1281332 – /etc/resolv.conf does not get the information about VPN gateway nameservers.

Bug 1281332 - /etc/resolv.conf does not get the information about VPN gateway nameservers.

Summary: /etc/resolv.conf does not get the information about VPN gateway nameservers.

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	strongswan
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Pavel Šimerda (pavlix)
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-12 10:28 UTC by Thomas Antepoth
Modified:	2016-07-13 14:21 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-13 14:21:57 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Thomas Antepoth 2015-11-12 10:28:31 UTC

Description of problem:

After a successful connection the nameservers provided by the VPN gateway are ending up in /etc/strongswan/resolv.conf instead of /etc/resolv.conf. In this way the nameserver information of the vpn gateway gets lost.

Version-Release number of selected component (if applicable):

5.3.2

How reproducible:

Steps to Reproduce:
1. cat /etc/resolv.conf
2. Create a connection to a VPN gateway which provides some nameserver information for the connection.
3. cat /etc/resolv.conf
4. cat /etc/strongswan/resolv.conf

Actual results:

In step 1.) the resolv.conf file contains the initial nameservers for a network connection. The resolv.conf in step 3.) is the same as in step 1.).
The nameservers obtained from the VPN gateway are visible in step 4.)

Expected results:

The nameservers in /etc/strongswan/resolv.conf should prepend the nameservers in step 1.)

Additional info:

This was already reported by Robert Dyck to the upstream.

https://wiki.strongswan.org/issues/1147

There is also a discussion about the bugfix there.

I chose to edit the /etc/strongswan/strongswan.d/charon/resolv.conf file and erased the comment from the "file = ..." option like shown below.

===
resolve {

# File where to add DNS server entries.
file = /etc/resolv.conf

# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes

resolvconf {

# Prefix used for interface names sent to resolvconf(8).
# iface_prefix = lo.inet.ipsec.

}

}
===

Comment 1 Jan Doumont 2016-01-24 03:12:50 UTC

I noted the same in Fedora 23.

Comment 2 Pavel Šimerda (pavlix) 2016-07-13 14:21:57 UTC

1) The recommended way to use VPN on Fedora is via NetworkManager. I'm not currently using it myself but strongswan is supported via strongswan-charon-nm package.

2) /etc/strongswan/resolv.conf should work well for you. You can always replace /etc/resolv.conf with a symlink to that file just as other tools do.

3) I see you are already discussing it with upstream which is IMO the best place to come up with a solution.

I'm closing for now as this will be best figured out upstream anyway. You are free to remind me to update when an upstream update is released. Please reopen or start a new bug if you find any Fedora specific issue to be fixed.

Note You need to log in before you can comment on or make changes to this bug.