Dietpi-vpn no name resolution (Proton VPN) - can't ping domain names

Troubleshooting
,
1

Dietpi-vpn using custom option through ProtonVPN does not seem to provide name resolution.

I’m connected, but it shows no up or down traffic, and I can only ping ip addresses, not domain names.

Required Information

  • DietPi version | cat /boot/dietpi/.version
    G_DIETPI_VERSION_CORE=9
    G_DIETPI_VERSION_SUB=19
    G_DIETPI_VERSION_RC=2
    G_GITBRANCH=‘master’
    G_GITOWNER=‘MichaIng’
  • Distro version | echo $G_DISTRO_NAME $G_RASPBIAN
    trixie 0
  • Kernel version | uname --all
    Linux PiZero2W 6.12.47+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.12.47-1+rpt1 (2025-09-16) aarch64 GNU/Linux
  • Architecture | dpkg --print-architecture
    arm64
  • SBC model | echo $G_HW_MODEL_NAME or (EG: RPi3)
    RPi Zero 2 W (aarch64)
  • Power supply used | (EG: 5V 1A RAVpower)
    5V 1A
  • SD card used | (EG: SanDisk ultra)
    Samsung

Steps to reproduce

  1. SSH into the PI as root, and Launch dietpi-vpn

  2. Select ‘ProtonVPN : Connect to ProtonVPN’

  3. Error log message: ‘curl: (22) The requested URL returned error: 400’
    My understanding is that the API is no longer available / login credentials method has changed?

  4. OK. Forget that then, and exit. I’ll try the custom option instead…

  5. Login to ProtonVPN account via a the web browser on the PC

  6. Go to ‘Downloads’ and scroll down to ‘OpenVPN configuration files‘

  7. Select platform as ‘GNU/Linux‘, Protocol as ‘UDP‘, and select config file to download as ‘Standard server configs‘

  8. Back on the Pi:

  9. Launch dietpi-vpn again, and select ‘Custom : Use your own .ovpn file‘

  10. Don’t know how to get the file when asked to browse for it, so exit.

  11. Open a blank text file with nano temp.ovpn

  12. On the PC, open and copy the downloaded ovpn file.

  13. Paste into nano in the terminal window (Ctrl+Shift+V)

  14. Ctrl X. Y, Enter - to exit and save

  15. Run dietpi-vpn again again

  16. Select ‘Custom : Use your own .ovpn file‘

  17. Browse to /root directory and select the temp.ovpn file

  18. Enter the Username and Password found in the ProtonVPN account (Account > OpenVPN / IKEv2 username)

  19. Select ‘Apply : Save settings and restart VPN connection‘ (leaving all the other settings alone)

  20. Get shown the message ‘Note that IPv6 will be disabled when VPN is connected, to prevent IPv6 leakage.‘ Hit OK

  21. Some stuff then runs in the terminal to install/configure the things it needs

  22. Then shown the same dietpi-vpn page again

  23. WAN IP : curl: (28) Resolving timed out after 3000 milliseconds │
    │ State : Connected │
    │ Traffic : Sent = 0 MiB | Received = 0 MiB

  24. Exit, and the last few lines in the terminal are:
    [ OK ] DietPi-VPN | APT install openvpn
    [ OK ] DietPi-VPN | systemctl restart dietpi-vpn
    [ OK ] DietPi-VPN | Connection established: XXX.XX.XXX.X←I’ve X’d out the IP

  25. ping -c 3 dietpi.com responds with:
    ping: dietpi.com: Temporary failure in name resolution

  26. Ping dietpi.com from another machine to get the IP address, and try again on the Pi:

    root@PiZero2W:~# ping -c 3 104.26.8.98
PING 104.26.8.98 (104.26.8.98) 56(84) bytes of data.
64 bytes from 104.26.8.98: icmp_seq=1 ttl=57 time=22.8 ms
64 bytes from 104.26.8.98: icmp_seq=2 ttl=57 time=23.4 ms
64 bytes from 104.26.8.98: icmp_seq=3 ttl=57 time=22.9 ms

— 104.26.8.98 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 22.845/23.044/23.399/0.251 ms

  27. So I can get out via the VPN, but there’s no name resolution. DNS issue?

  28. OK, so I compare the original ovpn file with the one dietpi-vpn created and see that the lines in the original file download:
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

    vs. the ones in /etc/openvpn/client.ovpn
    script-security 2
    up /var/lib/dietpi/dietpi-vpn/static_up.sh
    down /var/lib/dietpi/dietpi-vpn/static_down.sh

  29. So look at /etc/openvpn/update-resolv-conf and see a whole load of stuff I don’t understand, but it says it parses DHCP from openvpn to resolv.conf

  30. Is a package called resolv installed?
    root@PiZero2W:/etc/openvpn# resolv --help
    -bash: resolv: command not found

    update-resolv-conf looks like it points to the /sbin directory, but I don’t see it there, so try a few more guesses:
    root@PiZero2W:/sbin# resolvconf --help
    -bash: resolvconf: command not found
    root@PiZero2W:/sbin# resolv-conf --help
    -bash: resolv-conf: command not found

  31. OK, it’s probably not installed. So does up /var/lib/dietpi/dietpi-vpn/static_up.sh do something different instead?

  32. nano /var/lib/dietpi/dietpi-vpn/static_up.sh and it looks like it doesn’t touch DHCP - just deals with disabling IPv6 and iptables if the killswitch is turned on

  33. And this is where I’m at… Should I copy update-resolv-conf into static_up.sh? Presumably I’d need resolv?…

Extra details

  • systemctl status dietpi-vpn shows:

    ● dietpi-vpn.service - VPN Client (DietPi)
Loaded: loaded (/etc/systemd/system/dietpi-vpn.service; disabled; preset: enabled)
Active: active (running) since Mon 2025-12-01 19:46:52 EST; 59min ago
Invocation: 34b2c5c9ab504bc19430e9b829a5c255
Main PID: 1936 (openvpn)
Status: “Initialization Sequence Completed”
Tasks: 1 (limit: 477)
CPU: 351ms
CGroup: /system.slice/dietpi-vpn.service
└─1936 /usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client.ovpn

Dec 01 19:46:54 PiZero2W openvpn[1936]: WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
Dec 01 19:46:54 PiZero2W openvpn[1936]: sitnl_send: rtnl: generic error (-13): Permission denied
Dec 01 19:46:54 PiZero2W openvpn[1936]: ERROR: Linux route add command failed
Dec 01 19:46:54 PiZero2W openvpn[1936]: sitnl_send: rtnl: generic error (-13): Permission denied
Dec 01 19:46:54 PiZero2W openvpn[1936]: ERROR: Linux route add command failed
Dec 01 19:46:54 PiZero2W openvpn[1936]: sitnl_send: rtnl: generic error (-13): Permission denied
Dec 01 19:46:54 PiZero2W openvpn[1936]: ERROR: Linux route add command failed
Dec 01 19:46:54 PiZero2W openvpn[1936]: sitnl_send: rtnl: generic error (-13): Permission denied
Dec 01 19:46:54 PiZero2W openvpn[1936]: ERROR: Linux route add command failed
Dec 01 19:46:54 PiZero2W openvpn[1936]: Initialization Sequence Completed

  • apt install dnsutils
    dig google.com
    ;; communications error to 209.197.128.2#53: timed out
    ;; communications error to 209.197.128.2#53: timed out
    ;; communications error to 209.197.128.2#53: timed out

  • I’ve tried this on 2 different PI Zero 2W’s with fresh installs of Dietpi. No other software installed.

  • My ProtonVPN account works fine on Ubuntu desktop, using their client (and with a paid account)

2

It was suggested I try setting my static DNS to 1.1.1.1 and rebooting (dietpi-config > Network options: Adapters > Wifi > Static DNS). I now get a connection via the VPN and I can ping domain names.

3

So it’s working now?