3

I've been working at my company for over a year, and have never had this particular issue with my VPN. Unfortunately, I don't know much about networking so I'm a little confused at what's happening. Here's the behavior on a Fedora 25 workstation totally fresh install.

run sudo openconnect --juniper somevpn.com
cat /etc/resolv.conf immediately after the connection is made shows all the various nameservers I can connect to at work. trying to actually navigate to any of the sites on the local network fails, and even regardless of that, if I check the resolve.conf again just a few seconds after the connection is made, I'll see that I'm back on my local network, although the process for the VPN is still going.

So is there some black-list that I'm not aware of? What's going in and rewriting my resolve.conf? I've got VPN connected on other devices, so I know my credentials are fine, and I'm positive I'm below the maximum number of allowed connections.

Csteele5
  • 133
  • 4
  • 2
    systemd-resolved will change `/run/systemd/resolve/resolv.conf` based on the network you connect to, and sometimes that is symlinked to `/etc/resolv.conf`. Making `/etc/resolv.conf` a standalone file will break this functionality, so systemd will stop trying to manage your `/etc/resolv.conf`. Restoring the symlink will restore the functionality. Same (recommended) functionality is present at `/usr/lib/systemd/resolv.conf` See https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html. – Patrick Sep 01 '17 at 14:31
  • I noticed that the former file you mentioned doesn't exist, so I checked the status of the `systemd-resolved` service, and sure enough it was dead. After starting it back up and running my VPN again, I'm able to connect. Thanks, and if you want to wrap that up into an answer, I'll gladly accept it. – Csteele5 Sep 01 '17 at 14:38
  • You're very welcome. I'll submit it as an answer. – Patrick Sep 01 '17 at 14:38

1 Answers1

5

Systemd-Resolved usually handles changing /etc/resolv.conf based on the network you're connecting to:

  • When connecting to a network, it will change /run/systemd/resolve/resolv.conf, in some cases on your system, this file may be symlinked to /etc/resolv.conf - If that is the case, systemd-resolved will change /etc/resolv.conf accordingly. If this symlink is not present, systemd-resolved will not change /etc/resolv.conf

  • The same kind of functionality is present at /usr/lib/systemd/resolv.conf Once again, if that symlink is present, systemd-resolved will handle /etc/resolv.conf

Additionally, if this is wrecking your DNS, after connection you can still manually change /etc/resolv.conf

You can additionally use systemctl stop systemd-resolved && systemctl disbale systemd-resolved - the disable command will prevent this from running at system boot. The stop will shutdown the current instance of resolved. You will need to edit (and remove) the symlink that exists from /etc/resolv.conf

Patrick
  • 589
  • 3
  • 20
  • How does this answer the question? I'm experiencing the same. Initially `/run/systemd/resolv/stub-resolv.conf` (symlinked to `/etc/resolv.conf`) has the proper vpn info. Then, with zero errors/output from my running openconnect terminal, all of the sudden it's back to my router's default DNS info. So, something is causing `systemd-resolved` to go back to the router's settings vs. the VPN settings. – Hendy Jul 26 '19 at 21:06
  • 1
    Eh, ignore I guess. In this case the user had issues with `systemd-resolved`. I missed that from the comments. The behavior I have sounded the same, but isn't. My `systemd-resolved` has no errors, and is not dead, yet still drops the proper vpn DNS settings for some reason. – Hendy Jul 26 '19 at 21:07
  • I also don't understand how this is an answer. So systemd-resolvd is the one doing the changing, but how do I fix the problem? Why does systemd-resolvd drop the nameservers that were added when I connected to VPN? How do I prevent this? – cheshirekow Jun 16 '21 at 17:17
  • I added in some clarity to how to disable this. Does that help? – Patrick Jun 17 '21 at 18:19
  • There are any drawback on disable `systemd-resolved`? – LuisComS Aug 09 '22 at 20:32