This became an issue in Fedora 33 when they went to systemd-resolved. They have just packaged and updated to strongsWan 5.9.2 and I can confirm it resolves this issue without workarounds.
This is a VPN, surely for security reasons alone we should be getting the latest packages as updates? This affects every version of Ubuntu 18 / Bionic as the latest I can find is 5.9.1 I would appreciate any hints on how to ask for something to be done... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1783377 Title: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers Status in systemd package in Ubuntu: Confirmed Bug description: Ubuntu 18.04.1 / bionic systemd: Installé : 237-3ubuntu10.3 Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705) -> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2): network-manager-strongswan: Installé : 1.4.4-1 Candidat : 1.4.4-1 Table de version : *** 1.4.4-1 300 300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages 100 /var/lib/dpkg/status 1.4.2-2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages libcharon-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libcharon-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-extra-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages libstrongswan-standard-plugins: Installé : 5.6.2-2ubuntu1 Candidat : 5.6.2-2ubuntu1 Table de version : *** 5.6.2-2ubuntu1 300 300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages 100 /var/lib/dpkg/status 5.6.2-1ubuntu2 500 500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages Before connecting the VPN, `systemd-resolve --status` shows : DNS Servers: 192.168.1.254 # my home box resolver After connecting : DNS Servers: 10.0.0.254 # DNS resolver provided by the VPN server 192.168.1.254 # my home box resolver This seems OK, but the resolution fails as it is still using the local DNS : systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP. After issuing `systemctl reload-or-restart systemd-resolved.service`, everything seems fine. systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298 systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A. systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3. systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A systemd-resolved[5651]: Transaction 9273 for <my.host.inside.vpn IN A> scope dns on enp0s3/*. systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273. systemd-resolved[5651]: Using DNS server 10.0.0.254 for transaction 9273. I was hoping that `systemd-resolved` could find the new DNS without restarting its service after connecting to the VPN. Thanks for reading Best Regards, Vincent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
