[Touch-packages] [Bug 1783377] Re: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers
I would add https://wiki.strongswan.org/issues/3615 - Local workaround with a script triggered in `pre-up` stage to restart service - Explanation of upstream workaround (see previous comment/commit) that uses a dummy TUN device --- Also the workaround we use at the moment (choose from this one or the script from [strongswan#3615](https://wiki.strongswan.org/issues/3615)) : use `network-manager` (static) instead of `systemd-resolved` sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved Put `dns=default` in the `[main]` section of your `/etc/NetworkManager/NetworkManager.conf`: [main] dns=default Delete the symlink /etc/resolv.conf rm /etc/resolv.conf Restart network-manager sudo service network-manager restart ** Bug watch added: wiki.strongswan.org/issues #3615 https://wiki.strongswan.org/issues/3615 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1783377 Title: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers Status in systemd package in Ubuntu: Confirmed Bug description: Ubuntu 18.04.1 / bionic systemd: Installé : 237-3ubuntu10.3 Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705) -> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2): network-manager-strongswan: Installé : 1.4.4-1 Candidat : 1.4.4-1 Table de version : *** 1.4.4-1 300 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages 100 /var/lib/dpkg/status 1.4.2-2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages libcharon-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libcharon-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages Before connecting the VPN, `systemd-resolve --status` shows : DNS Servers: 192.168.1.254 # my home box resolver After connecting : DNS Servers: 10.0.0.254# DNS resolver provided by the VPN server 192.168.1.254 # my home box resolver This seems OK, but the resolution fails as it is still using the local DNS : systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. After issuing `systemctl reload-or-restart systemd-resolved.service`, everything seems fine. systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298 systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A. systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3. systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A systemd-resolved[5651]: Transaction 9273 for scope dns on enp0s3/*. systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273. systemd-resolved[5651]: Using DNS server 10.0.0.254 for transaction 9273. I was hoping that `systemd-resolved` could find the new DNS without restarting its service after connecting to the VPN. Thanks for reading Best Regards, Vincent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1783377] Re: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers
A small script to do the job : * install 18.10 repository with lower pin priority * install a hook that restarts "systemd-resolved" on "vpn-pre-up" action ** Attachment added: "# Script to deploy strongswan's packages on 18.04 from 18.10 # and add logic to restart systemd-resolve service when connecting" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377/+attachment/5182682/+files/vpn_fix_strongswan_ubuntu18.sh -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1783377 Title: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers Status in systemd package in Ubuntu: Confirmed Bug description: Ubuntu 18.04.1 / bionic systemd: Installé : 237-3ubuntu10.3 Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705) -> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2): network-manager-strongswan: Installé : 1.4.4-1 Candidat : 1.4.4-1 Table de version : *** 1.4.4-1 300 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages 100 /var/lib/dpkg/status 1.4.2-2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages libcharon-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libcharon-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages Before connecting the VPN, `systemd-resolve --status` shows : DNS Servers: 192.168.1.254 # my home box resolver After connecting : DNS Servers: 10.0.0.254# DNS resolver provided by the VPN server 192.168.1.254 # my home box resolver This seems OK, but the resolution fails as it is still using the local DNS : systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. After issuing `systemctl reload-or-restart systemd-resolved.service`, everything seems fine. systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298 systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A. systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3. systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A systemd-resolved[5651]: Transaction 9273 for scope dns on enp0s3/*. systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273. systemd-resolved[5651]: Using DNS server 10.0.0.254 for transaction 9273. I was hoping that `systemd-resolved` could find the new DNS without restarting its service after connecting to the VPN. Thanks for reading Best Regards, Vincent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1783377] Re: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers
** Description changed: Ubuntu 18.04.1 / bionic + + systemd: + Installé : 237-3ubuntu10.3 Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705) -> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2): network-manager-strongswan: - Installé : 1.4.4-1 - Candidat : 1.4.4-1 - Table de version : - *** 1.4.4-1 300 - 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages - 100 /var/lib/dpkg/status - 1.4.2-2 500 - 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages + Installé : 1.4.4-1 + Candidat : 1.4.4-1 + Table de version : + *** 1.4.4-1 300 + 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages + 100 /var/lib/dpkg/status + 1.4.2-2 500 + 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages libcharon-extra-plugins: - Installé : 5.6.2-2ubuntu1 - Candidat : 5.6.2-2ubuntu1 - Table de version : - *** 5.6.2-2ubuntu1 300 - 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages - 100 /var/lib/dpkg/status - 5.6.2-1ubuntu2 500 - 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages + Installé : 5.6.2-2ubuntu1 + Candidat : 5.6.2-2ubuntu1 + Table de version : + *** 5.6.2-2ubuntu1 300 + 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages + 100 /var/lib/dpkg/status + 5.6.2-1ubuntu2 500 + 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libcharon-standard-plugins: - Installé : 5.6.2-2ubuntu1 - Candidat : 5.6.2-2ubuntu1 - Table de version : - *** 5.6.2-2ubuntu1 300 - 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages - 100 /var/lib/dpkg/status - 5.6.2-1ubuntu2 500 - 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages + Installé : 5.6.2-2ubuntu1 + Candidat : 5.6.2-2ubuntu1 + Table de version : + *** 5.6.2-2ubuntu1 300 + 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages + 100 /var/lib/dpkg/status + 5.6.2-1ubuntu2 500 + 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-extra-plugins: - Installé : 5.6.2-2ubuntu1 - Candidat : 5.6.2-2ubuntu1 - Table de version : - *** 5.6.2-2ubuntu1 300 - 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages - 100 /var/lib/dpkg/status - 5.6.2-1ubuntu2 500 - 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages + Installé : 5.6.2-2ubuntu1 + Candidat : 5.6.2-2ubuntu1 + Table de version : + *** 5.6.2-2ubuntu1 300 + 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages + 100 /var/lib/dpkg/status + 5.6.2-1ubuntu2 500 + 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-standard-plugins: - Installé : 5.6.2-2ubuntu1 - Candidat : 5.6.2-2ubuntu1 - Table de version : - *** 5.6.2-2ubuntu1 300 - 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages - 100 /var/lib/dpkg/status - 5.6.2-1ubuntu2 500 - 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages + Installé : 5.6.2-2ubuntu1 + Candidat : 5.6.2-2ubuntu1 + Table de version : + *** 5.6.2-2ubuntu1 300 + 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages + 100 /var/lib/dpkg/status + 5.6.2-1ubuntu2 500 + 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages Before connecting the VPN, `systemd-resolve --status` shows : - DNS Servers: 192.168.1.254 # my home box resolver + DNS Servers: 192.168.1.254 # my home box resolver After connecting : - DNS Servers: 10.0.0.254# DNS resolver provided by the VPN server - 192.168.1.254 # my home box resolver + DNS Servers: 10.0.0.254# DNS resolver provided by the VPN server + 192.168.1.254 # my home box resolver This seems OK, but the resolution fails as it is still using the local DNS : systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. After issuing `systemctl reload-or-restart systemd-resolved.service`, everything seems fine. systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298 systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A. systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3. systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A systemd-resolved[5651]: Transaction 9273 for scope dns on enp0s3/*. systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273. systemd-resolved[5651]: Using DNS server 10.0.0.254
[Touch-packages] [Bug 1783377] [NEW] systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers
Public bug reported: Ubuntu 18.04.1 / bionic Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705) -> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2): network-manager-strongswan: Installé : 1.4.4-1 Candidat : 1.4.4-1 Table de version : *** 1.4.4-1 300 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages 100 /var/lib/dpkg/status 1.4.2-2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages libcharon-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libcharon-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages Before connecting the VPN, `systemd-resolve --status` shows : DNS Servers: 192.168.1.254 # my home box resolver After connecting : DNS Servers: 10.0.0.254# DNS resolver provided by the VPN server 192.168.1.254 # my home box resolver This seems OK, but the resolution fails as it is still using the local DNS : systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. After issuing `systemctl reload-or-restart systemd-resolved.service`, everything seems fine. systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298 systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A. systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3. systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A systemd-resolved[5651]: Transaction 9273 for scope dns on enp0s3/*. systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273. systemd-resolved[5651]: Using DNS server 10.0.0.254 for transaction 9273. I was hoping that `systemd-resolved` could find the new DNS without restarting its service after connecting to the VPN. Thanks for reading Best Regards, Vincet ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1783377 Title: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers Status in systemd package in Ubuntu: New Bug description: Ubuntu 18.04.1 / bionic Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705) -> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2): network-manager-strongswan: Installé : 1.4.4-1 Candidat : 1.4.4-1 Table de version : *** 1.4.4-1 300 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages 100 /var/lib/dpkg/status 1.4.2-2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages libcharon-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libcharon-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-extra-plugins: Installé : 5.6.2-2ubuntu1
