-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v15beta is not properly overriding DNS records Ubuntu 20.04 #62
Comments
Same issue on Pop!_OS 20.04 LTS v13 systemd-resolve --status
v13 /etc/resolv.conf
v15 systemd-resolve --status
v15 /etc/resolv.conf
That DNS Domain is not correct. It is the same as the default DNS config in systemd-resolv which causes it to use one of them at random. OpenVPN As version 2.8.7 *edit after reading how systemd-resolved works:
on v13: only the vpn-defined DNS server is used, both public and private urls resolve. |
Hello! Is it possible to force openvpn change resolv.conf as before? Thank you! |
What does the In v14_beta/v15_beta openvpn3-llinux switched over to use
You must ensure To quickly switch back to modifying |
Well, Ubuntu 20.04 is completely different from RHEL here, as I can see. /etc/nsswitch.conf changed nothing here, it contains But just found this issue After connection using openvpn2 I see my internal nameserver in So I changed everything back to resolv.conf method... Thank you! |
Okay, so the launchpad OP is actually configuring systemd-resolved in a different way, not fully utilizing the possibilities with systemd-resolved. To be honest, I have no idea why Ubuntu is not making use of the It is well spent time reading through the systemd-resolved(8) man page. So when just re-linking Is this box running in some kind of VPS service? Or is it bare metal? I do know that several of the VPS providers and cloud providers may have default images which deviates from the way stock Ubuntu install is configuring the host. Several of them might even ignore the fact that the distro has moved towards using systemd-resolved for DNS resolving; which makes this quite more complicated. |
/run/systemd/resolve/stub-resolv.conf is not changed in Ubuntu 20.04, nameserver is only added to /run/systemd/resolve/resolv.conf , and, as I wrote before, openvpn nameserver is not removed from /run/systemd/resolve/resolv.conf after disconnect. my system is bare metal, this is home desktop, but, as I can see on fresh 20.04 install in VM there is no resolve in nsswitch.conf. btw, what is interesting here - reverse zone resolution works OK. Thank you! |
That's really interesting. Also because I have reports now from other channels that DNS resolution is finally working as expected on 20.04 - where modifying resolv.conf directly caused issues. So 20.04 is clearly a challenging case. I'm a bit at loss here now, how to proceed, as the "group" of users which was unhappy with this change are now happy, and vice versa. I'll at least try to improve how to switch between resolv.conf and systemd-resolved. |
In a nutshell: So if your regular DNS responds with a NXDOMAIN answer before the VPN-specified DNS server responds with an answer you're out of luck. This is the default behaviour without "DNS Resolution Zones" ( Ubuntu 20.04 indeed does not use |
@Kender2 Thanks for this clarification. This is gold, as it also gives a reasonable explanation why some users are more happy while some not with this change - on many setups, the VPN response is fast enough to not cause any issues - or that the DNS server otherwise used is getting blocked due to routes pushed out by the VPN server, which either slows down or makes that DNS inaccessible - while the VPN provided DNS server is available. I've been pondering on the next systemd-resolved improvement, to get closer to the old behavior of "use only VPN DNS servers". Should we attempt to loop through all the interfaces and remove the |
That could work I think. You'd have to sure to only do that when not using "split dns". The |
I'd like to add that v16 resolving is still broken on ubuntu 20.04 , I see no difference from v15... |
Thanks for testing that. We still have some work on improving the DNS configuration. What should be easier with v16_beta is to revert back to the "old way" of manipulating To switch back, run this command: You will need to stop the |
Same on regolith/focal. openvpn3 v17_beta. |
Is that a typo in the filename I don't really understand what I'm doing but from the output of running it, there seems to be a config file. There was none on my machine but there is nothing indicating failure.
There is still no config file
If I create the file manually, the config changes:
Now here comes the kicker:
|
Oh, yes! That's a typo. I've fixed it. Thanks!
Okay, that's unfortunate. It should have been an error here.
This step should not be needed when running
Yikes ... this was intended to work. I'll double check this. This will also be filed as a bug internally. Thanks again for thorough testing and documenting. |
👍 |
I figured out that I needed to add
|
tl;dr:
|
In regards to the error related to this command line:
This is actually not a bug. It's me who confused it with some prior implementations which I dropped. Instead it should say:
And it should be called first, before the |
This should now be fixed with commit c40218d. The output now is still not optimal, but at least gives a pretty good idea:
|
I was having this same issue, I'm using Ubuntu 20.04, with OpenVPN 3/Linux v18_beta (openvpn3). I followed the instructions above (thanks johantiden and dsommers) and resolved it by:
After that I connected the usual way and DNS behaved as expected (finally!). The proper behavior persists even after disconnect and reconnect, as well as after reboot. I guess someday I will see if 22.04 handles this better. |
I was in the process of getting my machine set up, with a clean install (22.04), and ran into the same issue... @walterbray your steps worked well for me. Really learned from the discussion too as I'm still new to Linux. Thanks all! Just dropping in to say that this seems to affect 22.04 as well, or at least it did in my case. |
Hi,
We are trying to use this client to connect to openvpn cloud.
We are using our custom dns nameservers on OpenVPN cloud configured through the DNS setting of OpenVPN cloud.
We can connect without any issue to the VPN but the DNS resolution is not working at all.
We can ping/ssh/curl our different services via cli with the IP without any issue but DNS resolution is not working. It seems that systemd-resolve is using the public DNS and IP not matter what.
The thing to notice is that it is properly working on the beta13.
Did we miss some configuration steps to make it work properly ?
You will find below the outputs from both beta15 and beta13
Output from beta15
systemd-resolv --status
cat /etc/resolv.conf
Output from Beta13
systemd-resolve --status
cat /etc/resolv.conf
The text was updated successfully, but these errors were encountered: