[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS
Nicholas Stommel
1624317 at bugs.launchpad.net
Sat Jun 10 00:51:38 UTC 2017
Unfortunately my patch is not a good solution for upstream application.
I agree with what Beniamino Galvani mentioned, that "it is wrong to
assume the connection is a VPN based on the link type, since you can
have non-VPN tun/tap/gre/gretap connections as well, and they are
affected by this patch." However, it seems that this issue with DNS
leaks over NM-VPN connections and broken VPN split-horizon DNS using
systemd-resolved still exists upstream and doesn't have a good fix.
I think this issue needs some attention and work from the Gnome-
NM/systemd/Canonical devs, I've reached my limit here. :(
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-horizon DNS
Status in systemd:
New
Status in network-manager package in Ubuntu:
Confirmed
Status in systemd package in Ubuntu:
Confirmed
Status in network-manager source package in Artful:
Confirmed
Status in systemd source package in Artful:
Confirmed
Bug description:
I use a VPN configured with network-manager-openconnect-gnome in which
a split-horizon DNS setup assigns different addresses to some names
inside the remote network than the addresses seen for those names from
outside the remote network. However, systemd-resolved often decides
to ignore the VPN’s DNS servers and use the local network’s DNS
servers to resolve names (whether in the remote domain or not),
breaking the split-horizon DNS.
This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL:
https://bugzilla.redhat.com/show_bug.cgi?id=1151544
To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions
More information about the foundations-bugs
mailing list