openconnect VPN is not propagating internal DNS anymore

Which version of Ubuntu are you using? If it is Bionic, could you also try the systemd update of bug 1754671? If this does not help, try downgrading network-manager.

~ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"

Downgrading to the previous network-manager solves the problem

~ apt policy network-manager
network-manager:
  Installed: 1.10.6-2ubuntu1.1
  Candidate: 1.10.14-0ubuntu2
  Version table:
     1.10.14-0ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
 *** 1.10.6-2ubuntu1.1 500
        500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.10.6-2ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

I am afraid I am not smart enough to play with patches and compilation.

Could you also try whether the combination of both the network-manager update (1.10.14) AND the proposed systemd update (237-3ubuntu10.22) of bug 1754671 works for you?

I see no 237-3ubuntu10.22

Unfortunately, the SRU for systemd did not yet get processed. Therefore I have now uploaded this version of systemd to my PPA:

https://launchpad.net/~till-kamppeter/+archive/ubuntu/ppa

Please follow this link, follow the instructions in the section "Adding this PPA to your system", then update your system with the command

sudo apt dist-upgrade

This will update only systemd as I did not upload any other package for Bionic to my PPA.

Make also sure you have the update of network-manager (1.10.14-0ubuntu2) installed. Reboot and check whether everything works correctly now.

No. Does not work for me.

I am rather new to network-manager internals, but could you try the command

sudo nmcli con modify "$COMPANY VPN" ipv4.dns-priority -1 ipv4.dns-search ~.

Does this solve your problem?

1. /etc/systemd/journald.d/noratelimit.conf containing

RateLimitIntervalSec=0
RateLimitBurst=0

2. /etc/NetworkManager/conf.d/debug.conf

[logging]
level=TRACE
domains=ALL

Then restart journald:

sudo systemctl restart systemd-journald

and NetworkManager:

sudo systemctl restart network-manager

Then you get the full debug log of NetworkManager via

journalctl -u NetworkManager

After all that, reboot and/or connect to your VPN and do

journalctl -u NetworkManager > log.txt

and attach the log.txt file to this bug report. Do not compress the file and do not package it together with other files.

Sorry there was a part missing. Let us try again:

Please create the following files (and directories if needed for them):

1. /etc/systemd/journald.d/noratelimit.conf containing

RateLimitIntervalSec=0
RateLimitBurst=0

2. /etc/NetworkManager/conf.d/debug.conf

[logging]
level=TRACE
domains=ALL

Then restart journald:

sudo systemctl restart systemd-journald

and NetworkManager:

sudo systemctl restart network-manager

Then you get the full debug log of NetworkManager via

journalctl -u NetworkManager

After all that, reboot and/or connect to your VPN and do

journalctl -u NetworkManager > log.txt

and attach the log.txt file to this bug report. Do not compress the file and do not package it together with other files.

Can't do anything:

apt policy network-manager
network-manager:
  Installed: 1.10.6-2ubuntu1.1
  Candidate: 1.10.6-2ubuntu1.1
  Version table:
 *** 1.10.6-2ubuntu1.1 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.10.6-2ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

This is old network-manager.

What do you mean with "Can't do anything"? Does your problem now also occur with the old version, too?

What I want to ask you to do is the following:

With network-manager and systemd updated the problem occurs for you. To find a possible solution, install the updates, reboot, and do the following test:

Run

sudo nmcli con modify "$COMPANY VPN" ipv4.dns-priority -1 ipv4.dns-search ~.

and check whether this solves the problem. Tell us your result.

If this does not solve the problem, reboot and follow my instructions in comment #9. Attach the log file you get.

After that, downgrade network-manager to the old version again to get back to a working configuration.

The SRU for systemd has arrived in bionic-proposed (see bug 1754671). Could you make sure that you have installed BOTH the network-manager and systemd SRUs from bionic-proposed (to make sure that I did not perhaps do something wrong with the systemd update in my PPA). Versions should be:

network-manager: 1.10.14-0ubuntu2
systemd: 237-3ubuntu10.22

Note that these packages are only in bionic-proposed, not in the official updates, due to the fact that we need to sort out the regressions. So follow the instructions of installing the proposed packages in bug 1754671, comment #28 and comment #49.

Does this combination solve your problem? Please reboot to make sure that everything gets replaced by the newer versions.

If this still does not help, please follow my instructions in this bug report, comment #7 and comment #9.

Hi.

Doesn't solve an issue for me. No traffic comes via port 53 when making a dig for a private network's host.

Could you then follow the instructions of the comment #7 and comment #9?

Joe_Bishop, we need your cooperation to find out whether our SRU of Network Manager for Bionic (NM 1.10.14) actually has a regression or whether your problem was caused by the missing update of systemd. With this information we can help many other users of Bionic who suffer other bugs and for which we have introduced this SRU.

So I want to ask you whether you could install BOTH the SRUs for systemd and network-manager as I have described in comment #12. Note that network-manager is only in bionic-proposed and not in the official updates, systemd is perhaps already in the update, if not at least in bionic-proposed. Make sure you have installed both. Then reboot and check whether your problem gets solved. If not, we need additional information to solve your problem, therefore I ask you to follow the instructions of comment #9 (and also of https://wiki.ubuntu.com/DebuggingNetworkManager).

Thank you very much in advance.

Note also that if you test the two SRUs and confirm us that they solve the problem for you, you unblock this SRU and give us way to provide further SRUs on Network Manager in the future, as Bionic has still some years to go.

Hi, what I have no and everything works OK

~ apt policy network-manager
network-manager:
  Installed: 1.10.6-2ubuntu1.1
  Candidate: 1.10.6-2ubuntu1.1
  Version table:
 *** 1.10.6-2ubuntu1.1 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.10.6-2ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

~ apt policy systemd
systemd:
  Installed: 237-3ubuntu10.24
  Candidate: 237-3ubuntu10.24
  Version table:
 *** 237-3ubuntu10.24 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     237-3ubuntu10.19 500
        500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
     237-3ubuntu10 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

You see, the freshest I can go.

`I have now` of course

Joe_Bishop, could you install network-manager 1.10.14 from bionic-proposed (as described in comment #11 of bug #1754671) and re-test following the instructions of my comment #15? Thanks.

I am afraid I don't have a time to play with it. There were parallel bug reports which were very similar to mine. I bet if you will solve them you will solve mine as well. Good luck.

[Expired for network-manager (Ubuntu) because there has been no activity for 60 days.]

Joe_Bishop, a new Bionic SRU for bug 1754671 got issued, now much less invasive simply backporting the fixes and not being a full upstream update. Please follow the instructions in bug 1754671. If you are still running 1.10.14 (the old SRU) please downgrade to the old network-manager and then do the updsate to get the new SRU.

Please check and report here whether the regressions you observed in 1.10.14 do not occur in the new SRU. Thanks.

[Expired for network-manager (Ubuntu) because there has been no activity for 60 days.]