search

jonathanio / update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus.
Other
761 stars 94 forks source link

[Bug]: Debian 12 (bookworm) - "WARNING: Failed running command (--up/--down): external program exited with error status: 1" #120

Closed superclarkk closed 1 year ago

superclarkk commented 1 year ago

Version in use.

master

Your Linux distribution.

Debian 12 (Bookworm)

Your systemd version.

systemd 252 (252.12-1~deb12u1)

Your network management software.

Something else (please give details in the bug description text field)

Please describe the bug.

System Environment

OS: Debian 12 (Bookworm) - fresh, default installation Kernel: Linux 6.1.0-12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.52-1 (2023-09-07) x86_64 GNU/Linux Openvpn: 2.6.3 x86_64-pc-linux-gnu systemctl doesn't list systemd-networkd, but does list "networking.service" resolvectl is not installed on the system Note that ifconfig was not installed by default, as it's deprecated in favour of ip. However, I installed it via net-tools

Installation

git clone https://github.com/jonathanio/update-systemd-resolved.git cd update-systemd-resolved make

Problem Description

I was using this package on Ubuntu 20.04 for a few years, and it worked flawlessly. I've just migrated to Debian. Unfortunately, it doesn't fulfil the requirements, as resolvectl is not installed by default, and I can't find it in the repo. However, it does fulfil all other requirements.

When attempting to connect to my vpn, the following error is returned:

2023-09-27 19:16:49 //usr/local/libexec/openvpn/update-systemd-resolved tun1 1500 0 10.8.0.8 255.255.255.0 init
2023-09-27 19:16:49 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2023-09-27 19:16:49 Exiting due to fatal error

If there's any other info I need to share, just let me know.

Output of resolvectl status.

resolvectl is not installed on the system

Other helpful details.

Not sure how to obtain the my-openvpn-client.service name

tomeon commented 1 year ago

Hello, and thanks for your report. It seems unlikely that your Debian system is using systemd-resolved for name resolution. Please post the contents of your /etc/resolv.conf and /etc/nsswitch.conf (or, if not the entire /etc/nsswitch.conf, at least the definition of the hosts database's sources: grep '^hosts:' /etc/nsswitch.conf). Also, please check whether the systemd-resolved package is installed (apt list --installed systemd-resolved) and whether the systemd-resolved.service unit is running (systemctl status -l systemd-resolved.service). Note that the systemd-resolved package provides /usr/bin/resolvectl, so the fact that your system appears to lack the resolvectl executable strongly suggests that systemd-resolved is absent altogether.

superclarkk commented 1 year ago

I really appreciate the response - thank you! I've provided the requested info below.

Note that, according to the release notes, upgrades to Debian 12 from previous versions that were using systemd-resolved need to install the new systemd-resolved package, which includes resolvectl, to make name resolution work. I'm hesitant to do that, considering mine is a fresh install, and I'm not yet clear about how it works. I believe it uses BIND, but I'm attempting to find out more about it. Still, Debian, and probably Ubuntu (as it's based on Debian), seem to be deprecating systemd-resolved, so this issue is likely to crop up more and more going forward.

/etc/resolv.conf

# Generated by NetworkManager
search home
nameserver 192.168.1.254

/etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files systemd
gshadow:        files systemd

# Original:
# hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname

# From https://github.com/jonathanio/update-systemd-resolved/issues
hosts: files resolve dns myhostname

networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
$ apt list --installed systemd-resolved
Listing... Done
$
$ systemctl status -l systemd-resolved.service
Unit systemd-resolved.service could not be found.
$
superclarkk commented 1 year ago

OK, after some research, it was clear from resolv.conf that it was using glibc for name resolution. This is what the release notes meant by, "Note that systemd-resolved was not, and still is not, the default DNS resolver in Debian".

Thus, I installed the systemd-resolved package, and now update-systemd-resolved is working as expected. :)

Thanks for your help. Sorry to waste your time to reply.

superclarkk commented 1 year ago

Interestingly, it seems like this package is actually in the Debian repo, and can be installed using apt install openvpn-systemd-resolved. I've tried it, and it does prevent the leaks.