Public bug reported:

Currently the AppArmor profile for strongswan prevents vpn connections that use 
ipsec mode config from adding dns settings the client gets from the vpn gateway 
to the /etc/resolv.conf.
This is because it has the settings for resolving but this is only readonly. It 
is missing the write permission to /etc/resolv.conf.
This is an old bug that was reported on debian in 2018 already: 
https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1645350.html

One can fix it by adding the required line to the apparmor profile and
restart apparmor afterwards.

I know there is other solutions like modifying network-manager config to
not overwrite resolv.conf or using the resolvonf package and I did try
various but none of them worked like it was supposed to. It didn't add
DNS server at all or caused major delays in dns resolving.

With modified apparmor profile it works like a charm here now.

** Affects: strongswan (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apparmor dns strongswan

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1970455

Title:
  AppArmor profile prevents DNS Servers from being added to resolv.conf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1970455/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to