Remote VPN is pfSense 2.3.2 From syslog, expurgated (but not tampered with, no real secrets here): :: Here's the WiFi coming up (showing local LAN) :: Nov 23 19:06:41 rukbat dhclient[2169]: DHCPACK of 192.168.33.117 from 192.168.33.1 Nov 23 19:06:41 rukbat NetworkManager[1216]: [1479881201.2161] address 192.168.33.117 Nov 23 19:06:41 rukbat NetworkManager[1216]: [1479881201.2161] plen 24 (255.255.255.0) ... Nov 23 19:06:41 rukbat NetworkManager[1216]: [1479881201.2161] nameserver '192.168.33.1' ... Nov 23 19:06:41 rukbat NetworkManager[1216]: [1479881201.2162] dhcp4 (wlo1): state changed unknown -> bound ... Nov 23 19:06:41 rukbat systemd-resolved[1282]: Switching to system DNS server 127.0.1.1. ... :: Then here is the VPN coming up for the FIRST time :: .. Nov 23 19:06:45 rukbat NetworkManager[1216]: [1479881205.3847] audit: op="connection-activate" uuid="b53b592d-724d-44bf-a2c4-b7fe818add43" name="Berlin VPN" pid=1979 uid=1000 result="success" Nov 23 19:06:45 rukbat NetworkManager[1216]: [1479881205.3893] vpn-connection[0x55cd7969d200,b53b592d-724d-44bf-a2c4-b7fe818add43,"Berlin VPN",0]: Started the VPN service, PID 2379 Nov 23 19:06:45 rukbat NetworkManager[1216]: [1479881205.3952] vpn-connection[0x55cd7969d200,b53b592d-724d-44bf-a2c4-b7fe818add43,"Berlin VPN",0]: Saw the service appear; activating connection .. Nov 23 19:06:57 rukbat NetworkManager[1216]: [1479881217.9795] dns-mgr: Writing DNS information to /sbin/resolvconf Nov 23 19:06:57 rukbat dnsmasq[2179]: setting upstream servers from DBus Nov 23 19:06:57 rukbat dnsmasq[2179]: using nameserver 192.168.33.1#53(via wlo1) Nov 23 19:06:57 rukbat dnsmasq[2179]: using nameserver fd00::a96:d7ff:feb9:dbe7#53(via wlo1) Nov 23 19:06:57 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain csl Nov 23 19:06:57 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain 26.70.168.192.in-addr.arpa Nov 23 19:06:57 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain 68.168.192.in-addr.arpa Nov 23 19:06:57 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain 70.168.192.in-addr.arpa ... Nov 23 19:07:04 rukbat systemd-timesyncd[990]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com). Nov 23 19:07:04 rukbat systemd-resolved[1282]: Using degraded feature set (UDP) for DNS server 127.0.1.1. :: Now I disconnect from the VPN :: Nov 23 19:07:18 rukbat NetworkManager[1216]: [1479881238.8632] audit: op="connection-deactivate" uuid="b53b592d-724d-44bf-a2c4-b7fe818add43" name="Berlin VPN" pid=1979 uid=1000 result="success" Nov 23 19:07:18 rukbat NetworkManager[1216]: [1479881238.8635] dns-mgr: Writing DNS information to /sbin/resolvconf Nov 23 19:07:18 rukbat dnsmasq[2179]: setting upstream servers from DBus Nov 23 19:07:18 rukbat dnsmasq[2179]: using nameserver 192.168.33.1#53(via wlo1) ... Nov 23 19:07:23 rukbat NetworkManager[1216]: nm-openvpn[2379] openvpn[2382] exited with success Nov 23 19:07:23 rukbat nm-dispatcher: req:2 'down' [tun0]: start running ordered scripts... :: And now reconnecting again :: Nov 23 19:07:27 rukbat NetworkManager[1216]: [1479881247.5836] audit: op="connection-activate" uuid="b53b592d-724d-44bf-a2c4-b7fe818add43" name="Berlin VPN" pid=1979 uid=1000 result="success" ... Nov 23 19:07:34 rukbat NetworkManager[1216]: [1479881254.6596] dns-mgr: Writing DNS information to /sbin/resolvconf Nov 23 19:07:34 rukbat dnsmasq[2179]: setting upstream servers from DBus Nov 23 19:07:34 rukbat dnsmasq[2179]: using nameserver 192.168.33.1#53(via wlo1) Nov 23 19:07:34 rukbat dnsmasq[2179]: using nameserver fd00::a96:d7ff:feb9:dbe7#53(via wlo1) Nov 23 19:07:34 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain csl Nov 23 19:07:34 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain 26.70.168.192.in-addr.arpa Nov 23 19:07:34 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain 68.168.192.in-addr.arpa Nov 23 19:07:34 rukbat dnsmasq[2179]: using nameserver 192.168.68.1#53 for domain 70.168.192.in-addr.arpa ... Nov 23 19:07:34 rukbat NetworkManager[1216]: [1479881254.7035] device (tun0): Activation: successful, device activated. I know I've left quite a bit out but none of it appears to be DNS related - and my point is that there is no obvious difference between syslog entries for the first and second connections.