I just upgraded my system from Ubuntu 18.04 to Ubuntu 18.10. Previously I was using openfortivpn 1.6.0 and NetworkManager network- manager-fortisslvpn{,-gnome} 1.2.8 with NetworkManager 1.10.14.
Now I'm using openfortivpn 1.7.1 and network-manager-fortisslvpn{,-gnome} 1.2.8 with NetworkManager 1.12.4.
The problem is that my DNS is no longer working, at all: both short name (which never worked right since systemd-resolved came along and screwed everything up) and FQDN lookups fail. I am still using systemd-resolved; I haven't tried switching back to using dnsmasq.
I actually have a second VPN using OpenVPN which is deprecated by my company but is still working, and if I connect using that instead of openfortivpn my DNS works (well anyway, the FQDN lookups work).
It seems like perhaps something broke either between openfortivpn 1.6.0 and 1.7.1, or else in the DNS interface between NetworkManager 1.10 and 1.12. Or maybe it's just some bizarre misconfiguration. Any ideas how to track this down further?
More info:
When I connect with openvpn (working) I see this in journalctl:
NetworkManager[1412]: <info> vpn-connection[6:(tun0)]: Data: Internal DNS: 10.3.0.10 NetworkManager[1412]: <info> vpn-connection[6:(tun0)]: Data: Internal DNS: 10.8.42.2 NetworkManager[1412]: <info> vpn-connection[6:(tun0)]: Data: DNS Domain: 'in.mynet.com' NetworkManager[1412]: <info> vpn-connection[6:(tun0)]: Data: No IPv6 configuration NetworkManager[1412]: <info> vpn-connection[6:(tun0)]: VPN plugin: state changed: started (4) NetworkManager[1412]: <info> vpn-connection[6:(tun0)]: VPN connection: (IP Config Get) complete
When I connect with openfortivpn (not working) I see this in journalctl:
NetworkManager[1412]: <info> vpn-connection[5:(ppp0)]: Data: Internal DNS: 10.3.42.17 NetworkManager[1412]: <info> vpn-connection[5:(ppp0)]: Data: Internal DNS: 10.3.42.18 NetworkManager[1412]: <info> vpn-connection[5:(ppp0)]: Data: DNS Domain: '(none)' NetworkManager[1412]: <info> vpn-connection[5:(ppp0)]: Data: No IPv6 configuration NetworkManager[1412]: <info> vpn-connection[5:(ppp0)]: VPN plugin: state changed: started (4) NetworkManager[1412]: <info> vpn-connection[5:(ppp0)]: VPN connection: (IP Config Get) complete
It's weird that the DNS servers are different but I checked and they all work (using "host myhost.in.mynet.com <ipaddr>" shows a successful lookup from all four of the above IP addresses) so I guess that's correct.
It's also odd that the new DNS Domain value is '(none)'; I'll ask my network config folks about that, but since I'm giving a FQDN anyway shouldn't that not matter? Is it possible that this is causing all DNS lookups to fail for some reason?
Now looking at resolved status and comparing the two I get this diff:
-Link 4 (tun0) - Current Scopes: DNS +Link 5 (ppp0) + Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no - Current DNS Server: 10.3.0.10 - DNS Servers: 10.3.0.10 - 10.8.42.2 - DNS Domain: in.mynet.com - out.mynet.com
So, somehow systemd-resolved isn't enabling any sort of DNS for the openfortivpn connection.
Is there other logging I should be enabling or examining?
| 