Bug 1281332 - /etc/resolv.conf does not get the information about VPN gateway nameservers.
/etc/resolv.conf does not get the information about VPN gateway nameservers.
Product: Fedora
Classification: Fedora
Component: strongswan (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Pavel Šimerda (pavlix)
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-11-12 05:28 EST by Thomas Antepoth
Modified: 2016-07-13 10:21 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-13 10:21:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Thomas Antepoth 2015-11-12 05:28:31 EST
Description of problem:

After a successful connection the nameservers provided by the VPN gateway are ending up in /etc/strongswan/resolv.conf instead of /etc/resolv.conf. In this way the nameserver information of the vpn gateway gets lost.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. cat /etc/resolv.conf 
2. Create a connection to a VPN gateway which provides some nameserver information for the connection.
3. cat /etc/resolv.conf 
4. cat /etc/strongswan/resolv.conf 

Actual results:

In step 1.) the resolv.conf file contains the initial nameservers for a network connection. The resolv.conf in step 3.) is the same as in step 1.).
The nameservers obtained from the VPN gateway are visible in step 4.)

Expected results:

The nameservers in /etc/strongswan/resolv.conf should prepend the nameservers in step 1.)

Additional info:

This was already reported by Robert Dyck to the upstream.


There is also a discussion about the bugfix there.

I chose to edit the /etc/strongswan/strongswan.d/charon/resolv.conf file and erased the comment from the "file = ..." option like shown below.

resolve {

    # File where to add DNS server entries.
    file = /etc/resolv.conf

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes

    resolvconf {

        # Prefix used for interface names sent to resolvconf(8).
        # iface_prefix = lo.inet.ipsec.


Comment 1 Jan Doumont 2016-01-23 22:12:50 EST
I noted the same in Fedora 23.
Comment 2 Pavel Šimerda (pavlix) 2016-07-13 10:21:57 EDT
1) The recommended way to use VPN on Fedora is via NetworkManager. I'm not currently using it myself but strongswan is supported via strongswan-charon-nm package.

2) /etc/strongswan/resolv.conf should work well for you. You can always replace /etc/resolv.conf with a symlink to that file just as other tools do.

3) I see you are already discussing it with upstream which is IMO the best place to come up with a solution.

I'm closing for now as this will be best figured out upstream anyway. You are free to remind me to update when an upstream update is released. Please reopen or start a new bug if you find any Fedora specific issue to be fixed.

Note You need to log in before you can comment on or make changes to this bug.