Ubuntu
network-manager package

[vivid] VPN connection breaks /etc/resolv.conf

Bug #1430077 reported by Steve Langasek on 2015-03-10

30

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	network-manager (Ubuntu)	Confirmed	High	Unassigned

Bug Description

After some recent update in vivid, connecting to my employer's VPN with network-manager-openvpn has resulted in broken name resolution. Previously, the VPN-provided nameserver setting would be pushed into the config of the dnsmasq run by NM. Now, it is being pushed instead to /etc/resolv.conf.

nameserver 10.99.244.1
nameserver 127.0.1.1

This is breaking the DNS handling for libvirt-bin, which has its own forwarding dnsmasq instance which it expects to be able to talk to the first nameserver listed here. The nameserver in question does not work (and is not meant to be used) for any name lookups except company-internal domains.

Connecting to the VPN also pushes search paths to /etc/resolv.conf - overriding the search domains that I have already configured, and which should take precedence. (This part is not a regression.) I understand that the purpose of these provided domains is to specify the domains for which DNS lookups should be forwarded to the VPN DNS server, and *not* to modify the system's DNS lookups for non-FQDN requests.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: network-manager 0.9.10.0-4ubuntu9
ProcVersionSignature: Ubuntu 3.19.0-7.7-generic 3.19.0
Uname: Linux 3.19.0-7-generic x86_64
ApportVersion: 2.16.2-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Mar 9 17:16:05 2015
InstallationDate: Installed on 2010-09-24 (1627 days ago)
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true
WWanEnabled=true
SourcePackage: network-manager
UpgradeStatus: Upgraded to vivid on 2014-12-06 (93 days ago)
nmcli-nm: Error: command ['nmcli', '-f', 'all', 'nm'] failed with exit code 2: Error: Object 'nm' is unknown, try 'nmcli help'.

Tags:

Revision history for this message

Steve Langasek (vorlon) wrote on 2015-03-10:

#1

CRDA.txt Edit (238 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (9.2 KiB, text/plain; charset="utf-8")
IfupdownConfig.txt Edit (574 bytes, text/plain; charset="utf-8")
IpAddr.txt Edit (3.6 KiB, text/plain; charset="utf-8")
IpRoute.txt Edit (4.7 KiB, text/plain; charset="utf-8")
IwConfig.txt Edit (723 bytes, text/plain; charset="utf-8")
NetDevice.eth1.txt Edit (931 bytes, text/plain; charset="utf-8")
NetDevice.lo.txt Edit (247 bytes, text/plain; charset="utf-8")
NetDevice.lxcbr0.txt Edit (407 bytes, text/plain; charset="utf-8")
NetDevice.tun0.txt Edit (364 bytes, text/plain; charset="utf-8")
NetDevice.tun1.txt Edit (366 bytes, text/plain; charset="utf-8")
NetDevice.virbr0.txt Edit (407 bytes, text/plain; charset="utf-8")
NetDevice.virbr0-nic.txt Edit (406 bytes, text/plain; charset="utf-8")
NetDevice.vnet0.txt Edit (388 bytes, text/plain; charset="utf-8")
NetDevice.wlan2.txt Edit (996 bytes, text/plain; charset="utf-8")
NetworkManager.conf.txt Edit (75 bytes, text/plain; charset="utf-8")
PciNetwork.txt Edit (1.2 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (313 bytes, text/plain; charset="utf-8")
RfKill.txt Edit (128 bytes, text/plain; charset="utf-8")
WifiSyslog.txt Edit (802.0 KiB, text/plain; charset="utf-8")
nmcli-con.txt Edit (118.1 KiB, text/plain; charset="utf-8")
nmcli-dev.txt Edit (1.7 KiB, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-03-25:

#2

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager (Ubuntu):
status:	New → Confirmed

Alberto Salvia Novella (es20490446e) on 2015-03-25

Changed in network-manager (Ubuntu):
importance:	Undecided → High

Revision history for this message

Oscar Tiderman (oscar-tiderman) wrote on 2015-04-30:

#3

I'm unable to connect to a openvpn server after upgradeing to vivid, other computers can connect just fine. I'm also able to connect to other openvpn servers from vivd without issues

Revision history for this message

Thomas Hood (jdthood) wrote on 2015-06-05:

#4

Should this be reassigned to network-manager-openvpn?

Revision history for this message

Thomas Hood (jdthood) wrote on 2015-06-05:

#5

> Now, it is being pushed instead to /etc/resolv.conf.
>
> nameserver 10.99.244.1
> nameserver 127.0.1.1
>
> [...]
> Connecting to the VPN also pushes search paths to /etc/resolv.conf - overriding the search
> domains that I have already configured, and which should take precedence.

Is this being done in NM itself, i.e., does NM send these two addresses in this order to resolvconf? Or does something else send the 10.99.244.1 address to resolvconf? Or does something else write directly to /etc/resolv.conf?

> This is breaking the DNS handling for libvirt-bin, which has its own forwarding dnsmasq
> instance which it expects to be able to talk to the first nameserver listed here.

(As an aside, you may be interested in the discussion at #1163147. It is proposed there that the forwarding dnsmasq instance for libvirt compile its nameserver list using a resolvconf hook script, in the same manner as the plain dnsmasq does. Then if it is configured to listen on some loopback address it can be used on the host system to look up names of vm guests as well as other names.)

> The nameserver in question does not work (and is not meant to be used) for any name
> lookups except company-internal domains.

Ah, so the VPN nameserver does not provide general DNS service; you rely on dnsmasq to route queries.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.