Public bug reported: Currently the AppArmor profile for strongswan prevents vpn connections that use ipsec mode config from adding dns settings the client gets from the vpn gateway to the /etc/resolv.conf. This is because it has the settings for resolving but this is only readonly. It is missing the write permission to /etc/resolv.conf. This is an old bug that was reported on debian in 2018 already: https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1645350.html
One can fix it by adding the required line to the apparmor profile and restart apparmor afterwards. I know there is other solutions like modifying network-manager config to not overwrite resolv.conf or using the resolvonf package and I did try various but none of them worked like it was supposed to. It didn't add DNS server at all or caused major delays in dns resolving. With modified apparmor profile it works like a charm here now. ** Affects: strongswan (Ubuntu) Importance: Undecided Status: New ** Tags: apparmor dns strongswan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970455 Title: AppArmor profile prevents DNS Servers from being added to resolv.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1970455/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs