Description of problem: When the connection to the OpenVPN server is established, the NS servers pushed by the server are placed on 1-st and 2-nd place, but on 3-rd place the NetworkManager leaves the local NS server. This could lead to DNS leak if the first 2 servers timeout. Version-Release number of selected component (if applicable): rpm -q -a | grep openvpn openvpn-2.3.10-1.fc23.x86_64 NetworkManager-openvpn-gnome-1.0.8-2.fc23.x86_64 NetworkManager-openvpn-1.0.8-2.fc23.x86_64 How reproducible: Every time I try to use the GUI VPN functionality. Steps to Reproduce: 1. Create new OpenVPN connection in NetwokrManager. The 'Use this connection only for resources on its network' should be unchecked. 2. Connect to OpenVPN server 3. Check the content of /etc/resolv.conf Actual results: The 3-rd name server listed in /etc/resolv.conf is the local NS server. Expected results: NetworkManager should change the contents of /etc/resolv.conf with NS servers pushed by the OpenVPS server. The local NS server should be removed from /etc/resolv.conf. Local NS server should be restored in /etc/resolv.conf after the VPS is disconnected and the NS servers from OpenVPN server are removed. Additional info: I've tested to deny access to 1-st and 2-nd NS servers from the machine running OpenVPS server and the result was that the local NS server was used, despite the fact that the checkbox 'Use this connection only for resources on its network' is unchecked. This leads to DNS leak if the first 2 NS servers could not be reached.
This bug is fixed by adding a new option ipv4.dns-priority to NetworkManager. It will be thus fixed by an upgrade of NetworkManager package to > 1.2. Also, it's not nm-openvpn plugin which configures the DNS server, it's NetworkManager daemon. Reassigning bug to NM.
According to the comments from https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=8da3e658f7313f56928d22cfe13f9ab78cc1dd3c I assume that this will be merged in 1.4 am I correct?
(In reply to Mincho Gaydarov from comment #2) > According to the comments from > https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/ > ?id=8da3e658f7313f56928d22cfe13f9ab78cc1dd3c I assume that this will be > merged in 1.4 am I correct? yes, the new feature will be included in 1.4.0 release of NetworkManager (which is not yet released).
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Hi, the problem was resolved with adding the dns-priority settings. You can close this bug as resolved.