Hacker News new | ask | show | jobs
by vetinari 610 days ago
This is something I always wondered about: why so many linux users always take the hard way?

They have two options: a) use the mouse-friendly way in NetworkManager to configure their VPN client (yes, it handles VPN DNS too; if you have systemd-resolved, it can also do split-horizon DNS over specific links) or b) funble around with tools and scripts they have no idea how they work, complain how complicated it is, and either get lucky so it works somehow or break their system entirely.

With a current desktop linux system, they should take the option a). They can use command line if they insist, nmcli is also here.
2 comments
godelski 610 days ago
The mouse is the hard way.

OP could have solved their problem by rtfming... It is literally the first paragraph on DNS. We're talking about "turn it off and on again" style issues.

Before you reach for GPT, check the man pages and check the Arch wiki, you'll save a lot of time and get more information.

https://wiki.archlinux.org/title/OpenVPN#DNS

link
vetinari 610 days ago
We probably have different ideas about what constitutes the hard way; but that's not the point in this thread.

Anyway, NetworkManager can be managed using cli for those that insist, so all that was needed was:

    nmcli connection import type openvpn file <filename.ovpn>
Even Arch wiki says:

> By default networkmanager-openvpn plugin appends DNS servers provided by OpenVPN to /etc/resolv.conf.

(which is not really true. Yes, it does the right thing with DNS info, but the specific action depends on the resolver backend NetworkManager is configured to use; for systemd-resolved and dnsmasq it configures these services instead).

link
godelski 610 days ago
I saw the cli is the easy way because it lets you do more. The barrier to entry is higher, yes, but if you're willing to get through that, things become easier. And by easier I mean take less time and get better results as well as easier to find solutions[0].

  > Arch wiki
It looks like their solution was following the config in 9.3. So this is why I made a snipe at reaching for GPT when the Wiki is there.

[0] The analogy I'll give is that often a novice works harder than an expert when doing the same task, even if the task is simple. This is often because the expert is doing very minute things that they might not even notice that they can leverage. I know coders rock climb, so I'll use that as an example: this may be something like a subtle finger placement or how center of gravity is placed. The practiced person has more strength, but they will literally use less energy to get up a wall than a novice (and then it can be easy to overestimate what a novice can do because they judge what energy they use)

link
wruza 610 days ago
I think I did exactly that on my servers and had no dns issues. Just dropped an .ovpn into it.
link