Description of problem: Upon establishing VPN connection, overwrites /etc/resolv.conf. When using NetworkManager's dnsmasq backend, this will break user's DNS. In the case that the gateway on the other end of the connection is not default gateway and the DNS server at the other end resolves only local zone, then it break users access to the Internet entirely. It happens even with ipv[4,6].ignore-auto-dns=yes. Version-Release number of selected component (if applicable): NetworkManager-fortisslvpn-1.3.90-4 How reproducible: Steps to Reproduce: 1. Configure VPN connection (gateway, username, password) 2. Dial VPN connection Actual results: 1. The /etc/resolv.conf contains 'nameserver' and 'search' entries inserted at the top of NM-generated /etc/resolv.conf 2. The running openfortivpn process has been lanunched with '--pppd-use-peerdns=1' option Expected results: 1. The DNS information pushed by the VPN gateway should be in the NM connection properties (ipv[4,6].dns.*) 2. That DNS information should be handled by NetworkManager, as other VPNs (l2pt, openvpn, wireguard, etc.) do. Additional info: The /etc/resolv.conf should not be overwritten by random processes; it should be handled by single owner only. In the case of NetworkManager (as this is case of NM plugin), NetworkManager itself should be that owner.
Created attachment 1676257 [details] Fix for /etc/resolv.conf overwriting
Ok, so the issue is the patch that's in the 1.3.90-4 rpm. It removes the '--no-dns' option, and adds '--pppd-use-peerdns=1'. While the second is needed, so that the ppppd plugin can relay the DNS info to NetworkManager, removing the first option causes the openfortivpn to default to '--set-dns=1', and to overwrite `/etc/resolv.conf`. The attached patch keeps the first option and adds the second. It does that conditionally, so the ignore-auto-dns option is respected. It was also submitted upstream at https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/merge_requests/15.
https://src.fedoraproject.org/rpms/NetworkManager-fortisslvpn/c/3517525da74d6adb08643a756066cd05a4722032?branch=master
FEDORA-EPEL-2020-0aff0a0cca has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0aff0a0cca
FEDORA-EPEL-2020-b243b0dcb6 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b243b0dcb6
FEDORA-2020-c0388bdbd5 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-c0388bdbd5
FEDORA-2020-de1078f994 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-de1078f994
FEDORA-2020-eacbf2f402 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-eacbf2f402
FEDORA-2020-eacbf2f402 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-eacbf2f402` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-eacbf2f402 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2020-b243b0dcb6 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b243b0dcb6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-c0388bdbd5 has been pushed to the Fedora 30 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-c0388bdbd5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-c0388bdbd5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2020-0aff0a0cca has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0aff0a0cca See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-de1078f994 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-de1078f994` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-de1078f994 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-de1078f994 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-c0388bdbd5 has been pushed to the Fedora 30 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-eacbf2f402 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2020-b243b0dcb6 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2020-0aff0a0cca has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.