OpenVPN comes with example-scripts to update /etc/resolv.conf using “resolvconf” or systemd-resolvconf. I don’t use one of them therefore I modified the script so that it simply changes /etc/resolv.conf directly. I placed a variable “IMMUTEABLE” in this script. If IMMUTEABLE is set to 1, this script will change the fileattribute of /etc/resolv.conf to immuteable. In that way it is possible to prevent other programms like dhcp-clients to change /etc/resolv.conf while openvpn is running. I know, it’s a little bit hacky, but it works for me. The full source can be downloaded at github.com.
26 December 2019
Linux Programming Sysadmin Bash openssl Security Tricks Downloads 