Description of problem: After a successful connection the nameservers provided by the VPN gateway are ending up in /etc/strongswan/resolv.conf instead of /etc/resolv.conf. In this way the nameserver information of the vpn gateway gets lost. Version-Release number of selected component (if applicable): 5.3.2 How reproducible: Steps to Reproduce: 1. cat /etc/resolv.conf 2. Create a connection to a VPN gateway which provides some nameserver information for the connection. 3. cat /etc/resolv.conf 4. cat /etc/strongswan/resolv.conf Actual results: In step 1.) the resolv.conf file contains the initial nameservers for a network connection. The resolv.conf in step 3.) is the same as in step 1.). The nameservers obtained from the VPN gateway are visible in step 4.) Expected results: The nameservers in /etc/strongswan/resolv.conf should prepend the nameservers in step 1.) Additional info: This was already reported by Robert Dyck to the upstream. https://wiki.strongswan.org/issues/1147 There is also a discussion about the bugfix there. I chose to edit the /etc/strongswan/strongswan.d/charon/resolv.conf file and erased the comment from the "file = ..." option like shown below. === resolve { # File where to add DNS server entries. file = /etc/resolv.conf # Whether to load the plugin. Can also be an integer to increase the # priority of this plugin. load = yes resolvconf { # Prefix used for interface names sent to resolvconf(8). # iface_prefix = lo.inet.ipsec. } } ===
I noted the same in Fedora 23.
1) The recommended way to use VPN on Fedora is via NetworkManager. I'm not currently using it myself but strongswan is supported via strongswan-charon-nm package. 2) /etc/strongswan/resolv.conf should work well for you. You can always replace /etc/resolv.conf with a symlink to that file just as other tools do. 3) I see you are already discussing it with upstream which is IMO the best place to come up with a solution. I'm closing for now as this will be best figured out upstream anyway. You are free to remind me to update when an upstream update is released. Please reopen or start a new bug if you find any Fedora specific issue to be fixed.