2

I started getting some issue on my Ubuntu 18.04 a few days ago even though I didn't change any networking settings.

The problem is when I connect to my work VPN (OpenVPN) I can't resolve any DNS names on that VPN network if I select "Use this connection only for resources on this network". If I disable that option then I can resolve DNS inside the network, but naturally can't connect to anything outside.

Here's the output of systemd-resolve --status if I DISABLE "Use this connection only for resources on this network" and connect to the VPN:

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 10.xxx.xx.xx
          DNS Domain: ~.

So it actually shows the DNS server. But once I switch "Use this connection only for resources on this network" back ON:

Link 11 (tun1)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 10 (tun0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

I have tried solutions in this question Ubuntu 18.04 no DNS resolution when connected to openvpn but nothing seemed to work.

I've also tried using unbound package and that didn't help either.

Found also this Suddenly not able to access resources on VPN network in Ubuntu 18.04? so I'm obviously not alone in this, but it doesn't have any solutions.

A bit lost what else to do, don't want to reinstall the whole system because of this.

SergioLeone
  • 245
  • What you ask is not a straight forward situation and you might not find simple answer on the net. You can only tweak routing but what you ask is that Linux should resolve different domains using different server, which is not achievable unless you run a DNS server. – Alvin Liang Nov 13 '19 at 11:55
  • We have a DNS server that is pushing the domains on that network. And everything was working fine for me until just a few days back where suddenly I couldn't resolve anything on that network anymore. It works for my colleagues on their Windows machines (and I'm the only one with Linux here) so I assume it's something that has happened to my local config.

    Until today I was just temporarily adding the nameserver to /etc/resolv.conf and that was solving it of course, but after the fixes today I've broken something even more, so now modifying /etc/resolv.conf does not work anymore.

     – SergioLeone Nov 13 '19 at 12:08
  • Is there any way to restore these settings? I've tried this https://askubuntu.com/questions/1106659/how-to-reset-dns-settings-to-the-defaults but it didn't help – SergioLeone Nov 13 '19 at 12:11
  • 1
    Actually I've added nameserver and search in /etc/resolv.conf and that fixed it. But of course that's a temporary fix. Would like to figure out what caused the issue in the first place and how to resolve it so I don't need to modify /etc/resolv.conf each time I boot. – SergioLeone Nov 13 '19 at 12:15

4 Answers4

2

I may have solved it with this command: 

nmcli c modify <vpn-settings-name> ipv4.dns-search '<domain>'

The <vpn-settings-name> should be the same as in your NetworkManager settings.

For now seems to be doing the trick, I haven't modified anything post boot apart from issuing the command above, and now systemd-resolve --status shows the correct DNS for the VPN network.

Wanted to post a solution in case any one else struggles with the same issue.

SergioLeone
  • 245
  • In your response, you leave out <domain> what is <domain> supposed to be set to? – Troy Weber Dec 10 '20 at 00:42
  • Sorry, I thought that was clear from the command itself - it's the "DNS search domain". In my case it was the domain of my employer's intranet where the server is located, in the form of <company-name>.org – SergioLeone Dec 12 '20 at 12:32
1

I found the following.

When ticking the "Use this connection only for resources on this network" I had no DNS as per the question.

If it was unticked, I had a duplicate default route, which once deleted, everything including DNS would work.

Comparing the output of systemd-resolve --status of these two scenarios I found the following:

When DNS worked but the options created the duplicate route, it would show this:

      DNS Domain: ~.
                  corporate-network.local

When DNS didn't work, it would show this:

      DNS Domain: corporate-network.local

The solution, therefore, is to tick the "Use this connection only for resources on this network" box and to enter ~. as an additional DNS domain.

Now the connection works directly from the network manager without having to delete the spurious default gateway and all the internal DNS resolves.

bcmcfc
  • 838
  • I'm seeing this behavior as well and if this worked for you, I want to try it. But where do you add the ~.? I don't see anywhere in the VPN manager to do so. Can you supply an image? It could also be difference between Ubuntu 18.04 and 20.04... – Troy Weber Dec 12 '20 at 16:43
  • @TroyWeber I imagine this comes too late for you, but this is what you're after (at least, it worked for me. I'm not a networking person). https://imgur.com/a/4samp8X – Tom Jardine-McNamara Aug 23 '21 at 13:31
0

Try reimporting your original .ovpn file if you haven't already. I experienced a similar issue where my VPN's DNS server would not show in systemd-resolve --status, but once I reimported my .ovpn file in Network Manager, the problem was resolved.

leonexis
  • 341
  • Tried that - didn't help. Still if I select "Use this connection only for resources on this network" I can't see the VPN's DNS server in systemd-resolve --status. Have updated my question with a bit more details – SergioLeone Nov 14 '19 at 06:14
0

Entering nmcli c modify "Put your VPN Name Here" ipv4.dns-search ~. in the command line, and restarting the VPN connection worked for me.

Omid Khalili
  • 152