Strange resolv.conf Adjustments after Activating VPN Connection
On my system (Arch Linux), NetworkManager (1.32.12-1) is adjusting /etc/resolv.conf in strange ways.
My global NetworkManager configuration is empty:
$ cat /etc/NetworkManager/NetworkManager.conf
# Configuration file for NetworkManager.
# See "man 5 NetworkManager.conf" for details.
I have an ethernet connection (192.168.0.*) which is configured by the DHCP server of my router (192.168.0.1).
$ cat /etc/NetworkManager/system-connections/Ethernet.nmconnection
[connection]
id=Ethernet
uuid=8ca09167-35a8-47d4-816f-b9c87f662390
type=ethernet
permissions=
[ethernet]
mac-address-blacklist=
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
[proxy]
I have a VPN connection to my office network (192.168.10.*) which is configured by the DHCP server of the office router (192.168.10.1). The office router is configured to announce the office DNS server (192.168.10.100) via DHCP. However, this does not seem to work via VPN, so I set it manually in the VPN connection configuration. I do not know if this is an issue with NetworkManager or the router, but it is a separate issue in any case.
$ cat /etc/NetworkManager/system-connections/Work.nmconnection
[connection]
id=Work
uuid=0aa2285c-d8c6-48c2-b4c7-ebeed9bf2d64
type=vpn
autoconnect=false
permissions=user:*****:;
timestamp=1636989817
[vpn]
gateway=*****
no-vj-comp=yes
nobsdcomp=yes
nodeflate=yes
password-flags=1
user=*****
service-type=org.freedesktop.NetworkManager.pptp
[ipv4]
dns=192.168.10.100;
dns-search=
ignore-auto-dns=true
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=disabled
[proxy]
In the beginning, the ethernet connection is active and the VPN connection is not active. I have the following /etc/resolv.conf. The file /etc/resolv.conf.bak does not exist.
$ cat /etc/resolv.conf
# Generated by NetworkManager
search home
nameserver 192.168.0.1
Now I activate the VPN connection.
$ nmcli connection up Work
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
This gives me the following /etc/resolv.conf and /etc/resolv.conf.bak
$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.10.1
$ cat /etc/resolv.conf.bak
# Generated by NetworkManager
search home
nameserver 192.168.10.100
nameserver 192.168.0.1
This is very strange. The manually set DNS server (192.168.10.100) did not make it into /etc/resolv.conf, instead, it went into /etc/resolv.conf.bak. The VPN connection works, except for name resolution, since resolv.conf now contains the wrong DNS server.
I deactivate the VPN connection.
$ nmcli connection down Work
Connection 'Work' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
This gives me the following /etc/resolv.conf
$ cat /etc/resolv.conf
# Generated by NetworkManager
search home
nameserver 192.168.10.100
nameserver 192.168.0.1
It seems like /etc/resolv.conf.bak was restored to /etc/resolv.conf and now contains the VPN DNS server (192.168.10.100), which is invalid for the local network, causing DNS requests to timeout and then go to the second name server (192.168.0.1).
What is going on here and how can I prevent this?