#745103 network-manager: NM doesn't remove VPN dns from resolv.conf when VPN connection is closed #745103
- Package:
- network-manager
- Source:
- network-manager
- Description:
- network management framework (daemon and userspace tools)
- Submitter:
- Mike Hommey
- Date:
- 2024-04-04 10:39:03 UTC
- Severity:
- important
Dear Maintainer, Steps to reproduce: - Look at /etc/resolv.conf - Setup a VPN connection when the other end pushes DNS configuration - Connect to that VPN. - Look at /etc/resolv.conf getting the VPN DNS added - Disconnect from VPN - Look at /etc/resolv.conf *not* being updated (or, if you're lucky, just have the entries reordered, but that doesn't happen a lot) The outcome is that every connection from thereafter is slow because the first thing libc does is to query the VPN DNS since it's first, which, since you're not connected anymore, doesn't answer. A cursory look at the code suggests this is a problem on network-manager's end, not on the particular VPN plugin's end, but fwiw, i'm using the n-m-openvpn plugin. Mike
I can confirm this with NM 1.0.8-1 in current testing.
I can confirm that something like this is still happening with network-manager 1.46.0-1 (Debian testing machine), when using network-manager-strongswan: before switching on the VPN, /etc/resolv.conf reads: nameserver 192.168.0.1 nameserver 0.0.0.0 then with the VPN on, it becomes # Generated by NetworkManager nameserver <VPN nameserver redacted> nameserver <VPN nameserver redacted> but after the VPN is switched off, it collapses to just one line: # Generated by NetworkManager making DNS lookups impossible. Manually reverting /etc/resolv.conf to its original state restores normal networking. Best wishes, Julian
Am 03.04.24 um 13:42 schrieb Julian Gilbey: If that is really /etc/resolv.conf verbatim, it means it was not created by NetworkManager. Which somehow suggests you use another network management tool besides NetworkManager. A mix and match is not a good idea and as far as I'm concerned, unsupportable.
Hi Michael, Ah, you've probably just solved my problem - thank you! I had no idea that there was another network management tool involved. A quick look suggests that it's ifupdown, so I'll try removing that and see what happens. Best wishes, Julian
Am 04.04.24 um 07:21 schrieb Julian Gilbey: Don't forget to remove the configuration from /etc/network/interfaces (or completely remove that file) after uninstalling ifupdown. Michael
Thanks; I figured that out after a while ;-) And I'm pleased to say it's all working well now. Best wishes, Julian