Solution

Why OpenVPN update-resolv-conf is not working

Troubleshoot login files, CRLF script issues, and Ubuntu systemd-resolved behavior when private DNS is expected over OpenVPN.

Updated 2026-03-26

Problem statement

Why can OpenVPN connect but internal domains still fail to resolve?

The tunnel can be up while DNS still fails if the helper script is not executable, was saved with CRLF line endings, or the host is still managed by systemd-resolved instead of a plain resolv.conf file.

The fix is to confirm the hook script can run, normalize line endings, and on Ubuntu verify DNS behavior with resolvectl instead of assuming /etc/resolv.conf tells the full story.

What to check

Check line endings on update-resolv-conf.
Confirm the script is executable by OpenVPN.
Use resolvectl status on Ubuntu to inspect real DNS state.

Parent topic

Set up OpenVPN client access on Ubuntu and CentOS 7 hosts, keep login files in the expected place, and handle DNS switching safely when private domains depend on the tunnel.

Open topic

Recommended scripts

install_openvpn_client_ubuntu.sh

A helper.sh-hosted Ubuntu OpenVPN client installer that checks for local client.conf and login.txt, installs OpenVPN, optionally copies a local update-resolv-conf helper, and enables a systemd client service.

One-liner

curl -fsSL helper.sh/install_openvpn_client_ubuntu.sh | sudo bash

Read docs

Install an OpenVPN client on Ubuntu with local client.conf and login.txt checks

A practical guide to using install_openvpn_client_ubuntu.sh to install OpenVPN, verify local client files, optionally copy update-resolv-conf, and enable the openvpn-client@client service on Ubuntu.

Read article