After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 775655 - Networkmanager OpenVPN: pushed DNS servers are not applied on the second and following connection attempts
Networkmanager OpenVPN: pushed DNS servers are not applied on the second and ...
Status: RESOLVED NOTGNOME
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
1.4.x
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2016-12-05 18:33 UTC by Till Schäfer
Modified: 2016-12-07 17:56 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Till Schäfer 2016-12-05 18:33:40 UTC 
I have configures an OpenVpn connection in Networkmanager resolving DNS queries over dnsmasq. The VPN server also pushes a DNS server, which is then used for some subnet on the client side. 

When I connect the first time to the VPN everything works as expected and the DNS request are resolved. However, if I re-connect to the network a second time (or an n-th time), the DNS queries to the VPN domain are no longer resolved and nslookup returns "refused". 

when i manually use the pushed DNS server (e.g. "nslookup somedomain <ip of pushed dns server>", it still works. Thus, the connection and the routing is working, but the DNS queries are not resolved. 

Both times, i.e. during the first and second connection attempt, i can see that the DNS server is pushed to dnsmasq: 

> Dez 05 18:56:29 computername dnsmasq[655]: using nameserver 172.16.0.1#53 for domain somedomain.net

However, the ordering in which DNS servers are reported to dnsmasq has changed. Maybe this is the problem?


------------ FIRST connection attempt --------------------
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 129.217.4.42#53(via enp0s25)
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 129.217.4.43#53(via enp0s25)
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 129.217.129.42#53(via wlp4s0)
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain tisa.somedomain.net
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain somdomain.net
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 0.16.172.in-addr.arpa
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 1.16.172.in-addr.arpa
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 0.5.10.in-addr.arpa
Dez 05 19:05:29 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 2.168.192.in-addr.arpa



------------ FIRST connection attempt --------------------
rkManager[441]: <info>  [1480961169.4133] device (wlp4s0): Activation: successful, device activated.
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: setting upstream servers from DBus
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 129.217.4.42#53(via enp0s25)
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 129.217.4.43#53(via enp0s25)
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain tisa.somedomain.net
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain somedomain.net
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 0.16.172.in-addr.arpa
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 1.16.172.in-addr.arpa
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 0.5.10.in-addr.arpa
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 172.16.0.1#53 for domain 2.168.192.in-addr.arpa
Dez 05 19:06:09 nb-algecraft dnsmasq[655]: using nameserver 129.217.129.42#53(via wlp4s0)

--------------------------------------------------------------


The issue has also been reported for Ubuntu 16.10: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1644098
Comment 1 Till Schäfer 2016-12-05 18:34:31 UTC 
the second log was from the second attempt of course.....
Comment 2 Till Schäfer 2016-12-05 18:38:22 UTC 
Further notice: the ordering just seems to be random. I have got the first ordering for another connection attempt (not the first one) and DNS is still not working.
Comment 3 Till Schäfer 2016-12-05 19:30:11 UTC 
i have enabled the query log of dnsmasq and it dnsmasq is simply not forwarding the query: 


--------- first query log   -------------
Dez 05 20:16:17 nb-algecraft dnsmasq[12138]: query[A] vpn.somedomain.net from 127.0.0.1
Dez 05 20:16:17 nb-algecraft dnsmasq[12138]: forwarded vpn.somedomain.net to 172.16.0.1
Dez 05 20:16:17 nb-algecraft dnsmasq[12138]: reply vpn.somedomain.net is <CNAME>


---------- second query log -------------
Dez 05 20:18:00 nb-algecraft dnsmasq[12138]: query[A] vpn.somedomain.net from 127.0.0.1
Dez 05 20:18:00 nb-algecraft dnsmasq[12138]: query[A] vpn.somedomain.net from 127.0.0.1
Dez 05 20:18:00 nb-algecraft dnsmasq[12138]: query[A] vpn.somedomain.net.tisa.somedomain.net from 127.0.0.1
Dez 05 20:18:00 nb-algecraft dnsmasq[12138]: query[A] vpn.somedomain.net.tisa.somedomain.net from 127.0.0.1
Comment 4 Beniamino Galvani 2016-12-06 07:51:29 UTC 
(In reply to Till Schäfer from comment #3)
> i have enabled the query log of dnsmasq and it dnsmasq is simply not
> forwarding the query: 

Perhaps the cause is this dnsmasq bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1367772

fixed by upstream commit:

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2675f2061525bc954be14988d64384b74aa7bf8b
Comment 5 Till Schäfer 2016-12-07 17:56:52 UTC 
I can confirm that the above patch applied on dnsmasq 2.76 resolves the issue. Thx a lot! 

I have marked this bug as RESOLVED NOTGNOME then.