:19
WakkoWakko
1
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f641082%2fcentos-7-with-selinux-openvpn-and-dns%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Try this commands:
$ mkdir /etc/openvpn/scripts
$ mv /etc/openvpn/update-resolv-conf /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/update-resolv-conf
$ setsebool openvpn_run_unconfined on
$ nano -w /etc/openvpn/config.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
$ systemctl start openvpn@config.service
$ systemctl status openvpn@config.service
answered Nov 23 '14 at 0:19
WakkoWakko
1
add a comment |
Try this commands:
$ mkdir /etc/openvpn/scripts
$ mv /etc/openvpn/update-resolv-conf /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/update-resolv-conf
$ setsebool openvpn_run_unconfined on
$ nano -w /etc/openvpn/config.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
$ systemctl start openvpn@config.service
$ systemctl status openvpn@config.service
answered Nov 23 '14 at 0:19
WakkoWakko
1
add a comment |
Try this commands:
$ mkdir /etc/openvpn/scripts
$ mv /etc/openvpn/update-resolv-conf /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/update-resolv-conf
$ setsebool openvpn_run_unconfined on
$ nano -w /etc/openvpn/config.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
$ systemctl start openvpn@config.service
$ systemctl status openvpn@config.service
answered Nov 23 '14 at 0:19
WakkoWakko
1
Try this commands:
$ mkdir /etc/openvpn/scripts
$ mv /etc/openvpn/update-resolv-conf /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/
$ restorecon -v /etc/openvpn/scripts/update-resolv-conf
$ setsebool openvpn_run_unconfined on
$ nano -w /etc/openvpn/config.conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2
$ systemctl start openvpn@config.service
$ systemctl status openvpn@config.service
answered Nov 23 '14 at 0:19
WakkoWakko
1
answered Nov 23 '14 at 0:19
WakkoWakko
1
answered Nov 23 '14 at 0:19
WakkoWakko
1
answered Nov 23 '14 at 0:19
WakkoWakko
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f641082%2fcentos-7-with-selinux-openvpn-and-dns%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
kb,gI7nC1ZubMfSUX,Mjlb1CEUJwLMu7xH0Ua QOwy5ipnIFZHwKWG1 Eg6Kj Cr6ehe84gEUOjD4
Where did you get this script? OpenVPN has no problems to edit the resolv.conf file by itself.
– Michael Hampton♦
Oct 31 '14 at 10:29
I get it in archwiki. Same script is used in Ubuntu. No, it doesn't work. I have added
script-security 2in config, but there is no my dns in resolv.conf.– ckorzhik
Oct 31 '14 at 10:48