DNS-Settings on Network-Manager when using VPN

network-manager dns vpn vpnc
15,621

Solution 1

I googled here and have exactly the same issue too. (Ubuntu 19.04)

For me, this answer solved.

nmcli c modify <vpn-settings-name> ipv4.dns-search '<domain>'

You should specify <vpn-settings-name> that corresponds to a VPN setting name in GUI. And <domain> is the domain name you want to search via DNS in the remote network.

After reconnecting to VPN, systemd-resolved status ppp0 shows

Link 6 (ppp0)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.1
         DNS Servers: 192.168.1.1 (<--- my dns)
                      192.168.1.10
          DNS Domain: corp

Solution 2

Just adding to soymsk's answer. It seems that the DNS server from the VPN connection will be used if either:

  • The VPN is set to be used for all traffic
  • There is a DNS Search Domain associated with the VPN connection

As soymsk suggested, you can set the search domain on the client using nmcli.

If you're in control of the VPN server it's probably better to push out the DNS Search Domain from the VPN server. That way you don't have to set it on each client.

I added the following line to /etc/openvpn/server.conf on my VPN server and it had the same effect as setting the DNS Search Domain on the client:

push "dhcp-option DOMAIN <domain>"

Where <domain> is the domain you want added to any unqualified host names you try to access (the domain of your local network). the important thing seems to be that a DNS Search Domain is set for the VPN connection, it doesn't matter how the DNS Search Domain is se

Share:
15,621
schwupp
Author by

schwupp

Updated on September 18, 2022

Comments

  • schwupp
    schwupp over 1 year

    I recently updated to 19.04 and noticed some change in NetworkManager when using VPNs.

    • I want to use a VPN with an own local DNS-server, which is pushed from DHCP
    • I have seperate VPN profiles. One for a "full VPN" which installes a default-route to the remote network, and one "split tunnel" profile, having the setting for local resources only enabled

    Since i updated to 19.04, NetworkManager seems to only use the pushed DNS server, what means when the default-route is allowed to install (when checkbox "use this connection only for resources on its network") is not checked.

    Let NetworkManager install a default route:

    ~$ resolvectl status tun0
Link 16 (tun0)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.1
         DNS Servers: 192.168.1.1
          DNS Domain: local.domain

    activate checkbox for local resources only in the same vpn profile:

    ~$ resolvectl status tun0
Link 8 (tun0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

    This setting was working independently from default-route-setting before, seems like it changed with new 19.04 NetworkManager (v1.16.0). Can anyone confirm?

    Edit: This is a desktop installation. Here are some details:

    ~$ ls -al /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Apr 20 15:41 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

~$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search uman.enbw.net

~$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

~$ cat /etc/netplan/*.yaml
# Let NetworkManager manage all devices on this system
network:
  version: 2
  renderer: NetworkManager
    • Boris Hamanov
      Boris Hamanov almost 5 years
      Are you using a desktop or server installation? Edit your question and show me ls -al /etc/resolv.conf and cat /etc/resolv.conf and cat /etc/network/interfaces and cat /etc/netplan/*.yaml.
    • Catscrash
      Catscrash almost 5 years
      I have exactly the same issue, did you find any resolution?
    • schwupp
      schwupp almost 5 years
      no still same situation here, i have not found a solution for this. still not using DNS when having no default routing...
  • schwupp
    schwupp over 4 years
    at first try your command seems to do the trick here, too! I will observe this a few days and see if this command will be persistent.
  • schwupp
    schwupp over 4 years
    after using the nmcli command for a few weeks i can confirm that this works like a charm, thanks a lot!
  • EdC
    EdC over 4 years
    Thank you, I've been trying to work out how to do this all week.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

add a route for VPN with NetworkManager
vpnc has stopped working with Cisco VPN gateway Ubuntu 13.04
Network only using one DNS when connected to VPN
block outside dns, fix dns leak ubuntu 18.04
How to automatically connect to VPN with Network-Manager
No Internet connection after disconnecting from VPN in Ubuntu 18.04
Connect/disconnect from VPN from the command line
DNS leak on ubuntu 16.04
VPN has not worked since upgrading to 12.04
ssh: connect to host [ip] port 22: No route to host