1

I can update my bind server with nsupdate when I start my script directly from the terminal. However when I start the script it from inside openvpn then I get a time out error: Communication with 1xx.xxx.x.x#53 failed: timed out.

The key is found.

The port 53 is open for udp and tcp. In my named.conf I tried the option listen-on port 53 { any; };.

I start it from terminal with ./nsupdate-both.sh. From inside OPENVPN I tried both the up and the ipchange hooks. Openvpn client config:

script-security 2
ipchange /etc/openvpn/nsupdate-both.sh ;

Anyone has an idea why its working directly from terminal, but not from openvpn?

Lacek
  • 7,233
  • 24
  • 28
EafinaStorm
  • 11
  • 1

1 Answers1

1

Both the ipchange and the up hooks are run before any routes pulled from the server. Any script which runs in those hooks and tries to access a VPN resource will fail because the routing is not set up yet.

Use the route-up hook, that runs after the routes are applied, and the VPN resources are available.

Lacek
  • 7,233
  • 24
  • 28
  • Unfortunalety that `route-up` hook also returns the same error - connection timed out. Maybe Openvpn does not have the right to send the update to port 53? – EafinaStorm Apr 11 '23 at 13:18