Bug 298249 - Wrong order for nameservers in resolv.conf when OpenVPN connection made
Summary: Wrong order for nameservers in resolv.conf when OpenVPN connection made
Status: RESOLVED UPSTREAM
Alias: None
Product: Network Management
Classification: Unmaintained
Component: OpenVPN (show other bugs)
Version: 0.9
Platform: Debian testing Linux
: NOR normal
Target Milestone: ---
Assignee: Lamarque V. Souza
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-16 14:53 UTC by todd
Modified: 2012-04-16 15:16 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description todd 2012-04-16 14:53:53 UTC 
When I connected to my most used OpenVPN server I was finding that internet browsing slowed down dramatically. I have the VPN connection set to "Use only for resources on this connection" so I was expecting to see internet traffic routed over the local network. Using traceroute I found that indeed the data packets were going over the proper connection, but that name requests were all going over the VPN connection. Looking at resolv.conf while I was both connected and disconnected to the VPN showed that when the connection is made to the VPN, the nameserver for the VPN was being inserted in the resolv.conf ABOVE the existing nameserver address for the local network. In this case it caused all DNS requests for names outside of the local domain to be passed to the nameserver on the VPN first.

The proper procedure should be that when a VPN connection is made, network-manager places the new nameserver in resolv.conf BELOW the local nameserver already there. Unless there is a use case where the current way is preferred. 

A workaround is to use "Automatic (VPN) addresses only" and then manually enter the address for the local nameserver and VPN nameserver, in that order, in the "DNS Servers:" field. This places the two nameservers into the resolv.conf in the proper order. This does have the drawback of having to change the local nameserver(s) address manually depending on the local network you are connected to.

I can see where this may be the preferred behavior when using the VPN for ALL trafic, but when using it only for traffic to the VPN, shouldn't the local nameserver remain first in the resolv.conf?

Reproducible: Always

Steps to Reproduce:
1. connect to local network
2. connect to VPN that is set to "Use only for resources on this connection"
3. view the contents of resolv.conf
Actual Results:  
All DNS requests are sent first the the nameserver(s) acquired during DHCP with the VPN, due to the VPN nameservers being inserted into resolv.conf above the local network nameservers.

Expected Results:  
When "Use only for resources on this connection" is checked, the nameservers for the VPN should be inserted into the resolv.conf below the local nameservers.

This bug may apply to the underlying network-manager core... I am not sure.

distro = Debian Wheezy (testing)
kernel = 3.2.0-2-amd64
network-manager = 0.9.2.0-2
plasma-widget-networkmanagement = 0.9.0-1+b1
Comment 1 Lamarque V. Souza 2012-04-16 15:16:18 UTC 
This is an upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=673793