Announcement

Collapse
No announcement yet.

openvpn, dnsmasq, resolvconf no longer works

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    openvpn, dnsmasq, resolvconf no longer works

    My install of kubuntu 20.04 went fine, so I've proceeded to try to bring up my openvpn connection. This is on a laptop using NetworkManager and the connection is established via dhcp on a wireless or wired interface.

    On 18.04, I couldn't restrict systemd-resolved to the openvpn tunnel; It leaked queries to dns servers on all interfaces. The solution to this was to disable systemd-resolved, and install dnsmasq + resolvconf; NetworkManager supported this and fired up dhclient on the interfaces and suitable info ended up in /run/dnsmasq/resolv.conf. Nework connectivity worked as expected, and when I enable the vpn in NetworkManager the dns queries are restricted to the vpn interface.

    The same configuration does not work in 20.04. My wireless interface picks up an address via dhcp (I assume) and can ping by ip, but there is no running dhclient process and the /run/dnsmasq/resolv.conf file is empty, so dns queries fail. If I populate /run/dnsmasq/resolv.conf manually, the network is fine.

    I'm guessing NetworkManager now sets the interface address without dhclient and doesn't populate resolv.conf (?). I'm not opposed to systemd-resolved (in lieu of dnsmasq + resolvconfg) if I had faith that I can make it not leak queries outside the vpn tunnel (but this seemed complex and ineffective in the past).

    The other conspicuous difference between 1804 & 2004 I noted was a minor change to resolvconf.service (a couple of ExecStartPre lines removed) but reverting this change makes no behavioural difference. I think the significant difference was that the dhclient process kept resolv.conf up to date and there is no long such a process running.

    Thoughts on what is happening, what to do, or where best to file a bug if there is indeed a bug to be fixed?

    Thank you good Kubuntueers!

    #2
    A well written inquiry. Should be more than enough information to enable some reasoned replies/suggestions. Oh, and welcome to KFN!
    Using Kubuntu Linux since March 23, 2007
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Cheers Snowhog!
      I've now played around a bit with this 20.04 openvpn config to ascertain what works and what could use work.
      I imported my openvpn config to network manager via the command line interface:

      nmcli connection import type openvpn file myVpnConfig.ovpn

      As in 18.04 this allows you to set some config parameters that might be necessary on the other end that don't appear in the NetworkManager UI (!)
      Then the vpn successfully connects, but again (in this dnsmasq + resolvconf configuration) the /run/dnsmasq/resolv.conf is not updated with the vpn dns. And again if I update resolv.conf manually the vpn operates properly. Whew!

      I also note a few nitpicky NetworkManager UI regressions that were arguably better in 18.04:

      When you click the networkmanager icon to show the popup list of networks, the unconnected list of available networks has a lock overlay for secured networks. When you select a (say WPA2) secured network for which you have credentials, it is promoted to the "Active Connections" at the top with a lock overlay. This is different than the (no lock) NetworkManager icon in the panel and different than the (no lock) icon in Active Connections in 18.04. This means that in 20.04 when you secure the link with a vpn connection, the Active Connection icon for that network doesn't change (grrr) although the icon changes in the panel (lock overlay indicates vpn).

      Another quirk in the NetworkManager System Settings Module for Connections:
      I'm using Oxygen colors and Breeze icons. I can't see in this panel that there are buttons for "add new connection" and configuration because the UI is black on black. I'll fix that in my own color scheme but the invisible UI threw me for a moment. (yeah eww theming issues)

      I suspect I should promote some of the issues to a Kubuntu an/or KDE bug tracker, but I've got no clue as to more official channels. I will work with anyone that can help me tho, especially with the dnsmasq issues.

      Thanks all

      Comment

      Working...
      X