Bug 1323799

Summary: NetworkManager-openvpn strange behaviour with 'Use this connection ...' checkbox
Product: [Fedora] Fedora Reporter: Mincho Gaydarov <mincho.gaydarov>
Component: NetworkManager-openvpnAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 23CC: choeger, dcbw, huzaifas, lkundrak, mincho.gaydarov, psimerda, steve, thaller
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-04 20:56:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mincho Gaydarov 2016-04-04 18:17:58 UTC 
Description of problem:
When the connection to the OpenVPN server is established, the NS servers pushed by the server are placed on 1-st and 2-nd place, even with the 'use this connection only for resources on its network' checked. This forces VPN's NS servers to be used as primary.

Version-Release number of selected component (if applicable):
rpm -q -a | grep openvpn
openvpn-2.3.10-1.fc23.x86_64
NetworkManager-openvpn-gnome-1.0.8-2.fc23.x86_64
NetworkManager-openvpn-1.0.8-2.fc23.x86_64

How reproducible:
Every time OpenVPN connection is established.

Steps to Reproduce:
1.Create new OpenVPN connection in NetwokrManager. The 'Use this connection only for resources on its network' should be checked.
2.Connect to OpenVPN server
3.Check the content of /etc/resolv.conf

Actual results:
First NS servers are those pushed by OpenVPN server.

Expected results:
NetworkManager should not change contents of /etc/resolv.conf and should ignore the DNS pushed from OpenVPN server. We don't want the DNS servers from VPN to become main DNS relovers for the system.

Additional info:
If the remote NS servers are necessary for accessing contents on remote network, they could be added manually in VPN configuration via GUI.
Comment 1 Thomas Haller 2016-04-04 20:31:55 UTC 
The "use this connection only for resources on its network" is inside a separate window that pops up when you click on the "Routes" button. This checkbox only means, that the connection will not get the default-route. Nothing more, especially it's not really related to DNS.

If you don't want that the DNS servers obtained from the VPN connecting get considered, choose "Method" "Automatic (VPN) addresses only", instead of "Automatic (VPN)".

If you want to configure (additional) DNS servers manually, there is also a UI field  "Additinal DNS servers" | "DNS servers". 


Does that not work for your? Why not?
Comment 2 Mincho Gaydarov 2016-04-04 20:56:02 UTC 
Hi,

that works for me.

I was misled by the interface.