DNS not working for OpenVPN Client

On another server, I created an OpenVPN client. I exported the client and tested it on multiple operating systems, including Qubes. It works perfectly on Xubuntu and other systems. But on Qubes, the client can’t resolve domain names; it can access sites only by IP address.

I’ve tested the client two ways in Qubes. The first way, in a domain VM, was in a command terminal with sudo openvpn --config <file-name.ovpn>. I also tried changing /etc/resolv.conf in the domain VM to use the WAN address of the VPN server as DNS. The server has its own DNS resolver, but this still didn’t fix it in Qubes.

The second way I tried was with a ProxyVM. The client still could reach IP addresses but not resolve domain names.

Why would the VPN client get DNS resolution on other operating systems but not Qubes?

How are you handling DNS? In Qubes, if the Proxy/NetVM decides to use its own DNS servers, as is the case for a VPN, there needs to be provisions to redirect the special DNS IP address used by downstream qubes to the right host.

See the /rw/config/vpn/qubes-vpn-handler.sh script within the Qubes-Community How To make a VPN Gateway in Qubes document. Specifically, you’ll want to observe the iptables1 commands that modify the PR-QBS chain.

Alternatively, give the qubes-tunnel package from the contrib repo a try, as it does this for you: GitHub - QubesOS-contrib/qubes-tunnel: Integration of vpn tunnels for Qubes OS

One additional note: if there’s a downstream AppVM directly connected to your OpenVPN qube AND has Qubes Firewall rules in place, it would be best to have a ProxyVM in-between to enforce the firewall rules. Otherwise, DNS-related firewall rules may get out of sync.