Ubuntu
openconnect package

NetworkManager does not use openconnect GlobalProtect VPN's DNS

Bug #1934980 reported by Fikrul Arif
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openconnect (Ubuntu)
New
Undecided
Unassigned

Bug Description

1. Add a GlobalProtect VPN in network settings GUI, set DNS to manual, enter DNS IP address.
2. Open an internal website that should be routed through the VPN.

Actual: failed to open the internal website.
Expected: should open the internal website.

Content of `/etc/resolv.conf`: using systemd-resolved's 127.0.0.53.

Output of `resolvectl status`: only wlo1 has DNS Servers entry, there is no DNS Servers entry in vpn0.

Workaround: manually set the DNS in /etc/resolv.conf. Side effects of the workaround: the setting does not persist.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: openconnect 8.05-1
ProcVersionSignature: Ubuntu 5.8.0-59.66~20.04.1-generic 5.8.18
Uname: Linux 5.8.0-59-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu27.18
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Thu Jul 8 13:35:21 2021
InstallationDate: Installed on 2021-06-05 (33 days ago)
InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1)
SourcePackage: openconnect
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Fikrul Arif (fikr4n) wrote :
Revision history for this message
dwmw2 (dwmw2) wrote :

What does "nmcli con show" say for the offending connection? Does NM know the DNS server? Is this just a case of Ubuntu's NM not working correctly with its systemd DNS setup?

If you connect with openconnect on the command line and add the `-v` option, do you see DNS servers? I have a feeling Ubuntu's vpnc-script may not be working correctly for DNS either, so I'm less interested in whether it *works* and asking for the debug output.

Revision history for this message
Fikrul Arif (fikr4n) wrote :

> What does "nmcli con show" say for the offending connection?

```
$ nmcli con show
NAME UUID TYPE DEVICE
The VPN Name xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx vpn wlo1
The WiFi Name xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx wifi wlo1
vpn0 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx tun vpn0
virbr0 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx bridge virbr0
Other WiFi xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx wifi --
```

> Does NM know the DNS server?
Not sure, but I've set it manually via the GUI the make sure of it.

> If you connect with openconnect on the command line and add the `-v` option, do you see DNS servers?
I can't see such "DNS" or "name server" in the output. Btw, if I connect by executing the command line, there's no DNS problem, because it hardcodes `/etc/resolv.conf` to the VPN's DNS, the default 127.0.0.53 is deleted, replaced by 10.x.x.x.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.