Created attachment 1418186 [details]
journal

Description of problem:
After upgrade from FC27 to FC28 beta the name resolution stopped working while connected via IPsec VPN. The issue happens when DNS Automatic switch is on, see the attached screenshot. 

Server config did not change and connection towards it worked while using FC27 as a VPN road warrior. Relevant line from server config /etc/strongswan/ipsec.conf is:
rightdns=10.20.30.2,8.8.4.4,8.8.8.8

/etc/resolv.conf is populated with nonsense values as a result of establishing a VPN connection.

Version-Release number of selected component (if applicable):
NetworkManager-strongswan-1.4.3-1.fc28.x86_64
strongswan-charon-nm-5.6.2-2.fc28.x86_64
NetworkManager-strongswan-gnome-1.4.3-1.fc28.x86_64
strongswan-5.6.2-2.fc28.x86_64
gnome-shell-3.28.0-1.fc28.x86_64

How reproducible:

Steps to Reproduce:
1. Let use IPsec strongswan VPN server with DNS servers configured to be provided to the client. E.g. relevant line from server config /etc/strongswan/ipsec.conf is:
rightdns=10.20.30.2,8.8.4.4,8.8.8.8

2. Establish IPsec VPN connection from FC28 to the server, type IPsec/IKEv2 (strongswan), using Gnome GUI.

3. Nonsense values are added to /etc/resolv.conf


Actual results:
Nonsense values are added to /etc/resolv.conf
cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 160.96.1.172
nameserver 64.96.1.172
nameserver 96.176.1.172
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 192.168.100.1


Expected results:
/etc/resolv.conf is populated with values provided by VPN server, i.e.
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 10.20.30.2

Additional info:
See relevant excerpt from system journal attached.