i have one issue about Network Manager and VPN connection with remote DNS servers.
VPN type - L2TP+IPSEC, configured auto IPv4 settings.
My settings before i connected to VPN network: cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 8.8.8.8
After i connected to VPN network, Network Manager reconfigure DNS settings, this is fine: nmcli connection
NAME UUID TYPE DEVICE
VPN-Office 46d96c71-ba0b-4d3d-b6b1-0f29302ab453 vpn enp3s0 <- is UP state
cat /etc/resolv.conf
Generated by resolvconf
nameserver 10.134.7.11
nameserver 10.134.7.12
But after disconnecting from the VPN network, settings do not return to their original state:
nmcli connection
NAME UUID TYPE DEVICE
VPN-Office 46d96c71-ba0b-4d3d-b6b1-0f29302ab453 vpn – <- is DOWN state
cat /etc/resolv.conf
nameserver 10.134.7.11
nameserver 10.134.7.12
nameserver 1.1.1.1
“# NOTE: the libc resolver may not support more than 3 nameservers.”
“# The nameservers listed below may not be recognized.”
nameserver 8.8.8.8
And i have slow DNS resolution problem, because the DNS servers obtained when connecting to the VPN are no longer available.
How i can resolve this issue?
Find out which programs update your /etc/resolv.conf and configure them properly.
One example is to not use any program and use a static /etc/resolv.conf . You should not make the resolve file immutable.
Program that might edit your /etc/resolv.conf NetworkManager, systemd-resolved with systemd-resolvconf or openresolv. All 3 programs can be configured to stop updating /etc/resolv.conf or always use the same name servers. But do not mix them, use only one!
If NetworkManager creates the /etc/resolv.conf , it always add in the first line
# Generated by NetworkManager
no execptions. If this line is not present it was not create by NetworkManager.
Maybe you modified the cat output, but it is not present in your first post.
This is strong evidence that not NetworkManager changed the /etc/resolv.conf
Again do not mix tools to modify /etc/resolv.conf !
The static /etc/resolv.conf was just one example to fix it. Since you are using global DNS Server, there is no DNS leaking with it. But of cousre if you need to use the VPN provided DNS server, this will not help.
cat listing after VPN connections is DOWN:
[ngnix-pc ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.134.7.11
nameserver 10.134.7.12
nameserver 1.1.1.1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 8.8.8.8
Yes, you’re right, i need use remote DNS servers (VPN side) if i connected to VPN, and i don’t use them if i disconnected from VPN network.
Сonfiguration of network settings (and DNS servers) takes place on our side.
the behavior of DNS settings does not depend on the remote VPN side, the main thing is that we got them at all.
The current above issue only depends on the behavior of the Network Manager.
How sure are you that the /etc/resolv.conf file while connecting to the VPN is created by NM? By the way, if installed remove openresolv and systemd-resolvconf , just to be sure.
However it might be a bug in networkmanager-l2tp . You should create a bug report.
In addition to xabbu’s advice, changes to /etc/resolv.conf are generally temporary: "If resolvconf is available DNS information will be sent to it, if not, then dhcpcd itself will write to /etc/resolv.conf. openresolv is a resolvconf implementation and "is most known for allowing multiple applications to modify /etc/resolv.conf"