Red Hat Bugzilla – Bug 1281332
/etc/resolv.conf does not get the information about VPN gateway nameservers.
Last modified: 2016-07-13 10:21:57 EDT
Description of problem:
After a successful connection the nameservers provided by the VPN gateway are ending up in /etc/strongswan/resolv.conf instead of /etc/resolv.conf. In this way the nameserver information of the vpn gateway gets lost.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. cat /etc/resolv.conf
2. Create a connection to a VPN gateway which provides some nameserver information for the connection.
3. cat /etc/resolv.conf
4. cat /etc/strongswan/resolv.conf
In step 1.) the resolv.conf file contains the initial nameservers for a network connection. The resolv.conf in step 3.) is the same as in step 1.).
The nameservers obtained from the VPN gateway are visible in step 4.)
The nameservers in /etc/strongswan/resolv.conf should prepend the nameservers in step 1.)
This was already reported by Robert Dyck to the upstream.
There is also a discussion about the bugfix there.
I chose to edit the /etc/strongswan/strongswan.d/charon/resolv.conf file and erased the comment from the "file = ..." option like shown below.
# File where to add DNS server entries.
file = /etc/resolv.conf
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# Prefix used for interface names sent to resolvconf(8).
# iface_prefix = lo.inet.ipsec.
I noted the same in Fedora 23.
1) The recommended way to use VPN on Fedora is via NetworkManager. I'm not currently using it myself but strongswan is supported via strongswan-charon-nm package.
2) /etc/strongswan/resolv.conf should work well for you. You can always replace /etc/resolv.conf with a symlink to that file just as other tools do.
3) I see you are already discussing it with upstream which is IMO the best place to come up with a solution.
I'm closing for now as this will be best figured out upstream anyway. You are free to remind me to update when an upstream update is released. Please reopen or start a new bug if you find any Fedora specific issue to be fixed.