| View previous topic :: View next topic |
| Author |
Message |
Langest
n00b
Joined: 19 Jan 2018
Posts: 48
|
 Posted: Sat Jan 20, 2018 8:13 pm Post subject: [Solved] NetworkManager overwrites resolv.conf for OpenVpn |
 |
|
I have problems with DNS leakage because network manager overwrites resolv.conf for openvpn. Searchin I found out about openresolv when reading through the arch wiki and it seems like it has solved similar problems for other people as well. But I think I am using it wrong or it just don't work.
When booting it seems like there is a race for resolv.conf and sometimes openvpn sets the dns server I want and sometimes NetworkManager sets its dns server. I don't think either of them actually uses openresolv, because resolv.conf says in its comment that it is generated by either nm or openvpn.
Any idea what might be wrong?
Thank you!
Langest
Last edited by Langest on Wed Jan 31, 2018 8:43 pm; edited 3 times in total |
|
| Back to top |
|
 |
soitgoes0745
n00b
Joined: 08 May 2017
Posts: 28
Location: Dallas
|
| Posted: Sat Jan 20, 2018 9:04 pm Post subject: |
|
|
| Have you attempted to create a /etc/resolv.conf.head file with your VPNs DNS servers? This will prepend these nameservers to resolv.conf. |
|
| Back to top |
|
|
Langest
n00b
Joined: 19 Jan 2018
Posts: 48
|
| Posted: Sun Jan 21, 2018 7:22 pm Post subject: |
|
|
| soitgoes0745 wrote: | | Have you attempted to create a /etc/resolv.conf.head file with your VPNs DNS servers? This will prepend these nameservers to resolv.conf. |
That did the trick!
Didn't solve the issue with the race condition but that doesn't matter if I can prepend my own servers.
Thank you! |
|
| Back to top |
|
|
soitgoes0745
n00b
Joined: 08 May 2017
Posts: 28
Location: Dallas
|
| Posted: Sun Jan 21, 2018 7:36 pm Post subject: |
|
|
| You are welcome. |
|
| Back to top |
|
|
Langest
n00b
Joined: 19 Jan 2018
Posts: 48
|
| Posted: Sun Jan 21, 2018 8:20 pm Post subject: |
|
|
Sorry, I thought it worked but it turns out that is only works when openvpn is last to modify resolv.conf. When nm generates it, it doesn't care about the resolv.conf.head.
Could it be that nm doesn't use openresolv to generate the resolv.conf? OpenVpn leaves a comment | Code: | # Generated by resolvconf
|
while NetworkManager leaves a comment | Code: | | # Generated by NetworkManager |
|
|
| Back to top |
|
|
soitgoes0745
n00b
Joined: 08 May 2017
Posts: 28
Location: Dallas
|
| Posted: Sun Jan 21, 2018 9:00 pm Post subject: |
|
|
I don’t use NetworkManager but I was reading the ArchWiki in regards to your issue and it was suggested that you could make resolv.conf immutable by:
| Code: |
# chattr +i /etc/resolv.conf
|
In my opinion this seems like a hack and could create issues outside of your usual network, but I am no network guru. |
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 135
|
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 135
|
| Posted: Sun Jan 28, 2018 4:03 pm Post subject: |
|
|
| UberLord wrote: | | Ensure that NetworkManager has the resovlconf USE flag. |
On my system I have - -resolvconf and solution I specified works.
I mean, no need in resolvconf flag for networkmanager, if u specify "dns=none" in NM conf, as i described earlier.
| Code: | # equery u networkmanager
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for net-misc/networkmanager-1.8.4:
U I
- - abi_x86_32 : 32-bit (x86) libraries
- - audit : Enable support for Linux audit subsystem using sys-process/audit
+ + bluetooth : Enable Bluetooth Support
- - connection-sharing : Use net-dns/dnsmasq and net-firewall/iptables for connection sharing
+ + consolekit : Use sys-auth/consolekit for session tracking
+ + dhclient : Use dhclient from net-misc/dhcp for getting ip
- - dhcpcd : Use net-misc/dhcpcd for getting ip
- - gnutls : Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
+ + introspection : Add support for GObject based introspection
- - json : Enable JSON validation via dev-libs/jansson in libnm.
+ + modemmanager : Enable support for mobile broadband devices using net-misc/modemmanager
+ + ncurses : Add ncurses support (console display library)
+ + nss : Use dev-libs/nss for cryptography
- - ofono : Use net-misc/ofono for telephony support.
+ + policykit : Enable PolicyKit authentication support
+ + ppp : Enable support for mobile broadband and PPPoE connections using net-dialup/ppp
- - resolvconf : Use net-dns/openresolv for managing DNS information
- - systemd : Enable use of systemd-specific libraries and features like socket activation or session tracking
- - teamd : Enable Teamd control support
- - test : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore
- - vala : Enable bindings for dev-lang/vala
+ + wext : Enable support for the deprecated Wext (Wireless Extensions) API; needed for some older drivers (e.g. ipw2200, ndiswrapper)
+ + wifi : Enable support for wifi and 802.1x security using net-wireless/wpa_supplicant |
|
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 135
|
|
| Back to top |
|
|
Langest
n00b
Joined: 19 Jan 2018
Posts: 48
|
| Posted: Wed Jan 31, 2018 8:43 pm Post subject: |
|
|
Thank you!
That did the trick. |
|
| Back to top |
|
|
|
Networking & Security
