Discussion:
[strongSwan] Bug #1772705 : IKEv2 VPN connections fail to use DNS servers provided by the server / follow-up
Vincent Gatignol
2018-07-24 15:12:48 UTC
Permalink
Hi there,


We are facing this issue too :

https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705


I've tested in a fresh VM (Ubuntu 18.04 / bionic) to install the strongswan/charon packages from cosmic (with version 5.6.2-2ubuntu1)


`systemd-resolve --status` show the correct DNS servers in the correct order (1st got from the VPN, 2nd from the local DHCP)


But name resolution is still using the local DNS and even with a NX_DOMAIN error, there is no switch to the other dns server.


Good news is that if I restart the service manually, the resolution is good and we can access our hosts inside vpn.


Must I post a new issue (where please) ?

Is this a normal behaviour regarding my setup (use of strongswan/charon packages from cosmic on a bionic box) ?

Other, please advise ?


Thanks for reading,

Best regards,


Vincent


Vincent Gatignol

+33 (0)6 64 61 86 97
www.braincube.com <http://braincube.com?utm_source=signature&utm_medium=e-mail&utm_campaign=lien_site_braincube>

[Loading Image... <https://braincube.com/?utm_source=signature&utm_medium=e-mail&utm_campaign=braincubeSAS>
Tobias Brunner
2018-07-24 16:10:48 UTC
Permalink
Hi Vincent,
Post by Vincent Gatignol
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705
You are not, that bug has been fixed.
Post by Vincent Gatignol
`systemd-resolve --status` show the correct DNS servers in the correct
order (1st got from the VPN, 2nd from the local DHCP)
There you go, that already contradicts the description of the existing
bug entry.
Post by Vincent Gatignol
But name resolution is still using the local DNS and even with a
NX_DOMAIN error, there is no switch to the other dns server.
Sounds like an issue with the systemd resolver, so you might want to
report that wherever appropriate.
Post by Vincent Gatignol
Good news is that if I restart the service manually, the resolution is
good and we can access our hosts inside vpn.
I guess you mean systemd-resolved?
Post by Vincent Gatignol
Must I post a new issue (where please) ?
Perhaps
https://bugs.launchpad.net/ubuntu/+source/systemd
Post by Vincent Gatignol
Is this a normal behaviour regarding my setup (use of strongswan/charon
packages from cosmic on a bionic box) ?
No idea, if that could be related, but since the DNS server is actually
installed by NM I doubt it).

Regards,
Tobias
Vincent Gatignol
2018-07-24 16:49:38 UTC
Permalink
Le 24/07/2018 à 18:10, Tobias Brunner a écrit :

Hi Vincent,

Hi Tobias,
Thanks for the quick reply !


We are facing this issue too :

https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705



You are not, that bug has been fixed.

fixed in cosmic (5.6.2-2ubuntu1) but not in bionic (5.6.2-1ubuntu2), thus the upgrade from cosmic...


`systemd-resolve --status` show the correct DNS servers in the correct
order (1st got from the VPN, 2nd from the local DHCP)



There you go, that already contradicts the description of the existing
bug entry.

yes after the applied new version of the packages, the bug is then fixed.


But name resolution is still using the local DNS and even with a
NX_DOMAIN error, there is no switch to the other dns server.



Sounds like an issue with the systemd resolver, so you might want to
report that wherever appropriate.



Good news is that if I restart the service manually, the resolution is
good and we can access our hosts inside vpn.



I guess you mean systemd-resolved?

yes it is


Must I post a new issue (where please) ?



Perhaps
https://bugs.launchpad.net/ubuntu/+source/systemd

thanks for pointing that to me

I'll check and fire a bug report if needed, then post back the link here

Regards,

Vincent



Vincent Gatignol

+33 (0)6 64 61 86 97
www.braincube.com <http://braincube.com?utm_source=signature&utm_medium=e-mail&utm_campaign=lien_site_braincube>

[https://cdn.mybraincube.com/mail/img.png?hash=0b2a5bda76b731d04b723764bede0815c8f23d37] <https://braincube.com/?utm_source=signature&utm_medium=e-mail&utm_campaign=braincubeSAS>
Vincent Gatignol
2018-07-24 17:37:22 UTC
Permalink
Here it is,

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1783377

Regards,


Vincent Gatignol

+33 (0)6 64 61 86 97
www.braincube.com <http://braincube.com?utm_source=signature&utm_medium=e-mail&utm_campaign=lien_site_braincube>

[https://cdn.mybraincube.com/mail/img.png?hash=0b2a5bda76b731d04b723764bede0815c8f23d37] <https://braincube.com/?utm_source=signature&utm_medium=e-mail&utm_campaign=braincubeSAS>
Loading...