Hi, I am trying to set up Network Manager to connect to an OpenVPN server, and have trouble understanding how it applies the DNS settings it receives from the server.
Basically, as far as I can tell, it automatically assumes that I want to use split dns, and limits the DNS servers it receives from the OpenVPN servers to the domains it assumes "belongs to" this configuration. However, it also ignores the existing DNS servers it has configured. That leaves us with a dnsmasq configured with two nameservers it will query for two specific subdomains, and no nameservers it will use for other domains. The result is that dnsmasq is only willing to respond to DNS queries for those subdomains, and respond with "REFUSED" for every other domain. I assume that this is not the way it is supposed to work, since that would mean that everyone connecting to a VPN would be unable to access most of the Internet. I therefore assume that there is something wrong with my configuration. I am however unable to tell what makes it choose this behavior. I tried to look at the code, and found the location where it adds the domains[1], but I was unable to find a way to override this behavior. Does anyone have any suggestions for what may trigger this behavior, and what I can do to avoid it? (Configuration details and logs from network manager included below.) Best regards, Olav Morken [1] http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dns-manager/nm-dns-dnsmasq.c?id=60cce4004284242f0891160e21979a3027da6e0e#n234 Configuration: Both the client and server have IPv6 enabled. The VPN configuration on the client side doesn't contain anything too exiting. It uses a TCP connection to port 443, a TUN device, and username+password authentication. Both the IPv4 and the IPv6 settings are set to "Automatic(VPN)" The OpenVPN server is configured with a TUN device and topology subnet. It pushes the following (slightly anonymized) options to the client: push "dhcp-option DNS 198.51.100.57" push "dhcp-option DNS 198.51.100.168" push "dhcp-option DOMAIN example.org" push "redirect-gateway def1 bypass-dhcp" push "route-ipv6 2000::/3" Software versions: XUbuntu 14.04 network-manager 0.9.8.8-0ubuntu7 network-manager-openvpn 0.9.8.2-1ubuntu4 openvpn 2.3.2-7ubuntu3 Log from connection: NetworkManager[924]: <info> IPv4 configuration: NetworkManager[924]: <info> Internal Gateway: 192.0.2.1 NetworkManager[924]: <info> Internal Address: 192.0.2.2 NetworkManager[924]: <info> Internal Prefix: 25 NetworkManager[924]: <info> Internal Point-to-Point Address: 0.0.0.0 NetworkManager[924]: <info> Maximum Segment Size (MSS): 0 NetworkManager[924]: <info> Forbid Default Route: no NetworkManager[924]: <info> Internal DNS: 198.51.100.57 NetworkManager[924]: <info> Internal DNS: 198.51.100.168 NetworkManager[924]: <info> DNS Domain: 'example.org' NetworkManager[924]: <info> IPv6 configuration: NetworkManager[924]: <info> Internal Address: 2001:db81:4561::1000 NetworkManager[924]: <info> Internal Prefix: 64 NetworkManager[924]: <info> Internal Point-to-Point Address: 2001:db81:4561::1 NetworkManager[924]: <info> Maximum Segment Size (MSS): 0 NetworkManager[924]: <info> Static Route: 2000::/3 Next Hop: 2000:: NetworkManager[924]: <info> Forbid Default Route: no NetworkManager[924]: <info> DNS Domain: 'example.org' NetworkManager[924]: <info> VPN connection 'example-openvpn-config' (IP Config Get) complete. NetworkManager[924]: <info> Policy set 'example-openvpn-config' (tun0) as default for IPv4 routing and DNS. NetworkManager[924]: <info> Policy set 'example-openvpn-config' (tun0) as default for IPv6 routing and DNS. NetworkManager[924]: <info> Writing DNS information to /sbin/resolvconf dnsmasq[1464]: setting upstream servers from DBus dnsmasq[1464]: using nameserver 198.51.100.168#53 for domain 0.192.in-addr.arpa dnsmasq[1464]: using nameserver 198.51.100.168#53 for domain example.org dnsmasq[1464]: using nameserver 198.51.100.57#53 for domain 0.192.in-addr.arpa dnsmasq[1464]: using nameserver 198.51.100.57#53 for domain example.org _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
