openvpn3-linux
openvpn3-linux copied to clipboard
OpenVPN
OpenVPN3 doesn't set back previous DNS after disconnect using systemd-resolved in stub mode
I am using the latest Arch Linux with systemd-resolved. I am dealing with rather two problems, but the most annoying is the case in stub resolve.conf mode.
So in foreign mode (with usual /etc/resolv.conf mode) OpenVPN3 just adds VPN's DNS server to the list, but it doesn't make it primary even if I am overriding with dns-scope: global:
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 10.25.1.3
DNS Servers: 10.25.1.3 192.168.88.1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
DNS Domain: EXAMPLE example.org example.com
#
# Generated by OpenVPN 3 Linux (NetCfg::DNS::ResolvConfFile)
# Last updated: 2024-03-22 18:33:46
#
search EXAMPLE example.org example.com
# OpenVPN defined name servers
nameserver 10.25.1.3
# System defined name servers
nameserver 192.168.88.1
192.168.88.1 is my home network cache server. In that case corporate services with domain other than from DNS Domain list resolves to external IP (dns-scope: global was here to fix it or I missed something?). The reason for this problem probably missing ~. in domains.
But in stub mode situation is even more weird. So OpenVPN finally detects stub mode and sets only one DNS:
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 10.25.1.3
DNS Servers: 10.25.1.3
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
DNS Domain: EXAMPLE example.org example.com ~.
#
# Generated by OpenVPN 3 Linux (NetCfg::DNS::ResolvConfFile)
# Last updated: 2024-03-22 18:41:29
#
search EXAMPLE example.org example.com .
# OpenVPN defined name servers
nameserver 10.25.1.3
# System defined name servers
nameserver 127.0.0.53
# Other system settings
options edns0 trust-ad
Finally even corporate resources with domain other than from Domain list resolving, but after proper disconnecting it leaves the corporate DNS installed for systemd-resolved:
resolvectl in bash at 18:44:13
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 10.25.1.3
DNS Servers: 10.25.1.3
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
DNS Domain: EXAMPLE example.org example.com ~.
So basically network breaks and until I will manually do systemctl restart systemd-resolved.service it won't recover. For me it looks at least strange and probably broken.
