Openvpn, network manager and resolv.conf
I have an openvpn setting which sets the DNS on the client through the VPN. I am in holidays going from hotel to hotel and I see that resolv.conf stays the same, i.e. the one networkmanager writes from the hotel DHCP. Network manager does *not* manage the openvpn connexion due to a broken conception which leads to a security threat (it does not use the whole client configuration the letting IPv6 communication in clear). What is the best way to get 1) an easy way to set up wifi (in each hotel...) and 2) a really secure VPN setting with DNS also managed by the VPN ? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51bf323b.8060...@rail.eu.org
Re: Openvpn, network manager and resolv.conf
On Mon, Jun 17, 2013 at 08:58:51AM -0700, Erwan David wrote: I am in holidays going from hotel to hotel and I see that resolv.conf stays the same, i.e. the one networkmanager writes from the hotel DHCP. It sounds like you may not have the resolvconf package installed. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130617162546.GA5716@tuzo
Re: Openvpn, network manager and resolv.conf
Le 17/06/2013 09:25, Sean Alexandre a écrit : On Mon, Jun 17, 2013 at 08:58:51AM -0700, Erwan David wrote: I am in holidays going from hotel to hotel and I see that resolv.conf stays the same, i.e. the one networkmanager writes from the hotel DHCP. It sounds like you may not have the resolvconf package installed. I have... And I see in my resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 search key.chillispot.info And in /var/log/daemon.log Jun 17 17:35:27 bibi ovpn-dedibox[4076]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a01:e0b:2070:1::1001/64 2a01:e0b:2070:1::1,tun-ipv6,route-ipv6 2000::/3 2a01:0e0b:2070:1::1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN rail.eu.org,tun-ipv6,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' which shows that the openvpn server pushed the DNS -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51bfaceb.7040...@rail.eu.org
Re: Openvpn, network manager and resolv.conf
On Mon, Jun 17, 2013 at 05:42:19PM -0700, Erwan David wrote: Le 17/06/2013 09:25, Sean Alexandre a écrit : It sounds like you may not have the resolvconf package installed. I have... And I see in my resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 search key.chillispot.info And in /var/log/daemon.log Jun 17 17:35:27 bibi ovpn-dedibox[4076]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a01:e0b:2070:1::1001/64 2a01:e0b:2070:1::1,tun-ipv6,route-ipv6 2000::/3 2a01:0e0b:2070:1::1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN rail.eu.org,tun-ipv6,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' which shows that the openvpn server pushed the DNS Your openvpn config file may be missing these two lines: up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf You should be seeing a log file entry like this, that shows resolv.conf has been updated: Sun June 16 08:18:10 2013 us=8295 /etc/openvpn/update-resolv-conf tun0 1500 1562 10.0.122.114 10.0.122.113 init -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130618024004.GA10498@tuzo
Re: Openvpn, network manager and resolv.conf
Le 17/06/2013 19:40, Sean Alexandre a écrit : On Mon, Jun 17, 2013 at 05:42:19PM -0700, Erwan David wrote: Le 17/06/2013 09:25, Sean Alexandre a écrit : It sounds like you may not have the resolvconf package installed. I have... And I see in my resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 search key.chillispot.info And in /var/log/daemon.log Jun 17 17:35:27 bibi ovpn-dedibox[4076]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a01:e0b:2070:1::1001/64 2a01:e0b:2070:1::1,tun-ipv6,route-ipv6 2000::/3 2a01:0e0b:2070:1::1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN rail.eu.org,tun-ipv6,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' which shows that the openvpn server pushed the DNS Your openvpn config file may be missing these two lines: up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf You should be seeing a log file entry like this, that shows resolv.conf has been updated: Sun June 16 08:18:10 2013 us=8295 /etc/openvpn/update-resolv-conf tun0 1500 1562 10.0.122.114 10.0.122.113 init That would mazke the config file on client not only linux but even debian specific. And good security dictates that such decision should be forced by server. I remember it once worked this way... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51bfd49d.5010...@rail.eu.org
Re: Openvpn, network manager and resolv.conf
On Mon, Jun 17, 2013 at 08:31:41PM -0700, Erwan David wrote: Le 17/06/2013 19:40, Sean Alexandre a écrit : Your openvpn config file may be missing these two lines: up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf You should be seeing a log file entry like this, that shows resolv.conf has been updated: Sun June 16 08:18:10 2013 us=8295 /etc/openvpn/update-resolv-conf tun0 1500 1562 10.0.122.114 10.0.122.113 init That would mazke the config file on client not only linux but even debian specific. And good security dictates that such decision should be forced by server. I remember it once worked this way... I see your point. I don't know if there's a way to do that -- to configure the OpenVPN server to update resolv.conf for all clients without the clients needing to configure anything. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130618034814.GA11868@tuzo
Re: network-manager and resolv.conf
On 04/22/2011 11:58 AM, Camaleón wrote: On Thu, 21 Apr 2011 08:25:36 -0700, tony mollica wrote: Using deb6-amd64 and I've searched for an acceptable solution but I find none that I like. The problem is that I would like to have this 'option single-request' lline in /etc/resolv.conf but network-manager continuously removes the line (and anything else it doesn't care for). There must be a way to identify this line as a permanent line or add it to the network manager config somewhere so it is always added back in when resolv.conf is changed. Question is: Where is that setting located? If you can't beat them, join them :-) Look at man networkmanager, it seems that you can tell NM to pass some values by scripting the desired commands by means of /etc/NetworkManager/ dispatcher.d/ folder. Maybe you can create a simple script -carefully look for the script requirements- that adds the option single-request value to /etc/ resolv.conf every time NM is in use. Greetings, Been through the docs several times, and maybe I missed it, but I find no documentation on file names or formats for inserting persistent settings into the /etc/resolv.conf rewrites done by nm. Realistically, nm should be able to recognize ANY 'options' lines in resolv.conf and leave it there. thanks, - tony -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db43c0d.60...@hyperbmw.com
Re: network-manager and resolv.conf
On Thu, 21 Apr 2011 08:25:36 -0700, tony mollica wrote: Using deb6-amd64 and I've searched for an acceptable solution but I find none that I like. The problem is that I would like to have this 'option single-request' lline in /etc/resolv.conf but network-manager continuously removes the line (and anything else it doesn't care for). There must be a way to identify this line as a permanent line or add it to the network manager config somewhere so it is always added back in when resolv.conf is changed. Question is: Where is that setting located? If you can't beat them, join them :-) Look at man networkmanager, it seems that you can tell NM to pass some values by scripting the desired commands by means of /etc/NetworkManager/ dispatcher.d/ folder. Maybe you can create a simple script -carefully look for the script requirements- that adds the option single-request value to /etc/ resolv.conf every time NM is in use. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.04.22.18.58...@gmail.com
network-manager and resolv.conf
Hi. Using deb6-amd64 and I've searched for an acceptable solution but I find none that I like. The problem is that I would like to have this 'option single-request' lline in /etc/resolv.conf but network-manager continuously removes the line (and anything else it doesn't care for). There must be a way to identify this line as a permanent line or add it to the network manager config somewhere so it is always added back in when resolv.conf is changed. Question is: Where is that setting located? thanks - tony -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db04c70.9010...@threedogs.net
Re: network-manager and resolv.conf
On Apr 21, 2011 11:42 AM, tony mollica t...@threedogs.net wrote: Hi. Using deb6-amd64 and I've searched for an acceptable solution but I find none that I like. The problem is that I would like to have this 'option single-request' lline in /etc/resolv.conf but network-manager continuously removes the line (and anything else it doesn't care for). There must be a way to identify this line as a permanent line or add it to the network manager config somewhere so it is always added back in when resolv.conf is changed. Question is: Where is that setting located? I think your looking in the wrong place. Try /etc/resolvconf/
Re: network-manager and resolv.conf
On 04/21/2011 08:47 AM, shawn wilson wrote: On Apr 21, 2011 11:42 AM, tony mollica t...@threedogs.net mailto:t...@threedogs.net wrote: Hi. Using deb6-amd64 and I've searched for an acceptable solution but I find none that I like. The problem is that I would like to have this 'option single-request' lline in /etc/resolv.conf but network-manager continuously removes the line (and anything else it doesn't care for). There must be a way to identify this line as a permanent line or add it to the network manager config somewhere so it is always added back in when resolv.conf is changed. Question is: Where is that setting located? I think your looking in the wrong place. Try /etc/resolvconf/ You would be correct if I had resolvconf installed. I didn't when I posted but I found a way to do what I need using resolvconf. After installing resolvconf I found the 'tail' file in /etc/resolvconf/resolv.conf.d and added my 'options single-request' line in there. Seems to work, the options line is now persistent. What I need to find out is whether or not using NetworkManager and resolvconf together has any adverse effects or trys to double the number of functions executed to get the job done. thanks, - tony -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db06088.4090...@hyperbmw.com