Public bug reported: After upgrading from Ubuntu 16.04 to 18.04, my openconnect vpn connection stopped working. The problem appeared to be related to DNS resolution. After some digging, I discovered that the vpnc-script hook executed by openconnect was adding my VPN DNS servers to /etc/resolv.conf, which systemd-resolve --status was reporting as part of the global config instead of being associated with my VPN interface (tun0). This appeared to break all VPN and non-VPN traffic in my configuration.
I found that vpnc-script needed to find 'resolve' in /etc/nsswitch.conf in order to correctly configure the VPN DNS servers with systemd- resolved instead of prepending them to /etc/resolv.conf. http://git.infradead.org/users/dwmw2/vpnc- scripts.git/commitdiff/62e86babac9f734ba031a547501cbe8e5940d83b Adding 'resolve' to the 'hosts:' line in my /etc/nsswitch.conf allowed normal traffic flow. It seems like if 18.04 defaults to using systemd-resolve for DNS resolutions, then the default nsswitch.conf configuration should also declare 'resolve' in the 'hosts:' line, which does not appear to be the case. This would have allowed my VPN connection to continue working successfully after the upgrade. $ lsb_release -rd Description: Ubuntu 18.04 LTS Release: 18.04 $ dpkg -l libc-bin openconnect systemd vpnc-scripts Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=============-==================-=============-================================================ ii libc-bin 2.27-3ubuntu1 amd64 GNU C Library: Binaries ii openconnect 7.08-3 amd64 open client for Cisco AnyConnect VPN ii systemd 237-3ubuntu10 amd64 system and service manager ii vpnc-scripts 0.1~git20171005-1 all Network configuration scripts for VPNC and OpenConnect ** Affects: glibc (Ubuntu) Importance: Undecided Status: New ** Tags: openconnect systemd-resolve vpnc-script -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1769016 Title: nsswitch.conf doesn't specify 'resolve' to support systemd-resolved To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1769016/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
