DNS fails after openvpn exit

Forum Forums New users New Users and General Questions DNS fails after openvpn exit

  • This topic has 3 replies, 2 voices, and was last updated Mar 15-6:50 am by ahoppin.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • March 15, 2022 at 1:45 am #79085
    Member
    ahoppin

      After I kill openvpn, DNS resolution no longer works.

      For example, ping 8.8.8.8 succeeds, but ping google.com does not (“Name or service not known”).

      Tried /etc/init.d/networking restart and /etc/init.d/networking reload – Neither helps.

      The only solutions I’ve found are

      1. Rebooting

      2. Physically pulling and re-connecting the ethernet cable

      Is there a clean, if not necessarily elegant, way to restore DNS resolution after openvpn exits?

      Many thanks!

      March 15, 2022 at 5:49 am #79086
      Member
      lgj100
        Helpful
        Up
        0
        ::

        Hi ahoppin,

        I have something similar happen when I exit openconnect. I fix it by going into connman any disconnecting/reconnecting the wifi.

        Sincerely,
        Lars.

        March 15, 2022 at 6:36 am #79087
        Member
        ahoppin
          Helpful
          Up
          0
          ::

          On further investigation, it appears that openvpn is borking /etc/resolv.conf when it exits.

          Contents of /etc/resolv.conf in a freshly booted Antix (your NS address will probably be different) :

          # Generated by Connection Manager
search lan
nameserver 192.168.10.1

          Contents of /etc/resolv.conf after starting openvpn :

          # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvctl status" to see details about the actual nameservers
nameserver 10.14.0.1

          Contents of /etc/resolv.conf after STOPPING openvpn:

          # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvctl status" to see details about the actual nameservers

          No nameserver statement, so no DNS.

          The Antix 21 synaptic openvpn is 2.5.1-3.0nosystemd2. What is this “systemd-resolved”?

          I’m no expert, but the script below seems to do the cleanup that openvpn doesn’t. It’s a hack (the ethical kind) so I hope that someone with better chops than I have will improve it.

          su root, then paste the 5 lines below into your favorite editor and save as /usr/local/bin/openvpn. Make sure that /usr/local/bin precedes /sbin in $PATH. Don’t forget to chmod ugo+x /usr/local/bin/openvpn.

          Openvpn requires root permission so you have to sudo openvpn in a terminal window which you leave open while using your vpn. To exit openvpn, hit control-C, or type sudo killall openvpn in another terminal window.

          #!/bin/sh
# openvpn wrapper
trap "cp /tmp/dns$$ /etc/resolv.conf ; rm /tmp/dns$$ ; exit" 1 2 3 15
cp /etc/resolv.conf /tmp/dns$$
/sbin/openvpn "$@"
          March 15, 2022 at 6:50 am #79088
          Member
          ahoppin
            Helpful
            Up
            0
            ::

            Lars, thanks! That’s easier than reaching round the back of the box to unplug the ethernet cable. It’s also probably easier for lots of folks than writing a wrapper script.

            It would be easier still if openvpn and openconnect cleaned up after themselves properly. Sorry to say that my programming skills are too rusty to tackle that myself right now. 🙁

          • Author
            Posts
          Viewing 4 posts - 1 through 4 (of 4 total)
          • You must be logged in to reply to this topic.