Red Hat Bugzilla – Bug 966281
openvpn 2.3.1 reconnect fails with DNS error, when network is switched
Last modified: 2013-12-23 09:58:29 EST
Description of problem:
Since I updated openvpn
I get the following behavior:
I am connected somewhere, for example wired network.
If I disconnect and connect to another network, which has different DNS settings I start getting the following errors in the log:
May 22 21:16:47 XXXX openvpn: RESOLVE: Cannot resolve host address: xxx.yyy.zzz: Temporary failure in name resolution
I sniffed the network traffic and came to the following:
For some reason openvpn remembers the DNS servers from resolv.conf which were valid during process creation.
Later when the DNS servers change, because I switch to different network, it does not reload them, but keeps trying to question the old DNS-es, which usually refuse recursive queries, because I am already not in their network.
If I downgrade back to openvpn-2.2.2-9.fc18.i686, all goes back to normal, without touching anything else.
My client config:
client dev tun
remote xxx.yyy.zzz 443
keepalive 10 60
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Establish VPN tunnel
2. Connect to different network with different DNS servers
3. The IPs of the old DNS servers MUST be inaccessible or not be valid DNS resolvers in the new network.
Start getting the following errors:
Cannot resolve host address: xxx.yyy.zzz: Temporary failure in name resolution
To reconnect with no issues.
I'm seeing this too. It's getting rather annoying...
I confirm, same here.
Confirmed here. Verry annoying.
I use a dnynds adresse for my clients to connect to. But that does simply not work in Fedora because of this bug.
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '18'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 18's end of life.
Thank you for reporting this issue and we are sorry that we may not be
able to fix it before Fedora 18 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior to Fedora 18's end of life.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
This still happens in Fedora 19.
And in Fedora 20 of course. I helped myself by configuring the openvpn connection in NetworkManager and adding a dispatch script that starts the vpn connection as soon as any network interface gets up. That is a workaround.
This seems to be tracked now by the upstream tracker too.
https://community.openvpn.net/openvpn/ticket/303 (pointing back to this bz)
As this seems to primarily be an upstream OpenVPN issue, and not a Fedora issue - I'll close this one as CLOSED:UPSTREAM. OpenVPN bugs in this bugzilla mostly tackles packaging and Fedora only related issues.
Please consider to try to help out testing and debugging in cooperation with upstream directly.