[BUG] Internet not working after editing /etc/systemd/resolved.conf file

[rollsicecream]

Bug report

Describe your environment

• Device: Dell Inspiron 15 3511
• OS name and version: Fedora 39 (Thirty Nine) Workstation
• IVPN app version: v3.13.4

Describe the problem

Steps to reproduce:

1. Edit your /etc/resolved.conf file and adding every DNS provider you want : NextDNS in this case.
2. Connect to any IVPN server
3. Go to any website in the Internet

Observed Results:

• Internet doesn't work anymore!

Logs :

Service log (old session):

<<< unable to open log-file >>>

Service log (active session):

Feb  5 21:11:25.820 [log   ] Logging enabled
Feb  5 21:11:25.829 [servc ] (prefs 'enable_logging' changed) true
Feb  5 21:11:25.829 [prtcl ] [-->] 44880 SettingsResp [0] 
Feb  5 21:11:25.829 [prtcl ] [-->] 44880 EmptyResp [13] 
Feb  5 21:11:27.011 [prtcl ] [<--] 44880 GenerateDiagnostics [14]
Feb  5 21:11:27.027 [prtcl ] [-->] 44880 DiagnosticsGeneratedResp [14] 
Feb  5 21:12:53.706 [dns   ] DNS-change monitoring: DNS was changed outside [CHMOD         "/run/systemd/resolve/resolv.conf"]. Restoring ...
Feb  5 21:12:53.707 [dns   ] Shell exec: [/usr/bin/resolvectl domain tun0 ~.]
Feb  5 21:12:53.714 [dns   ] Shell exec: [/usr/bin/resolvectl default-route tun0 true]
Feb  5 21:12:53.720 [dns   ] Shell exec: [/usr/bin/resolvectl dns tun0 9.9.9.9]
Feb  5 21:13:15.046 [prtcl ] [<--] 44880 Disconnect [15]
Feb  5 21:13:15.047 [servc ] Disconnecting...
Feb  5 21:13:15.047 [ovpnmi] [->]: signal SIGTERM
Feb  5 21:13:15.050 [ovpnmi] [<-]: >LOG:1707163995,D,MANAGEMENT: CMD 'signal SIGTERM'
Feb  5 21:13:15.050 [ovpnmi] [<-]: SUCCESS: signal SIGTERM thrown
Feb  5 21:13:15.050 [ovpnmi] [<-]: >LOG:1707163995,I,SIGTERM received, sending exit notification to peer
Feb  5 21:13:18.348 [ovpnmi] [<-]: >LOG:1707163998,,TCP/UDP: Closing socket
Feb  5 21:13:18.349 [ovpnmi] [<-]: >LOG:1707163998,,net_route_v4_del: 198.44.131.3/32 via 192.168.18.1 dev [NULL] table 0 metric -1
Feb  5 21:13:18.351 [ovpnmi] [<-]: >LOG:1707163998,,net_route_v4_del: 0.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:13:18.351 [ovpnmi] [<-]: >LOG:1707163998,,net_route_v4_del: 128.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:13:18.351 [ovpnmi] [<-]: >LOG:1707163998,,Closing TUN/TAP interface
Feb  5 21:13:18.351 [ovpnmi] [<-]: >LOG:1707163998,I,net_addr_v4_del: 10.78.40.7 dev tun0
Feb  5 21:13:18.365 [ovpnmi] [<-]: >LOG:1707163998,I,/opt/ivpn/etc/client.down -use-resolvconf /usr/bin/resolvectl tun0 1500 0 10.78.40.7 255.255.252.0 init
Feb  5 21:13:18.408 [ovpnmi] [<-]: >LOG:1707163998,I,SIGTERM[soft,exit-with-notification] received, process exiting
Feb  5 21:13:18.411 [ovpnmi] [<-]: >LOG:1707163998,,MANAGEMENT: >STATE:1707163998,EXITING,exit-with-notification,,,,,
Feb  5 21:13:18.411 [ovpnmi] [<-]: >STATE:1707163998,EXITING,exit-with-notification,,,,,
Feb  5 21:13:18.411 [ovpnmi] State changed:EXITING
Feb  5 21:13:18.411 [ovpnmi] Connection closed (EOF)
Feb  5 21:13:18.411 [ovpnmi] OpenVPN MI disconnected: 127.0.0.1:38812
Feb  5 21:13:18.411 [ovpnmi] OpenVPN MI stopped
Feb  5 21:13:18.411 [servc ] State: {EXITING 1707163998,EXITING,exit-with-notification,,,,,
 OpenVPN 1707163998 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:13:18.411 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:13:18.416 [frwl  ] -set_dns 
Feb  5 21:13:18.433 [frwl  ] Client disconnected
Feb  5 21:13:18.511 [servc ] VPN state forwarder stopped
Feb  5 21:13:18.512 [dnscrt] Stopping dnscrypt-proxy
Feb  5 21:13:18.512 [servc ] Route change receiver stopped
Feb  5 21:13:18.513 [dnscrt] dnscrypt-proxy stopped
Feb  5 21:13:18.513 [frwl  ] Shell exec: [/opt/ivpn/etc/firewall.sh -only_dns_off]
Feb  5 21:13:18.513 [dns   ] DNS-change monitoring stopped
Feb  5 21:13:18.525 [prtcl ] [-->] 44880 SplitTunnelStatus [0] 
Feb  5 21:13:18.525 [servc ] VPN process stopped
Feb  5 21:13:18.525 [prtcl ] [-->] 44880 DisconnectedResp [0] 
Feb  5 21:13:18.525 [servc ] Requesting session status...
Feb  5 21:13:18.546 [prtcl ] [<--] 44880 KillSwitchSetEnabled [16]
Feb  5 21:13:18.546 [frwl  ] Disabling...
Feb  5 21:13:18.981 [servc ] Session status request: done
Feb  5 21:13:18.984 [prtcl ] [-->] 44880 AccountStatusResp [0] 
Feb  5 21:13:19.139 [prtcl ] [-->] 44880 KillSwitchStatusResp [0] 
Feb  5 21:13:19.139 [prtcl ] [-->] 44880 EmptyResp [16] 
Feb  5 21:13:19.189 [prtcl ] [<--] 44880 APIRequest [17] geo-lookup (IPv4)
Feb  5 21:13:19.197 [prtcl ] [<--] 44880 APIRequest [18] geo-lookup (IPv6)
Feb  5 21:13:19.815 [prtcl ] [-->] 44880 APIResponse [17] geo-lookup
Feb  5 21:13:19.815 [prtcl ] [-->] 44880 APIResponse [18] geo-lookup
Feb  5 21:13:20.014 [prtcl ] [<--] 44880 ConnectSettings [19]
Feb  5 21:13:20.015 [prtcl ] [-->] 44880 EmptyResp [19] 
Feb  5 21:13:30.392 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:15:59.033 [servc ] Requesting session status...
Feb  5 21:15:59.422 [servc ] Session status request: done
Feb  5 21:15:59.430 [prtcl ] [-->] 44880 AccountStatusResp [0] 
Feb  5 21:16:00.297 [servc ] Updated servers info (52 OpenVPN; 52 WireGuard)
Feb  5 21:16:00.299 [prtcl ] [-->] 44880 ServerListResp [0] 
Feb  5 21:16:01.333 [prtcl ] [<--] 44880 ConnectSettings [20]
Feb  5 21:16:01.341 [prtcl ] [-->] 44880 EmptyResp [20] 
Feb  5 21:16:43.055 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:17:30.540 [prtcl ] [<--] 44880 Connect [21]
Feb  5 21:17:30.541 [prtcl ] [-->] 44880 EmptyResp [21] 
Feb  5 21:17:30.541 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:17:30.541 [servc ] Connecting...
Feb  5 21:17:30.541 [servc ] Initializing connection...
Feb  5 21:17:30.541 [servc ] VPN state forwarder started
Feb  5 21:17:30.541 [servc ] Route change receiver started
Feb  5 21:17:30.547 [ovpn  ] OpenVPN version:[2 6 8]
Feb  5 21:17:30.548 [servc ] Initializing firewall
Feb  5 21:17:30.553 [frwl  ] Enabling...
Feb  5 21:17:30.750 [frwl  ] -set_dns 
Feb  5 21:17:30.764 [frwl  ] -add_exceptions_static 198.50.177.220,149.56.162.156,198.50.177.222,149.56.162.159,198.50.177.223
Feb  5 21:17:30.773 [frwl  ] -set_user_exceptions_static_ipv6 
Feb  5 21:17:30.779 [frwl  ] -set_user_exceptions_static 
Feb  5 21:17:30.787 [prtcl ] [-->] 44880 KillSwitchStatusResp [0] 
Feb  5 21:17:30.787 [frwl  ] -add_exceptions 198.44.131.3
Feb  5 21:17:30.801 [servc ] Initializing DNS
Feb  5 21:17:30.801 [servc ] Starting VPN process
Feb  5 21:17:30.801 [ovpnmi] OpenVPN MI started
Feb  5 21:17:30.802 [ovpn  ] Configuring OpenVPN...
=====================
client
management 127.0.0.1 37137
management-client
management-hold
auth-user-pass
auth-nocache
management-query-passwords
management-signal
hand-window 6
compress
pull-filter ignore "ping"
keepalive 8 30
connect-retry 2 6
dev tun
proto udp
remote 198.44.131.3 2049
resolv-retry infinite
nobind
persist-key
ca "/opt/ivpn/etc/ca.crt"
tls-auth "/opt/ivpn/etc/ta.key" 1
cipher AES-256-CBC
remote-cert-tls server
verb 4
up "/opt/ivpn/etc/client.up -use-resolvconf /usr/bin/resolvectl"
down "/opt/ivpn/etc/client.down -use-resolvconf /usr/bin/resolvectl"
script-security 2
=====================
Feb  5 21:17:30.803 [ovpn  ] Shell exec: /usr/sbin/openvpn --config /etc/opt/ivpn/mutable/openvpn.cfg
Feb  5 21:17:30.809 [ovpnmi] OpenVPN MI connected: 127.0.0.1:34992
Feb  5 21:17:30.809 [ovpnmi] [->]: echo [IVPN_SECRET_522BF7050DDBF8D7E4F52E1BBFCCACAB]
Feb  5 21:17:30.810 [ovpnmi] Connection verified
Feb  5 21:17:30.810 [ovpnmi] [->]: version
Feb  5 21:17:30.811 [ovpnmi] [<-]: >INFO:OpenVPN Management Interface Version 5 -- type 'help' for more info
Feb  5 21:17:30.811 [ovpnmi] [<-]: >HOLD:Waiting for hold release:0
Feb  5 21:17:30.811 [ovpnmi] [->]: state on
Feb  5 21:17:30.813 [ovpnmi] [->]: log on
Feb  5 21:17:30.814 [ovpnmi] [->]: hold off
Feb  5 21:17:30.815 [ovpnmi] [->]: hold release
Feb  5 21:17:30.816 [ovpnmi] [<-]: ERROR: echo parameter must be 'on' or 'off' or some number n or 'all'
Feb  5 21:17:30.816 [ovpnmi] [<-]: OpenVPN Version: OpenVPN 2.6.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Feb  5 21:17:30.816 [ovpnmi] [<-]: Management Version: 5
Feb  5 21:17:30.816 [ovpnmi] [<-]: END
Feb  5 21:17:30.816 [ovpnmi] [<-]: SUCCESS: real-time state notification set to ON
Feb  5 21:17:30.816 [ovpnmi] [<-]: SUCCESS: real-time log notification set to ON
Feb  5 21:17:30.816 [ovpnmi] [<-]: >LOG:1707164250,D,MANAGEMENT: CMD 'hold off'
Feb  5 21:17:30.816 [ovpnmi] [<-]: SUCCESS: hold flag set to OFF
Feb  5 21:17:30.858 [ovpnmi] [<-]: >LOG:1707164250,D,MANAGEMENT: CMD 'hold release'
Feb  5 21:17:30.858 [ovpnmi] [<-]: SUCCESS: hold release succeeded
Feb  5 21:17:30.858 [ovpnmi] [<-]: >PASSWORD:Need 'Auth' username/password
Feb  5 21:17:30.861 [ovpnmi] [<-]: >LOG:1707164250,D,MANAGEMENT: CMD 'username "Auth" smtt5s7FhPU'
Feb  5 21:17:30.861 [ovpnmi] [<-]: SUCCESS: 'Auth' username entered, but not yet verified
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,D,MANAGEMENT: CMD 'password [...]'
Feb  5 21:17:30.901 [ovpnmi] [<-]: SUCCESS: 'Auth' password entered, but not yet verified
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,W,NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,,Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,,Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,,Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,,Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,I,TCP/UDP: Preserving recently used remote address: [AF_INET]198.44.131.3:2049
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,,Socket Buffers: R=[212992->212992] S=[212992->212992]
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,I,UDPv4 link local: (not bound)
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,I,UDPv4 link remote: [AF_INET]198.44.131.3:2049
Feb  5 21:17:30.901 [ovpnmi] [<-]: >LOG:1707164250,,MANAGEMENT: >STATE:1707164250,WAIT,,,,,,
Feb  5 21:17:30.901 [ovpnmi] [<-]: >STATE:1707164250,WAIT,,,,,,
Feb  5 21:17:30.901 [ovpnmi] State changed:WAIT
Feb  5 21:17:30.901 [servc ] State: {WAIT 1707164250,WAIT,,,,,,
 OpenVPN 1707164250 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:17:30.901 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:17:31.107 [ovpnmi] [<-]: >LOG:1707164251,,MANAGEMENT: >STATE:1707164251,AUTH,,,,,,
Feb  5 21:17:31.107 [ovpnmi] [<-]: >STATE:1707164251,AUTH,,,,,,
Feb  5 21:17:31.107 [ovpnmi] State changed:AUTH
Feb  5 21:17:31.107 [ovpnmi] [<-]: >LOG:1707164251,,TLS: Initial packet from [AF_INET]198.44.131.3:2049, sid=fd5c6042 1795f72d
Feb  5 21:17:31.107 [servc ] State: {AUTH 1707164251,AUTH,,,,,,
 OpenVPN 1707164251 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:17:31.107 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:17:31.274 [ovpnmi] [<-]: >LOG:1707164251,,VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=IVPN.net, OU=IVPN, CN=IVPN Root CA v2, emailAddress=support@ivpn.net
Feb  5 21:17:31.275 [ovpnmi] [<-]: >LOG:1707164251,,VERIFY KU OK
Feb  5 21:17:31.275 [ovpnmi] [<-]: >LOG:1707164251,,Validating certificate extended key usage
Feb  5 21:17:31.275 [ovpnmi] [<-]: >LOG:1707164251,,++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb  5 21:17:31.275 [ovpnmi] [<-]: >LOG:1707164251,,VERIFY EKU OK
Feb  5 21:17:31.275 [ovpnmi] [<-]: >LOG:1707164251,,VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=IVPN.net, OU=IVPN, CN=us-wa2.gw.ivpn.net, emailAddress=support@ivpn.net
Feb  5 21:17:31.502 [ovpnmi] [<-]: >LOG:1707164251,,Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Feb  5 21:17:31.502 [ovpnmi] [<-]: >LOG:1707164251,I,[us-wa2.gw.ivpn.net] Peer Connection Initiated with [AF_INET]198.44.131.3:2049
Feb  5 21:17:31.502 [ovpnmi] [<-]: >LOG:1707164251,,TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Feb  5 21:17:31.502 [ovpnmi] [<-]: >LOG:1707164251,,TLS: tls_multi_process: initial untrusted session promoted to trusted
Feb  5 21:17:31.899 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:17:31.899 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:17:32.267 [ovpnmi] [<-]: >LOG:1707164252,,MANAGEMENT: >STATE:1707164252,GET_CONFIG,,,,,,
Feb  5 21:17:32.268 [ovpnmi] [<-]: >STATE:1707164252,GET_CONFIG,,,,,,
Feb  5 21:17:32.268 [ovpnmi] State changed:GETCONFIG
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,SENT CONTROL [us-wa2.gw.ivpn.net]: 'PUSH_REQUEST' (status=1)
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,explicit-exit-notify 3,comp-lzo no,route-gateway 10.78.40.1,topology subnet,ping 10,ping-restart 60,dhcp-option DNS 10.78.40.1,ifconfig 10.78.40.15 255.255.252.0,peer-id 13,cipher CHACHA20-POLY1305'
Feb  5 21:17:32.268 [ovpnmi] DNS pushed: 10.78.40.1
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Pushed option removed by filter: 'ping 10'
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Pushed option removed by filter: 'ping-restart 60'
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,OPTIONS IMPORT: --ifconfig/up options modified
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,OPTIONS IMPORT: route options modified
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,OPTIONS IMPORT: route-related options modified
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,net_route_v4_best_gw query: dst 0.0.0.0
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,net_route_v4_best_gw result: via 192.168.18.1 dev wlp2s0
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,ROUTE_GATEWAY 192.168.18.1/255.255.255.0 IFACE=wlp2s0 HWADDR=e6:d3:01:3b:c0:0d
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,I,TUN/TAP device tun0 opened
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,do_ifconfig, ipv4=1, ipv6=0
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,MANAGEMENT: >STATE:1707164252,ASSIGN_IP,,10.78.40.15,,,,
Feb  5 21:17:32.268 [ovpnmi] [<-]: >STATE:1707164252,ASSIGN_IP,,10.78.40.15,,,,
Feb  5 21:17:32.268 [servc ] State: {GETCONFIG 1707164252,GET_CONFIG,,,,,,
 OpenVPN 1707164252 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:17:32.268 [ovpnmi] State changed:ASSIGNIP
Feb  5 21:17:32.268 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,I,net_iface_mtu_set: mtu 1500 for tun0
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,I,net_iface_up: set tun0 up
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,I,net_addr_v4_add: 10.78.40.15/22 dev tun0
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,I,/opt/ivpn/etc/client.up -use-resolvconf /usr/bin/resolvectl tun0 1500 0 10.78.40.15 255.255.252.0 init
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,net_route_v4_add: 198.44.131.3/32 via 192.168.18.1 dev [NULL] table 0 metric -1
Feb  5 21:17:32.268 [ovpnmi] DEBUG mi.go:497: New route-add command (1): /sbin/ip route add 198.44.131.3/32 via 192.168.18.1
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,net_route_v4_add: 0.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:17:32.268 [ovpnmi] DEBUG mi.go:497: New route-add command (2): /sbin/ip route add 0.0.0.0/1 via 10.78.40.1
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,net_route_v4_add: 128.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:17:32.268 [ovpnmi] DEBUG mi.go:497: New route-add command (3): /sbin/ip route add 128.0.0.0/1 via 10.78.40.1
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Data Channel MTU parms [ mss_fix:1399 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,I,Initialization Sequence Completed
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,MANAGEMENT: >STATE:1707164252,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
Feb  5 21:17:32.268 [ovpnmi] [<-]: >STATE:1707164252,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
Feb  5 21:17:32.268 [ovpnmi] State changed:CONNECTED
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Data Channel: cipher 'CHACHA20-POLY1305', peer-id: 13, compression: 'stub'
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Timers: ping 8, ping-restart 30
Feb  5 21:17:32.268 [ovpnmi] [<-]: >LOG:1707164252,,Protocol options: explicit-exit-notify 3
Feb  5 21:17:32.268 [servc ] State: {ASSIGNIP 1707164252,ASSIGN_IP,,10.78.40.15,,,,
 OpenVPN 1707164252 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:17:32.268 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:17:32.269 [dnscrt] Starting dnscrypt-proxy
Feb  5 21:17:32.299 [dnscrt] [OUT] [2024-02-05 21:17:32] [NOTICE] Network connectivity detected
Feb  5 21:17:32.299 [dnscrt] [OUT] [2024-02-05 21:17:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Feb  5 21:17:32.299 [dnscrt] [OUT] [2024-02-05 21:17:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Feb  5 21:17:32.299 [dnscrt] [OUT] [2024-02-05 21:17:32] [NOTICE] Firefox workaround initialized
Feb  5 21:17:32.303 [dnscrt] dnscrypt-proxy started
Feb  5 21:17:32.303 [dns   ] Shell exec: [/usr/bin/resolvectl domain tun0 ~.]
Feb  5 21:17:32.307 [dns   ] Shell exec: [/usr/bin/resolvectl default-route tun0 true]
Feb  5 21:17:32.311 [dns   ] Shell exec: [/usr/bin/resolvectl dns tun0 127.0.0.1]
Feb  5 21:17:32.317 [frwl  ] -set_dns 127.0.0.1
Feb  5 21:17:32.317 [dns   ] DNS-change monitoring start
Feb  5 21:17:32.326 [servc ] State: {INITIALISED 1707164252,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
 OpenVPN 1707164252 false 10.78.40.15 <nil> 0 198.44.131.3 2049 0 {0 0}  0 false }
Feb  5 21:17:32.326 [servc ] Starting route change detection
Feb  5 21:17:32.326 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:17:32.326 [servc ] State: {CONNECTED 1707164252,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
 OpenVPN 1707164252 false 10.78.40.15 <nil> 0 198.44.131.3 2049 0 {0 0}  0 false }
Feb  5 21:17:32.326 [frwl  ] Client connected: 10.78.40.15
Feb  5 21:17:32.360 [frwl  ] -remove_exceptions 198.44.131.3
Feb  5 21:17:32.370 [frwl  ] Shell exec: [/opt/ivpn/etc/firewall.sh -only_dns_off]
Feb  5 21:17:32.376 [prtcl ] [-->] 44880 SplitTunnelStatus [0] 
Feb  5 21:17:32.376 [prtcl ] [-->] 44880 ConnectedResp [0] 
Feb  5 21:17:32.433 [prtcl ] [<--] 44880 APIRequest [22] geo-lookup (IPv4)
Feb  5 21:17:32.434 [prtcl ] [<--] 44880 APIRequest [23] geo-lookup (IPv6)
Feb  5 21:17:32.434 [prtcl ] [-->] 44880 APIResponse [23] geo-lookup Error!
Feb  5 21:17:33.237 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:17:33.257 [prtcl ] [<--] 44880 APIRequest [24] geo-lookup (IPv4)
Feb  5 21:17:33.258 [prtcl ] [<--] 44880 APIRequest [25] geo-lookup (IPv6)
Feb  5 21:17:33.258 [prtcl ] [-->] 44880 APIResponse [25] geo-lookup Error!
Feb  5 21:17:33.418 [prtcl ] [<--] 44880 ConnectSettings [26]
Feb  5 21:17:33.419 [prtcl ] [-->] 44880 EmptyResp [26] 
Feb  5 21:17:33.877 [prtcl ] [-->] 44880 APIResponse [22] geo-lookup
Feb  5 21:17:33.877 [prtcl ] [-->] 44880 APIResponse [24] geo-lookup
Feb  5 21:17:34.033 [dnscrt] [OUT] [2024-02-05 21:17:34] [NOTICE] [ivpnmanualconfig] OK (DoH) - rtt: 155ms
Feb  5 21:17:34.034 [dnscrt] [OUT] [2024-02-05 21:17:34] [NOTICE] Server with the lowest initial latency: ivpnmanualconfig (rtt: 155ms)
Feb  5 21:17:34.034 [dnscrt] [OUT] [2024-02-05 21:17:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Feb  5 21:17:51.603 [prtcl ] [<--] 44880 GenerateDiagnostics [27]
Feb  5 21:17:51.623 [prtcl ] [-->] 44880 DiagnosticsGeneratedResp [27] 
Feb  5 21:18:08.822 [prtcl ] [<--] 44880 ConnectSettings [28]
Feb  5 21:18:08.822 [prtcl ] [-->] 44880 EmptyResp [28] 
Feb  5 21:18:15.495 [prtcl ] [<--] 44880 SetAlternateDns [29]
Feb  5 21:18:15.503 [dnscrt] Stopping dnscrypt-proxy
Feb  5 21:18:15.503 [dns   ] DNS-change monitoring stopped
Feb  5 21:18:15.503 [dns   ] Shell exec: [/usr/bin/resolvectl domain tun0 ~.]
Feb  5 21:18:15.505 [dnscrt] dnscrypt-proxy stopped
Feb  5 21:18:15.510 [dns   ] Shell exec: [/usr/bin/resolvectl default-route tun0 true]
Feb  5 21:18:15.516 [dns   ] Shell exec: [/usr/bin/resolvectl dns tun0 10.78.40.1]
Feb  5 21:18:15.523 [frwl  ] -set_dns 10.78.40.1
Feb  5 21:18:15.523 [dns   ] DNS-change monitoring start
Feb  5 21:18:15.547 [frwl  ] Shell exec: [/opt/ivpn/etc/firewall.sh -only_dns_off]
Feb  5 21:18:15.557 [prtcl ] [-->] 44880 SplitTunnelStatus [0] 
Feb  5 21:18:15.557 [prtcl ] [-->] 44880 EmptyResp [29] 
Feb  5 21:18:15.557 [prtcl ] [-->] 44880 SetAlternateDNSResp [0] 
Feb  5 21:18:16.399 [prtcl ] [<--] 44880 Disconnect [30]
Feb  5 21:18:16.399 [servc ] Disconnecting...
Feb  5 21:18:16.399 [ovpnmi] [->]: signal SIGTERM
Feb  5 21:18:16.401 [ovpnmi] [<-]: >LOG:1707164296,D,MANAGEMENT: CMD 'signal SIGTERM'
Feb  5 21:18:16.401 [ovpnmi] [<-]: SUCCESS: signal SIGTERM thrown
Feb  5 21:18:16.401 [ovpnmi] [<-]: >LOG:1707164296,I,SIGTERM received, sending exit notification to peer
Feb  5 21:18:16.572 [prtcl ] [<--] 44880 ConnectSettings [31]
Feb  5 21:18:16.572 [prtcl ] [-->] 44880 EmptyResp [31] 
Feb  5 21:18:19.419 [ovpnmi] [<-]: >LOG:1707164299,,TCP/UDP: Closing socket
Feb  5 21:18:19.420 [ovpnmi] [<-]: >LOG:1707164299,,net_route_v4_del: 198.44.131.3/32 via 192.168.18.1 dev [NULL] table 0 metric -1
Feb  5 21:18:19.420 [ovpnmi] [<-]: >LOG:1707164299,,net_route_v4_del: 0.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:18:19.420 [ovpnmi] [<-]: >LOG:1707164299,,net_route_v4_del: 128.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:18:19.420 [ovpnmi] [<-]: >LOG:1707164299,,Closing TUN/TAP interface
Feb  5 21:18:19.421 [ovpnmi] [<-]: >LOG:1707164299,I,net_addr_v4_del: 10.78.40.15 dev tun0
Feb  5 21:18:19.433 [ovpnmi] [<-]: >LOG:1707164299,I,/opt/ivpn/etc/client.down -use-resolvconf /usr/bin/resolvectl tun0 1500 0 10.78.40.15 255.255.252.0 init
Feb  5 21:18:19.454 [ovpnmi] [<-]: >LOG:1707164299,I,SIGTERM[soft,exit-with-notification] received, process exiting
Feb  5 21:18:19.454 [ovpnmi] [<-]: >LOG:1707164299,,MANAGEMENT: >STATE:1707164299,EXITING,exit-with-notification,,,,,
Feb  5 21:18:19.454 [ovpnmi] [<-]: >STATE:1707164299,EXITING,exit-with-notification,,,,,
Feb  5 21:18:19.454 [ovpnmi] State changed:EXITING
Feb  5 21:18:19.454 [servc ] State: {EXITING 1707164299,EXITING,exit-with-notification,,,,,
 OpenVPN 1707164299 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:18:19.454 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:19.455 [ovpnmi] Connection closed (EOF)
Feb  5 21:18:19.455 [ovpnmi] OpenVPN MI disconnected: 127.0.0.1:34992
Feb  5 21:18:19.455 [ovpnmi] OpenVPN MI stopped
Feb  5 21:18:19.456 [frwl  ] -set_dns 
Feb  5 21:18:19.476 [frwl  ] Client disconnected
Feb  5 21:18:19.531 [servc ] VPN state forwarder stopped
Feb  5 21:18:19.531 [dns   ] DNS-change monitoring stopped
Feb  5 21:18:19.531 [servc ] Route change receiver stopped
Feb  5 21:18:19.531 [frwl  ] Shell exec: [/opt/ivpn/etc/firewall.sh -only_dns_off]
Feb  5 21:18:19.539 [prtcl ] [-->] 44880 SplitTunnelStatus [0] 
Feb  5 21:18:19.539 [servc ] VPN process stopped
Feb  5 21:18:19.539 [prtcl ] [-->] 44880 DisconnectedResp [0] 
Feb  5 21:18:19.539 [servc ] Requesting session status...
Feb  5 21:18:19.559 [prtcl ] [<--] 44880 KillSwitchSetEnabled [32]
Feb  5 21:18:19.559 [frwl  ] Disabling...
Feb  5 21:18:19.983 [servc ] Session status request: done
Feb  5 21:18:19.991 [prtcl ] [-->] 44880 AccountStatusResp [0] 
Feb  5 21:18:20.242 [prtcl ] [-->] 44880 KillSwitchStatusResp [0] 
Feb  5 21:18:20.242 [prtcl ] [-->] 44880 EmptyResp [32] 
Feb  5 21:18:20.278 [prtcl ] [<--] 44880 APIRequest [33] geo-lookup (IPv4)
Feb  5 21:18:20.279 [prtcl ] [<--] 44880 APIRequest [34] geo-lookup (IPv6)
Feb  5 21:18:20.865 [prtcl ] [-->] 44880 APIResponse [34] geo-lookup
Feb  5 21:18:20.865 [prtcl ] [-->] 44880 APIResponse [33] geo-lookup
Feb  5 21:18:20.950 [prtcl ] [<--] 44880 Connect [35]
Feb  5 21:18:20.951 [prtcl ] [-->] 44880 EmptyResp [35] 
Feb  5 21:18:20.951 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:20.951 [servc ] Connecting...
Feb  5 21:18:20.951 [servc ] Initializing connection...
Feb  5 21:18:20.951 [servc ] VPN state forwarder started
Feb  5 21:18:20.952 [servc ] Route change receiver started
Feb  5 21:18:20.956 [ovpn  ] OpenVPN version:[2 6 8]
Feb  5 21:18:20.956 [servc ] Initializing firewall
Feb  5 21:18:20.959 [frwl  ] Enabling...
Feb  5 21:18:21.005 [prtcl ] [<--] 44880 ConnectSettings [36]
Feb  5 21:18:21.005 [prtcl ] [-->] 44880 EmptyResp [36] 
Feb  5 21:18:21.156 [frwl  ] -set_dns 
Feb  5 21:18:21.163 [frwl  ] -add_exceptions_static 198.50.177.220,149.56.162.156,198.50.177.222,149.56.162.159,198.50.177.223
Feb  5 21:18:21.174 [frwl  ] -set_user_exceptions_static_ipv6 
Feb  5 21:18:21.179 [frwl  ] -set_user_exceptions_static 
Feb  5 21:18:21.188 [prtcl ] [-->] 44880 KillSwitchStatusResp [0] 
Feb  5 21:18:21.188 [frwl  ] -add_exceptions 198.44.131.3
Feb  5 21:18:21.201 [servc ] Initializing DNS
Feb  5 21:18:21.201 [servc ] Starting VPN process
Feb  5 21:18:21.201 [ovpnmi] OpenVPN MI started
Feb  5 21:18:21.202 [ovpn  ] Configuring OpenVPN...
=====================
client
management 127.0.0.1 43609
management-client
management-hold
auth-user-pass
auth-nocache
management-query-passwords
management-signal
hand-window 6
compress
pull-filter ignore "ping"
keepalive 8 30
connect-retry 2 6
dev tun
proto udp
remote 198.44.131.3 2049
resolv-retry infinite
nobind
persist-key
ca "/opt/ivpn/etc/ca.crt"
tls-auth "/opt/ivpn/etc/ta.key" 1
cipher AES-256-CBC
remote-cert-tls server
verb 4
up "/opt/ivpn/etc/client.up -use-resolvconf /usr/bin/resolvectl"
down "/opt/ivpn/etc/client.down -use-resolvconf /usr/bin/resolvectl"
script-security 2
=====================
Feb  5 21:18:21.202 [ovpn  ] Shell exec: /usr/sbin/openvpn --config /etc/opt/ivpn/mutable/openvpn.cfg
Feb  5 21:18:21.207 [ovpnmi] OpenVPN MI connected: 127.0.0.1:56236
Feb  5 21:18:21.207 [ovpnmi] [->]: echo [IVPN_SECRET_875F1DE41838926CF55C78FAE8BE1FB]
Feb  5 21:18:21.208 [ovpnmi] Connection verified
Feb  5 21:18:21.208 [ovpnmi] [->]: version
Feb  5 21:18:21.209 [ovpnmi] [<-]: >INFO:OpenVPN Management Interface Version 5 -- type 'help' for more info
Feb  5 21:18:21.209 [ovpnmi] [<-]: >HOLD:Waiting for hold release:0
Feb  5 21:18:21.209 [ovpnmi] [->]: state on
Feb  5 21:18:21.210 [ovpnmi] [->]: log on
Feb  5 21:18:21.211 [ovpnmi] [->]: hold off
Feb  5 21:18:21.212 [ovpnmi] [->]: hold release
Feb  5 21:18:21.213 [ovpnmi] [<-]: ERROR: echo parameter must be 'on' or 'off' or some number n or 'all'
Feb  5 21:18:21.213 [ovpnmi] [<-]: OpenVPN Version: OpenVPN 2.6.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Feb  5 21:18:21.213 [ovpnmi] [<-]: Management Version: 5
Feb  5 21:18:21.213 [ovpnmi] [<-]: END
Feb  5 21:18:21.213 [ovpnmi] [<-]: SUCCESS: real-time state notification set to ON
Feb  5 21:18:21.213 [ovpnmi] [<-]: SUCCESS: real-time log notification set to ON
Feb  5 21:18:21.213 [ovpnmi] [<-]: >LOG:1707164301,D,MANAGEMENT: CMD 'hold off'
Feb  5 21:18:21.213 [ovpnmi] [<-]: SUCCESS: hold flag set to OFF
Feb  5 21:18:21.254 [ovpnmi] [<-]: >LOG:1707164301,D,MANAGEMENT: CMD 'hold release'
Feb  5 21:18:21.254 [ovpnmi] [<-]: SUCCESS: hold release succeeded
Feb  5 21:18:21.254 [ovpnmi] [<-]: >PASSWORD:Need 'Auth' username/password
Feb  5 21:18:21.256 [ovpnmi] [<-]: >LOG:1707164301,D,MANAGEMENT: CMD 'username "Auth" smtt5s7FhPU'
Feb  5 21:18:21.256 [ovpnmi] [<-]: SUCCESS: 'Auth' username entered, but not yet verified
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,D,MANAGEMENT: CMD 'password [...]'
Feb  5 21:18:21.297 [ovpnmi] [<-]: SUCCESS: 'Auth' password entered, but not yet verified
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,W,NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,,Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,,Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,,Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,,Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,I,TCP/UDP: Preserving recently used remote address: [AF_INET]198.44.131.3:2049
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,,Socket Buffers: R=[212992->212992] S=[212992->212992]
Feb  5 21:18:21.297 [ovpnmi] [<-]: >LOG:1707164301,I,UDPv4 link local: (not bound)
Feb  5 21:18:21.298 [ovpnmi] [<-]: >LOG:1707164301,I,UDPv4 link remote: [AF_INET]198.44.131.3:2049
Feb  5 21:18:21.298 [ovpnmi] [<-]: >LOG:1707164301,,MANAGEMENT: >STATE:1707164301,WAIT,,,,,,
Feb  5 21:18:21.298 [ovpnmi] [<-]: >STATE:1707164301,WAIT,,,,,,
Feb  5 21:18:21.298 [ovpnmi] State changed:WAIT
Feb  5 21:18:21.298 [servc ] State: {WAIT 1707164301,WAIT,,,,,,
 OpenVPN 1707164301 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:18:21.298 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:21.438 [ovpnmi] [<-]: >LOG:1707164301,,MANAGEMENT: >STATE:1707164301,AUTH,,,,,,
Feb  5 21:18:21.438 [ovpnmi] [<-]: >STATE:1707164301,AUTH,,,,,,
Feb  5 21:18:21.438 [ovpnmi] State changed:AUTH
Feb  5 21:18:21.438 [ovpnmi] [<-]: >LOG:1707164301,,TLS: Initial packet from [AF_INET]198.44.131.3:2049, sid=32d03e36 f9613111
Feb  5 21:18:21.438 [servc ] State: {AUTH 1707164301,AUTH,,,,,,
 OpenVPN 1707164301 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:18:21.438 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:21.605 [ovpnmi] [<-]: >LOG:1707164301,,VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=IVPN.net, OU=IVPN, CN=IVPN Root CA v2, emailAddress=support@ivpn.net
Feb  5 21:18:21.605 [ovpnmi] [<-]: >LOG:1707164301,,VERIFY KU OK
Feb  5 21:18:21.605 [ovpnmi] [<-]: >LOG:1707164301,,Validating certificate extended key usage
Feb  5 21:18:21.606 [ovpnmi] [<-]: >LOG:1707164301,,++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Feb  5 21:18:21.606 [ovpnmi] [<-]: >LOG:1707164301,,VERIFY EKU OK
Feb  5 21:18:21.606 [ovpnmi] [<-]: >LOG:1707164301,,VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=IVPN.net, OU=IVPN, CN=us-wa2.gw.ivpn.net, emailAddress=support@ivpn.net
Feb  5 21:18:21.946 [ovpnmi] [<-]: >LOG:1707164301,,Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Feb  5 21:18:21.946 [ovpnmi] [<-]: >LOG:1707164301,I,[us-wa2.gw.ivpn.net] Peer Connection Initiated with [AF_INET]198.44.131.3:2049
Feb  5 21:18:21.946 [ovpnmi] [<-]: >LOG:1707164301,,TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Feb  5 21:18:21.946 [ovpnmi] [<-]: >LOG:1707164301,,TLS: tls_multi_process: initial untrusted session promoted to trusted
Feb  5 21:18:22.684 [ovpnmi] [<-]: >LOG:1707164302,,MANAGEMENT: >STATE:1707164302,GET_CONFIG,,,,,,
Feb  5 21:18:22.685 [ovpnmi] [<-]: >STATE:1707164302,GET_CONFIG,,,,,,
Feb  5 21:18:22.685 [ovpnmi] State changed:GETCONFIG
Feb  5 21:18:22.685 [ovpnmi] [<-]: >LOG:1707164302,,SENT CONTROL [us-wa2.gw.ivpn.net]: 'PUSH_REQUEST' (status=1)
Feb  5 21:18:22.685 [servc ] State: {GETCONFIG 1707164302,GET_CONFIG,,,,,,
 OpenVPN 1707164302 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:18:22.685 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,explicit-exit-notify 3,comp-lzo no,route-gateway 10.78.40.1,topology subnet,ping 10,ping-restart 60,dhcp-option DNS 10.78.40.1,ifconfig 10.78.40.15 255.255.252.0,peer-id 13,cipher CHACHA20-POLY1305'
Feb  5 21:18:22.686 [ovpnmi] DNS pushed: 10.78.40.1
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,Pushed option removed by filter: 'ping 10'
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,Pushed option removed by filter: 'ping-restart 60'
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,OPTIONS IMPORT: --ifconfig/up options modified
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,OPTIONS IMPORT: route options modified
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,OPTIONS IMPORT: route-related options modified
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,net_route_v4_best_gw query: dst 0.0.0.0
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,net_route_v4_best_gw result: via 192.168.18.1 dev wlp2s0
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,ROUTE_GATEWAY 192.168.18.1/255.255.255.0 IFACE=wlp2s0 HWADDR=e6:d3:01:3b:c0:0d
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,I,TUN/TAP device tun0 opened
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,do_ifconfig, ipv4=1, ipv6=0
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,MANAGEMENT: >STATE:1707164302,ASSIGN_IP,,10.78.40.15,,,,
Feb  5 21:18:22.686 [ovpnmi] [<-]: >STATE:1707164302,ASSIGN_IP,,10.78.40.15,,,,
Feb  5 21:18:22.686 [ovpnmi] State changed:ASSIGNIP
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,I,net_iface_mtu_set: mtu 1500 for tun0
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,I,net_iface_up: set tun0 up
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,I,net_addr_v4_add: 10.78.40.15/22 dev tun0
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,I,/opt/ivpn/etc/client.up -use-resolvconf /usr/bin/resolvectl tun0 1500 0 10.78.40.15 255.255.252.0 init
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,net_route_v4_add: 198.44.131.3/32 via 192.168.18.1 dev [NULL] table 0 metric -1
Feb  5 21:18:22.686 [ovpnmi] DEBUG mi.go:497: New route-add command (1): /sbin/ip route add 198.44.131.3/32 via 192.168.18.1
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,net_route_v4_add: 0.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:18:22.686 [ovpnmi] DEBUG mi.go:497: New route-add command (2): /sbin/ip route add 0.0.0.0/1 via 10.78.40.1
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,net_route_v4_add: 128.0.0.0/1 via 10.78.40.1 dev [NULL] table 0 metric -1
Feb  5 21:18:22.686 [ovpnmi] DEBUG mi.go:497: New route-add command (3): /sbin/ip route add 128.0.0.0/1 via 10.78.40.1
Feb  5 21:18:22.686 [ovpnmi] [<-]: >LOG:1707164302,,Data Channel MTU parms [ mss_fix:1399 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,,Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,,Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,I,Initialization Sequence Completed
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,,MANAGEMENT: >STATE:1707164302,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
Feb  5 21:18:22.687 [ovpnmi] [<-]: >STATE:1707164302,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
Feb  5 21:18:22.687 [ovpnmi] State changed:CONNECTED
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,,Data Channel: cipher 'CHACHA20-POLY1305', peer-id: 13, compression: 'stub'
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,,Timers: ping 8, ping-restart 30
Feb  5 21:18:22.687 [ovpnmi] [<-]: >LOG:1707164302,,Protocol options: explicit-exit-notify 3
Feb  5 21:18:22.687 [servc ] State: {ASSIGNIP 1707164302,ASSIGN_IP,,10.78.40.15,,,,
 OpenVPN 1707164302 false <nil> <nil> 0 <nil> 0 0 {0 0}  0 false }
Feb  5 21:18:22.687 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:22.687 [dns   ] Shell exec: [/usr/bin/resolvectl domain tun0 ~.]
Feb  5 21:18:22.692 [dns   ] Shell exec: [/usr/bin/resolvectl default-route tun0 true]
Feb  5 21:18:22.698 [dns   ] Shell exec: [/usr/bin/resolvectl dns tun0 10.78.40.1]
Feb  5 21:18:22.704 [frwl  ] -set_dns 10.78.40.1
Feb  5 21:18:22.704 [dns   ] DNS-change monitoring start
Feb  5 21:18:22.715 [servc ] State: {INITIALISED 1707164302,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
 OpenVPN 1707164302 false 10.78.40.15 <nil> 0 198.44.131.3 2049 0 {0 0}  0 false }
Feb  5 21:18:22.715 [servc ] Starting route change detection
Feb  5 21:18:22.716 [prtcl ] [-->] 44880 VpnStateResp [0] 
Feb  5 21:18:22.716 [servc ] State: {CONNECTED 1707164302,CONNECTED,SUCCESS,10.78.40.15,198.44.131.3,2049,,
 OpenVPN 1707164302 false 10.78.40.15 <nil> 0 198.44.131.3 2049 0 {0 0}  0 false }
Feb  5 21:18:22.716 [frwl  ] Client connected: 10.78.40.15
Feb  5 21:18:22.754 [frwl  ] -remove_exceptions 198.44.131.3
Feb  5 21:18:22.776 [frwl  ] Shell exec: [/opt/ivpn/etc/firewall.sh -only_dns_off]
Feb  5 21:18:22.784 [prtcl ] [-->] 44880 SplitTunnelStatus [0] 
Feb  5 21:18:22.784 [prtcl ] [-->] 44880 ConnectedResp [0] 
Feb  5 21:18:22.842 [prtcl ] [<--] 44880 APIRequest [37] geo-lookup (IPv4)
Feb  5 21:18:22.843 [prtcl ] [<--] 44880 APIRequest [38] geo-lookup (IPv6)
Feb  5 21:18:22.843 [prtcl ] [-->] 44880 APIResponse [38] geo-lookup Error!
Feb  5 21:18:23.822 [prtcl ] [<--] 44880 ConnectSettings [39]
Feb  5 21:18:23.822 [prtcl ] [-->] 44880 EmptyResp [39] 
Feb  5 21:18:24.038 [prtcl ] [-->] 44880 APIResponse [37] geo-lookup
Feb  5 21:18:29.866 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:18:40.226 [prtcl ] [-->] 44880 WiFiCurrentNetworkResp [0] 
Feb  5 21:18:44.128 [prtcl ] [<--] 44880 GenerateDiagnostics [40]

Expected Results:

• Internet should work and I should access any website I want.

[rollsicecream]

To add a little bit of context here : I want to use NextDNS system-wide, thus I have to modify that file. I know IVPN has a built-in DNS setting, but I'm using another VPN. I use IVPN only for some testing.

[stenya]

To prevent DNS leaks, the app overwrites the DNS configuration and uses either the default IVPN configuration or the settings defined in the app. You can specify the required DNS settings in the app settings under Settings -> DNS -> Use custom DNS server when connected to IVPN.

For systems directly using resolv.conf (non-systemd systems), there is an option: Force management of DNS using resolv.conf.

Additionally, you can disable the IVPN Firewall to deactivate the blocking functionality of DNS requests to 'unexpected' DNS servers.

[rollsicecream]

It works. Closing it as completed.