systemd.resolved resets /etc/resolv.conf and connection is lost.

[cdysthe]

On systems using systemd.resolved the connection breaks when systemd resets resolv.conf to default. It happens after a few miinutes.

Replacing systemd.resolved with another resolver the problem is solved, but it would be good if OpenFortiGui could work with systemd.reolved since more and more systems are using it (Ubuntu 18.04 is one).

[theinvisible]

Hi,

thanks for your report.

As i didnt tested 18.04 in detail i cannot say anything about this right now. Nevertheless setting DNS relies on openfortivpn, so i will forward this.

Regards Rene

[DimitriPapadopoulos]

@cdysthe Could you try the following settings?

• Uncheck Options > Advanced > Set DNS so that openfortivpn does not handle DNS or overwrite /etc/resolv.conf.
• Uncheck Options > PPPD > PPPD no peerdns so that pppd does handle DNS - and hopefully does the right thing.

These options work for me when running openfortivpn 1.7.0 from the command line on Ubuntu 18.04. See adrienverge/openfortivpn#332.

[DimitriPapadopoulos]

@cdysthe Did this help?

• Check Options > Advanced > Set DNS.
• Uncheck Options > PPPD > PPPD no peerdns.

[theinvisible]

As of version 0.7 the new openfortivpn style is used for setting DNS. Also i still dont have a 18.04 machine running here but will come soonest.

[boospy]

@theinvisible Maybe my new wikientry help you to solve the problem: https://deepdoc.at/dokuwiki/doku.php?id=server_und_serverdienste:systemd-resolved_durch_dnsmasq_ersetzen

[edmundlaugasson]

Issue persist in OpenfortiGUI 0.9.5. After disconnecting, the /etc/resolv.conf is empty if Set DNS parameter is enabled. When disabling it, actually DNS will be set :) If enabled, /etc/resolv.conf will be empty after disconnecting VPN. If not set, /etc/resolv.conf contains proper DNS-server, either if VPN is connected or disconnected. At the same time Options > PPPD > PPPD no peerdns is not selected by default. Sounds like it does its work. In current case using EndeavourOS (closely based on Arch Linux)

[DimitriPapadopoulos]

File /etc/rtesolv.conf is not necessarily relevant on modern Linux machines. I suggest you focus on whether DNS resolution works or not. To make sure DNS resolution works, try both:

• nslookup <hostname>
• systemd-resolve <hostname>

It would help if you could post actual command outputs and file contents instead of describing them, it would be easier to follow.

[edmundlaugasson]

Certainly, when addresses are opening, name resolving works and vice versa. In current case just resolvconf is used (second command systemd-resolve does not work). I understand, that current issue is related with systemd.resolved but as a result Internet connectivity is broken also in case of resolvconf. Luckily I found the Set DNS parameter (while No peerdns was already turned off by default) to turn off in order to get it work. Just mentioning, that it was not intuitive to catch this initially.

[DimitriPapadopoulos]

It would help if you could post actual command outputs and file contents instead of describing them, it would be easier to follow.