[Bug 1783377] Re: systemd-resolved updated by network-manager-strongswan needed to restart to use the new dns servers
Vin'c
launchpad at gatignol.fr
Thu Aug 30 14:51:32 UTC 2018
A small script to do the job :
* install 18.10 repository with lower pin priority
* install a hook that restarts "systemd-resolved" on "vpn-pre-up" action
** Attachment added: "# Script to deploy strongswan's packages on 18.04 from 18.10 # and add logic to restart systemd-resolve service when connecting"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377/+attachment/5182682/+files/vpn_fix_strongswan_ubuntu18.sh
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1783377
Title:
systemd-resolved updated by network-manager-strongswan needed to
restart to use the new dns servers
Status in systemd package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04.1 / bionic
systemd:
Installé : 237-3ubuntu10.3
Fresh install on a VM, was facing a bug when connecting to strongswan
ikev2 vpn
(https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705)
-> Updated from cosmic the required packages for the VPN that has the
bug fixed (5.6.2-2):
network-manager-strongswan:
Installé : 1.4.4-1
Candidat : 1.4.4-1
Table de version :
*** 1.4.4-1 300
300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages
100 /var/lib/dpkg/status
1.4.2-2 500
500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
libcharon-extra-plugins:
Installé : 5.6.2-2ubuntu1
Candidat : 5.6.2-2ubuntu1
Table de version :
*** 5.6.2-2ubuntu1 300
300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
100 /var/lib/dpkg/status
5.6.2-1ubuntu2 500
500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libcharon-standard-plugins:
Installé : 5.6.2-2ubuntu1
Candidat : 5.6.2-2ubuntu1
Table de version :
*** 5.6.2-2ubuntu1 300
300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
100 /var/lib/dpkg/status
5.6.2-1ubuntu2 500
500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libstrongswan-extra-plugins:
Installé : 5.6.2-2ubuntu1
Candidat : 5.6.2-2ubuntu1
Table de version :
*** 5.6.2-2ubuntu1 300
300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
100 /var/lib/dpkg/status
5.6.2-1ubuntu2 500
500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libstrongswan-standard-plugins:
Installé : 5.6.2-2ubuntu1
Candidat : 5.6.2-2ubuntu1
Table de version :
*** 5.6.2-2ubuntu1 300
300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
100 /var/lib/dpkg/status
5.6.2-1ubuntu2 500
500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
Before connecting the VPN, `systemd-resolve --status` shows :
DNS Servers: 192.168.1.254 # my home box resolver
After connecting :
DNS Servers: 10.0.0.254 # DNS resolver provided by the VPN server
192.168.1.254 # my home box resolver
This seems OK, but the resolution fails as it is still using the local DNS :
systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
After issuing `systemctl reload-or-restart systemd-resolved.service`,
everything seems fine.
systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298
systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A.
systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3.
systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A
systemd-resolved[5651]: Transaction 9273 for <my.host.inside.vpn IN A> scope dns on enp0s3/*.
systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273.
systemd-resolved[5651]: Using DNS server 10.0.0.254 for transaction 9273.
I was hoping that `systemd-resolved` could find the new DNS without
restarting its service after connecting to the VPN.
Thanks for reading
Best Regards,
Vincent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377/+subscriptions
More information about the foundations-bugs
mailing list