search

OpenVPN / openvpn3-linux

OpenVPN 3 Linux client
GNU Affero General Public License v3.0
550 stars 146 forks source link

Arch Linux - /etc/resolv.conf getting overwritten #121

Closed sant527 closed 2 years ago

sant527 commented 2 years ago

I am starting openvpn connection using

openvpn3 session-start --config client.ovpn

but the /etc/resolv.conf is not getting changed with the new dns entries from openvpn

# Generated by dhcpcd from wlan0.dhcp, wlan0.dhcp6
# /etc/resolv.conf.head can replace this line
nameserver 192.168.55.1
nameserver fe80::1%wlan0
# /etc/resolv.conf.tail can replace this line

it should be Generated by OpenVPN 3 Linux

#
# Generated by OpenVPN 3 Linux (NetCfg::DNS::ResolvConfFile)
# Last updated: 2022-05-22 17:49:09 
#

# OpenVPN defined name servers
nameserver 10.0.0.2

# System defined name servers
nameserver 192.168.55.1
nameserver fe80::1%wlan0

something like above

what to do.

In one of my other pc it works well. the /etc/resolv.conf also gets changed

dsommers commented 2 years ago

Which Linux distribution and version are you running? More recent OpenVPN 3 Linux releases will use systemd-resolved by default if it is expected that the distribution ships with that enabled by default. Currently that is for all supported Fedora releases and Ubuntu 20.04 and newer.

sant527 commented 2 years ago

I am using archlinux and installed it as 

yay -S openvpn3

image

  $ openvpn3 version
OpenVPN 3/Linux git:makepkg:079e9da7f66f5cca+ (openvpn3)
OpenVPN core 3.git:HEAD:7765540e linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

I am using latest archlinux os.

what should i do to update the resolv.conf with the dns provided by openvpn

I even tried to add the nameserver to the resolv.conf:

sudo sh -c 'echo "nameserver 10.0.0.2" >> /etc/resolv.conf';cat /etc/resolv.conf

But after few seconds its again overwritten back and this entry is removed

May be some other useful info

I am badly stuck up. Can any one tell me what to do.

$ systemctl status systemd-resolved.service 
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-05-23 08:35:13 IST; 50min ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 26335 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 38253)
     Memory: 3.9M
        CPU: 1.089s
     CGroup: /system.slice/systemd-resolved.service
             └─ 26335 /usr/lib/systemd/systemd-resolved
 $ cat  /usr/share/dbus-1/system-services/net.openvpn.v3.netcfg.service
#  This file is part of the OpenVPN 3 Linux client
#
#  Copyright 2018 - 2020  OpenVPN Inc <sales@openvpn.net>
#  Copyright 2018 - 2020  David Sommerseth <davids@openvpn.net>
#
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU Affero General Public License as
#  published by the Free Software Foundation, version 3 of the
#  License.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU Affero General Public License for more details.
#
#  You should have received a copy of the GNU Affero General Public License
#  along with this program.  If not, see <https://www.gnu.org/licenses/>.
#

[D-BUS Service]
Name=net.openvpn.v3.netcfg
User=root
Exec=/usr/libexec/openvpn3-linux/openvpn3-service-netcfg --resolv-conf /etc/resolv.conf --state-dir "/var/lib/openvpn3"
dsommers commented 2 years ago

We don't have official Arch Linux support yet. But the Arch guys are doing a reasonably decent job. I don't know how the DNS resolver settings are handled on Arch, as that seems to do different things than other systemd-resolved enabled systems do.

Your /etc/resolv.conf says:

# Generated by dhcpcd from wlan0.dhcp, wlan0.dhcp6
# /etc/resolv.conf.head can replace this line
nameserver 192.168.55.1
nameserver fe80::1%wlan0

While other systems typically have lines like the ones below:

# This file is managed by man:systemd-resolved(8). Do not edit.
[....]
nameserver 127.0.0.53

The /etc/resolv.conf is also a symlink to /run/systemd/resolve/stub-resolv.conf.

So there is more to your setup than just systemd-resolved.

Normally, to make OpenVPN 3 Linux use systemd-resolved, you need stop all VPN sessions. Then run this command line as root:

# openvpn3-admin netcfg-service --config-set systemd-resolved true

Finally, kill -INT all the openvpn3-service-* processes (and in particular openvpn3-service-netcfg in this case). This should override the default configuration of using /etc/resolv.conf.

I see a remark in your resolv.conf file, which I don't grasp right now ...

 # /etc/resolv.conf.tail can replace this line

If that means that /etc/resolv.conf.tail can be used by other applications - you can also tell openvpn3-service-netcfg to use such a file instead:

# openvpn3-admin netcfg-service --config-unset systemd-resolved
# openvpn3-admin netcfg-service --config-set resolv-conf /etc/resolv.conf.tail

or use another filename which matches better what Arch Linux expects.

If there are any Arch Linux package maintainers who can elaborate more on how that distro handles these things, I'm willing to discuss including upstream changes to detect Arch Linux and do the right thing out-of-the-box. Including adding native support for other ways to configure the DNS resolver.

sant527 commented 2 years ago

thanks a lot. what i found is even if i manually add something to resolv.conf, after 5 seconds it getting override

only option is to set the resolv.cong.head or tail

but after closing the connection we have to remove them.

dsommers commented 2 years ago

Then you most likely need this setting instead:

 # openvpn3-admin netcfg-service --config-set resolv-conf /etc/resolv.conf.head

And don't enable the systemd-resolved integration.

The openvpn3-service-netcfg is responsible for editing and restoring the resolv.conf file, which is configured via the --resolv-conf option. While that setting is set on the command line, it can be overridden by settings in a configuration file (/var/lib/openvpn3/netcfg.json), which is best managed via the openvpn3-admin netcfg-service command line.

dsommers commented 2 years ago

As this seems to be resolved, I'm closing this issue.

Just a closing comment on the openvpn3-admin netcfg-service suggestion above, using /etc/resolv.conf.head. With this setting, openvpn3-service-netcfg will automatically preserve and restore the resolv.conf.head file when the VPN sessions starts and disconnects.

Feel free to point any related Arch Linux bug tracking to this ticket, if that can help improving the Arch Linux packaging and the out-of-box experience with OpenVPN 3 Linux.