#StackBounty: #command-line #networking #network-manager #vpn #openvpn Openvpn connection problem using network manager

Bounty: 50

I have problem with connecting to vpn my company gave me those files along with a password

openvpn folder

I tried to import them this way
1- I go to Network Setting
2- then I press the plus button to add new connection
3- then I choose import from file option
4- then I select the tw-proxmox-ovh_vpn.ovpn file
5- and finally I put the password and save

after this is I try to connect I get this message

error message

and if I check the syslog I find this error

enter image description here

I looked around in google and I found two ways

The first way is to use this command line each time I have to connect

sudo openvpn /home/pookyfox/Documents/tw-proxmox-ovh_vpn/tw-proxmox-ovh_vpn.ovpn

This way is so much boring each time open my laptop I have to and execute the command and put the password and leave the terminal open

The second way is to import network connection using this command line

sudo nmcli c import type openvpn file tw-proxmox-ovh_vpn.ovpn

The problem in this way is that if I connect to the network I get a success message but I only have access to the VPN not any other website (like google for example) and to resolve the I have to check this Use this network only for its resources on its network in the network setting in the IPv4 tab and my guess is that I have overridden some hidden setting when I save after checking that button.

And here’s the OpenVPN configuration

client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert tw-proxmox-ovh_vpn.crt
key tw-proxmox-ovh_vpn.key
remote [ip_adress] [port]
cipher DES-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
tls-cipher "DEFAULT:@SECLEVEL=0"

I had to add the tls-cipher "DEFAULT:@SECLEVEL=0" because I had an other issue.
So my question is how can I use network manager to connect to the VPN ?(just like the second way but with the box checked)


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!

#StackBounty: #18.04 #network-manager #systemd #systemd-resolved Prioritize VPN's DNS Server

Bounty: 100

Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?

I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).

I’ve replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com

However, when I connected today the DNS entries were reordered.

# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com

The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).

systemd-resolve works just fine and can resolve the hosts using the proper DNS server.

$ systemd-resolve --status --no-pager
Global
          DNSSEC NTA: ...

Link 10 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.53
          DNS Domain: internal.example.com

Link 2 (eno1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.1
                      8.8.8.8
                      8.8.4.4
                      192.168.1.53
          DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no

ping, nslookup, and ssh all fail though.

$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known

A few notes.

I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.

I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.


Get this bounty!!!