Public bug reported:
If you leave openvpn running for long enough it will eventually begin to
fail with output like:
May 27 19:16:54 wakko nm-openvpn[16480]: RESOLVE: Cannot resolve host
address: XXXX: Temporary failure in name resolution
Analysis shows this is because openvpn is sending DNS queries to
127.0.0.1:
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 8
connect(8, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
poll([{fd=8, events=POLLOUT}], 1, 0) = 1 ([{fd=8, revents=POLLOUT}])
sendto(8, ..., 30, MSG_NOSIGNAL, NULL, 0) = 30
However, this is not correct, dnsmasq listens on 127.0.1.1.
It appears the a cause of this is the chroot, the chroot has no
resolv.conf in it and the glibc default is to use 127.0.0.1
openvpn does a DNS query before chroot'ing which used to be enough to
cache resolv.conf forever. I wonder if something has changed in glibc
recently to cause the resolv.conf to be reloaded (eg Debian apparently
has a patch that does this)
A work around would be to copy the system resolv.conf into
/var/lib/openvpn/chroot before starting openvpn
Seen on Xenial and a few prior versions.
** Affects: network-manager-openvpn (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1586570
Title:
openvpn chroot does not have a valid resolv.conf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1586570/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
