Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no DNS from VPN #150

Closed
jamesdbrock opened this issue Nov 14, 2020 · 4 comments
Closed

no DNS from VPN #150

jamesdbrock opened this issue Nov 14, 2020 · 4 comments
Assignees
@dkosovic

Comments

@jamesdbrock
Copy link

I just upgraded to Fedora 33, and I'm having trouble with my VPN with NetworkManager-l2tp-gnome-1.8.2-2.fc33.x86_64 . I guess there were some pretty big changes with systemd-resolved https://fedoraproject.org/wiki/Changes/systemd-resolved#Upgrade.2Fcompatibility_impact

To connect to the VPN, I first had to apply this workaround for a libreswan bug https://bugzilla.redhat.com/show_bug.cgi?id=1883666#c4

Now I can connect to the VPN, but my VPN connection is not picking up the DNS server from the Gateway.

The Gateway is definitely still sending the DNS server IP, I can see it in journalctl:

Nov 14 22:28:06 jbox NetworkManager[1067]: <info>  [1605360486.9400] vpn-connection[0x563f3b5ee340,729b9bfd-412a-4d6d-ba95-ac0b387ad946,"XC",21:(ppp0)]: Data:   Internal DNS: 192.168.100.53

And NetworkManager knows about the DNS server:

$ nmcli

DNS configuration:
        servers: 192.168.100.53
        interface: ppp0
        type: vpn

        servers: 192.168.11.1
        interface: wlp3s0

But the DNS isn't added to the ppp0 link in systemd-resolved:

$ resolvectl dns
Global:
Link 2 (enp4s0):
Link 3 (wlp3s0): 192.168.11.1
Link 4 (virbr0):
Link 5 (virbr0-nic):
Link 6 (ip_vti0):
Link 21 (ppp0):

This might be a bug in NetworkManager, but I suspect that it's a bug in this VPN plugin, perhaps similar to this bug in the NetworkManager-fortisslvpn plugin https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/513

Thank you for maintaining this plugin!
@jamesdbrock
Copy link
Author

As a workaround I can set

$ resolvectl dns ppp0 192.168.100.53
$ resolvectl domain ppp0 mydomain

and then the DNS works on my VPN.

@dkosovic dkosovic self-assigned this Nov 14, 2020
@dkosovic
Copy link
Member

dkosovic commented Nov 14, 2020
edited

Regarding the NetworkManager-fortisslvpn bug and the following commit which closed that bug :

It uses the --pppd-use-peerdns=1 fortisslvpn flag which ends up using pppd's usepeerdns option, it looks practically the same as NetworkManager-l2tp's commit 7328971 from 3 years ago (although it was just for adding a conditional), ignore my comment for that commit, it should have read:

If "Automatic (VPN) Addresses Only" mode is disabled in the the IPv4 settings, do not use the pppd usepeerdns option.

Still looking ...

@dkosovic
Copy link
Member

Actually I'm not able to reproduce the issue on Fedora 33. The following is from using the free US server listed on www.freel2tpvpn.com :

$ nmcli
...
DNS configuration:
        servers: 10.20.0.1
        interface: ppp0
        type: vpn

        servers: 172.16.244.2
        domains: localdomain
        interface: ens33

$ resolvectl dns
Global:
Link 2 (ens33): 172.16.244.2
Link 3 (virbr0):
Link 4 (virbr0-nic):
Link 5 (ip_vti0):
Link 7 (ppp0): 10.20.0.1

@jamesdbrock
Copy link
Author

Actually I'm not able to reproduce the issue on Fedora 33. The following is from using the free US server listed on www.freel2tpvpn.com

Okay, when I connect to the same us.freel2tpvpn.com server, then my VPN totally works. So there must be something else wrong with how our VPN server is configured. Thank you very much for checking!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkosovic dkosovic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamesdbrock @dkosovic