Re: vpnc plugin: order of resolv.conf entries when using Mobile Broadband vs. (W)LAN

From: Marc Luethi <netztier bluewin ch>
To: networkmanager-list gnome org
Subject: Re: vpnc plugin: order of resolv.conf entries when using Mobile Broadband vs. (W)LAN
Date: Thu, 05 Feb 2009 21:57:24 +0100

Hi all

Sorry for the delay - there was practically no time to play around with
my laptop these days.

In the meantime, I had to upgrade to network-manager packages from
Launchpad PPA, because the Huawei E220 UMTS device didn't work with the
normal version shipped with Ubuntu 8.10 (see first post).

network-manager:       0.7-0ubuntu1~nm1~intrepid1
network-manager-gnome: 0.7-0ubuntu1~nm1~intrepid1
network-manager-vpnc:  0.7-0ubuntu1~nm1~intrepid1

I guess these names don't mean much - they're available here:

https://launchpad.net/~network-manager/+archive/ppa

And if I understand correctly, are based on 0.7 final and were release
on Dec 28 2008.

Nonetheless, even with these versions of network-manager packages, I had
the same issue with the sequence of the name-server entries
in /etc/resolv.conf as described in the first post.

On Tue, 2009-01-20 at 22:46 -0500, Dan Williams wrote:
> Ok, so your home netblock is still being routed over the VPN because the
> server is pushing down a route that explicitly directs the traffic from
> your home network over the VPN before the routing table even gets to the
> default route.

I wouldn't know that I had configured the VPN Box to do that (in the
sense of "pushing a route" or an explicit split tunnel configuration). I
rather think that this comes from the fact that the tun0 gets assigned
an IP address from my home network block with mask /24 - so
172.20.125.0/24 implictely becomes what we call a "connected subnet" in
cisco speak.

But let's stay on topic...

> Yeah, so this doesn't look correct.  Let's assume that perhaps
> resolvconf is screwing something up since it's obviously rewriting the
> file.  Would you mind moving the resolvconf binary
> (usually /bin/resolvconf) out of the way so that NM can't find it?  NM
> *should* then fall back to writing out /etc/resolv.conf directly, which
> should allow us to isolate whether NM is indeed getting the nameserver
> ordering wrong, or whether it's the extra indirection of resolvconf

So I renamed /sbin/resolvconf to something else and now /etc/resolv.conf
looks somewhat different (most noticeably it now says "generated by
NetworkManager").

Mobile Broadband up, VPN Tunnel down:
(DNS IP addresses are different from first post, different mobile
broadband provider).

~$ more /etc/resolv.conf
# Generated by NetworkManager
nameserver 212.35.35.35
nameserver 212.35.35.5

Mobile Broadband up, VPN Tunnel up:

~$ more /etc/resolv.conf
# Generated by NetworkManager
domain <my home domain>
search <my home domain>
nameserver 172.20.125.30
nameserver 212.35.35.35
nameserver 212.35.35.5

Now that does look better indeed. Same goes when using the (home based)
WLAN hotspot outside the VPN Gateway (Hotspot Subnet: 172.20.124.0/24)

Hotspot WLAN up, VPN down:

~$ more /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.20.124.1

Hotspon WLAN up, VPN up;

~$ more /etc/resolv.conf
# Generated by NetworkManager
domain <my home domain>
search <my home domain>
nameserver 172.20.125.30
nameserver 172.20.124.1

Does this leave us with a resolv.conf issue, then?
Well, there seems to be somewhat of an issue:

https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/183585

regards

Marc

Follow-Ups:
- Re: vpnc plugin: order of resolv.conf entries when using Mobile Broadband vs. (W)LAN
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]