Ubuntu
openvpn package

starting openvpn, quitting, and then doing 'sudo resolvconf -u ' fails

Bug #1727368 reported by Dan Kegel
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Initial symptom: DNS stopped working.
Initial workaround: copy DNS server from gnome system settings to /etc/resolv.conf manually
Got fed up, saw https://ubuntuforums.org/showthread.php?t=2374857
which led me to https://askubuntu.com/questions/622470/dns-probe-finished-bad-config-error-in-ubuntu-14-04/622493#622493

To reproduce:

0) observe that /etc/resolv.conf is a symlink to ../run/resolvconf/resolv.conf (I assume)
1) sudo apt install openvpn
2) configure /etc/openvpn to access the vpn of interest
3) Log in to openvpn, e.g.
cd /etc/openvpn
sudo openvpn --config /etc/openvpn/openvpn.conf --script-security 2
4) observe that /etc/resolv.conf is now a regular file
5) observe that 'sudo resolvconf -u' says '/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf`'
6) log out of openvpn by pressing ^C in its window
7) observe that /etc/resolv.conf is still a regular file (probably a copy of what was in ../run/resolvconf/resolv.conf before starting openvpn)
8) Reboot
9) voila, dns not working
10) rescue by running sudo dpkg-reconfigure resolvconf, answering 'yes' (and optionally rebooting)

Problem repeats each time openvpn is used.

Also affects ubuntu 16.04, I think, at least as of the last few weeks.

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: openvpn 2.4.3-4ubuntu1
ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
Uname: Linux 4.13.0-16-generic x86_64
ApportVersion: 2.20.7-0ubuntu3
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Oct 25 07:08:15 2017
InstallationDate: Installed on 2017-04-29 (179 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: Upgraded to artful on 2017-10-20 (5 days ago)
mtime.conffile..etc.default.openvpn: 2017-04-29T05:55:25.168266

Revision history for this message
Dan Kegel (dank) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Dan Kegel (dank) wrote :

I have heard that the ubuntu desktop's network settings have an openvpn wrapper that behaves better here, but it shouldn't be hard for openvpn to use mv instead of cp for its backup...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Dan,
the only thing I know it affecting would be via /etc/openvpn/update-resolv-conf
But that uses /sbin/resolvconf which seems to work - doing the same it does in a little test.

root@xenial-test:~# ll /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Sep 18 08:44 /etc/resolv.conf -> ../run/resolvconf/resolv.conf

root@xenial-test:~# /sbin/resolvconf -a virbr0
search somethingelse

root@xenial-test:~# ll /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Sep 18 08:44 /etc/resolv.conf -> ../run/resolvconf/resolv.conf

root@xenial-test:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.4.1
search lxd somethingelse

Worked and the file is still the link it should be.

Have you set something in your openvpn config in regard to /etc/openvpn/update-resolv-conf like setting it for up/down actions?
If you have - does disabling those make the problem no more occur (might just not update your dns resolution when logging into the vpn now).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Oh just after posting I sw there is something in contrib which looks more like the problem, need to check if that is in the package.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

In the source of openvpn:
- contrib/pull-resolv-conf/client.down
- contrib/pull-resolv-conf/client.up

Those are doing the save/restore with "cp" as you assumed.

But the following shows me this is not in the package:
$ grep resolv $(dpkg -L openvpn | xargs) 2>/dev/null

The source also doesn't build extra packages whcih could contain it.
Hrm, it really feels those scripts are what triggers your issue, but I can't find them in any Ubuntu package.

Could you try to track which tool/process is doing the rewrite in your case?
[1] might ocme handy to do so.

[1]: https://unix.stackexchange.com/questions/13776/how-to-determine-which-process-is-creating-a-file

Changed in openvpn (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Dan Kegel (dank) wrote :

Good theory. I now suspect a script provided by a sysadmin, not openvpn itself.
I didn't bother to understand our openvpn configuration, tsk.

Please close as invalid. Thanks for the quick response, it was very helpful.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thank you to let me know, glad I could help.

Changed in openvpn (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.