Red Hat Bugzilla – Bug 1253942
NetworkManager-openconnect no longer passes nameservers to dispatcher scripts
Last modified: 2015-09-18 14:15:06 EDT
Description of problem:
When connecting to a VPN server via NetworkManager-openconnect, although NetworkManager updates /etc/resolv.conf with the nameservers as supplied by the VPN server, it fails to export those nameservers into the environment for dispatcher scripts.
This is a new problem that I've only noticed since I updated to Fedora 22. When I was running Fedora 20, NetworkManager properly exported the nameservers into the environment for dispatcher scripts, using the VPN_IP4_NAMESERVERS variable. (I believe Fedora 21 also worked correctly, but I can't say that for certain.)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
To reproduce this, just create a dispatcher script that dumps the current environment into a temporary file. Here's what I see when I connect to our VPN server:
#BASH_VERSINFO=(="4" ="3" ="39" ="1" ="release" ="x86_64-redhat-linux-gnu")
Notice that neither VPN_IP4_NAMESERVERS nor IP4_NAMESERVERS is set. On Fedora 20, VPN_IP4_NAMESERVERS was set.
Again, the problem is *NOT* that the VPN server isn't communicating the nameservers: it is, because NetworkManager updates /etc/resolv.conf with the nameservers. The problem is that NetworkManager is no longer exporting the nameservers into the environment for dispatcher scripts.
Correction: I'm not sure whether NetworkManager was setting VPN_IP4_NAMESERVERS or IP4_NAMESERVERS, as the code in my dispatcher script checks for both.
But it was definitely one of those two.
(In reply to James Ralston from comment #0)
> Again, the problem is *NOT* that the VPN server isn't communicating the
> nameservers: it is, because NetworkManager updates /etc/resolv.conf with the
> nameservers. The problem is that NetworkManager is no longer exporting the
> nameservers into the environment for dispatcher scripts.
That would be a NM bug then, rather then NM-openconnect.
I have tested now on Fedora 22 (with vpnc) and I can see VPN_IP4_NAMESERVERS in the dispatcher output.
Maybe you looked into the output for "up" action instead of "vpn-up" action.
echo "$interface $action" >> /tmp/nm-disp-output
echo "===============" >> /tmp/nm-disp-output
env >> /tmp/nm-disp-output
echo "" >> /tmp/nm-disp-output
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Jirka is correct in comment 3: I was looking at the "up" action instead of the "vpn-up" action.
I was fooled by the fact that until recently, most of the VPN_* variables were set in both "up" and "vpn-up". Now, most of them are only set in "vpn-up".
(While this is arguably more correct behavior, it was confusing to anyone who was unintentionally relying on the old behavior, because this change wasn't announced.)