I run openvpn on top of a wireless connection. On the initial connection, the wlan0 interface is brought up and once connection is possible openvpn starts. During this time no problem arises. However when I lose wireless connection for a short period which is not enough for openvpn to timeout and restart the order of interfaces on resolv.conf is reversed. When this happens I usually login as root and run: resolvconf -u and this solves the problem until the next wireless break. As it stands it seems like the information from the last interface to be brought up will be used as primary (for instance nameserver). I've tried to play with metrics to define interface priorities but this only seems to affect resolvconf -u and not interface wake-up. Reproducible: Always Steps to Reproduce: 1. Start wireless connection 2. Start openvpn using the wireless connection 3. Check /etc/resolv.conf 4. Break wireless connection for a few seconds and reconnect 5. Compare /etc/resolv.conf with 3. 6. Run resolvconf -u 7. Compare /etc/resolv.conf with 3. and 5. Actual Results: At 3. resolv.conf is: search ivpn wlan nameserver 10.1.1.1 nameserver 192.168.1.1 At 5. resolv.conf is: search wlan ivpn nameserver 192.168.1.1 nameserver 10.1.1.1 At 7. resolv.conf is: search ivpn wlan nameserver 10.1.1.1 nameserver 192.168.1.1 Expected Results: At 3. 5. and 7. resolv.conf should be: search ivpn wlan nameserver 10.1.1.1 nameserver 192.168.1.1 sys-apps/baselayout-2.1-r1 net-misc/openvpn-2.2.2 Portage 2.1.11.9 (default/linux/amd64/10.0, gcc-4.5.4, glibc-2.15-r3, 3.5.7-gentoo x86_64) ================================================================= System uname: Linux-3.5.7-gentoo-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T9600_@_2.80GHz-with-gentoo-2.1 Timestamp of tree: Tue, 30 Oct 2012 00:00:01 +0000 app-shells/bash: 4.2_p37 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.3-r2, 3.2.3-r1 dev-util/cmake: 2.8.9 dev-util/pkgconfig: 0.27.1 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.10.5 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.4 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r3 sys-kernel/linux-headers: 3.4-r2 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo science sunrise local ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA PUEL skype-eula dlj-1.1 googleearth AdobeFlash-10.3 RTCW-ETEULA Oracle-BCLA-JavaSE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -msse4.1 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=core2 -msse4.1 -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--tree --load-average 3 --jobs 2" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles news parallel-fetch parse-eapi-ebuild-head protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://darkstar.ist.utl.pt/gentoo/ http://ftp.dei.uc.pt/pub/linux/gentoo/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/science /var/lib/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X alsa amd64 bzip2 cli cracklib crypt cups cxx dbus dri firefox fortran gdbm gif gnutls gpm iconv ipv6 jpeg mmx modules mudflap multilib ncurses nls nptl opengl openmp pcre perl png pppd python readline sdl session smp sse sse2 sse3 ssl ssse3 tcpd tiff truetype unicode zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias wsgi" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="joystick keyboard mouse synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" QEMU_SOFTMMU_TARGETS="arm mips x86_64" QEMU_USER_TARGETS="arm mips x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="vesa nv nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
dup of bug#391175?
Not quite sure. I installed the latest openvpn version (2.3.1) which should have the metric patch applied but after restarting the wireless I still get the same behavior (wireless nameserver takes priority). In addition I look at /var/run/resolvconf/metrics and only wlan seems to be present (0002003 wlan0) . tun0 is listed only under /var/run/resolvconf/interfaces. I looked at the changes on up.sh script on /etc/openvpn but couldn't figure out if metric is calculated automatically or if I need to set it somewhere. Thanks
(In reply to comment #2) > I looked at the changes on up.sh script on /etc/openvpn but couldn't figure > out if metric is calculated automatically or if I need to set it somewhere. Do you have route-metric=XXX in your openvpn configuration?
I didn't, but adding it didn't solve the problem. First I added "route-metric=3000" openvpn complained it could parse this line. Changed it to "route-metric 3000" and openvpn restarted but now the VPN nameserver became second on list immediately. Even after resolvconf -u it remained as second on list. I then changed it to "route-metric 1000" (wlan seems to use 2003) and at start the nameserver becomes first priority as expected. However if I break wlan connection and restore it few seconds after the wlan nameserver still becomes first on resolv.conf regardless of the metric defined. In the last case running resolvconf -u manually makes vpn's nameserver to become first priority again. With this it doesn't seem like a dup of bug#391175.
Last comment should read: First I added "route-metric=3000" openvpn complained it *couldn't* parse this line.
I use net-dns/openresolv-3.5.4-r2 and this sequence seems to be OK.
I just upgraded openresolv to the same version you mentioned but I still get the same behavior. Was using openresolv-3.4.1-r1 before. One thing to add to the initial bug report is that at step 4 resolv.conf becomes: search ivpn nameserver 10.1.1.1 Any clue what other packages could be affecting this?
Please attach /etc/conf.d/net
This is all I have, the rest is commented. config_eth0="dhcp" dhcpcd_eth0="-L -I '' -t 60" fallback_eth0="192.168.176.150/24" fallback_route_eth0="default via 192.168.176.150" modules_wlan0="wpa_supplicant" wpa_supplicant_wlan0="-W -B -Dwext -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf" config_wlan0="dhcp" dhcpcd_wlan0="-L -I '' -t 120" associate_order="forcepreferred" blacklist_aps='"guest-eduroam" "default"'
OK, this is not bug#400845. Just to make sure... You have both openvpn and wlan connected. openresolv -l - shows both /etc/resolv.conf - shows both You stop wlan openresolv -l - shows vpn /etc/resolv.conf - shows vpn You start wlan (wait for dhcp) openresolv -l - shows both /etc/resolv.conf - shows vpn You execute openresolv -u openresolv -l - shows both /etc/resolv.conf - shows both Right?
You do have sys-apps/ifplugd installed, right?
Not exactly. at: " You start wlan (wait for dhcp) openresolv -l - shows both /etc/resolv.conf - shows vpn " mine gives: Output of "resolvconf -l": # resolv.conf from tun0 # Generated by openvpn for interface tun0 domain ivpn-domain nameserver 10.1.1.1 # resolv.conf from wlan0 # Generated by dhcpcd from wlan0 nameserver 192.168.1.1 Output of "cat /etc/resolv.conf": # Generated by resolvconf domain ivpn-domain nameserver 192.168.1.1 <--- wlan nameserver 10.1.1.1 <--- vpn And after *resolvconf -u* Output of "resolvconf -l": # resolv.conf from tun0 # Generated by openvpn for interface tun0 domain ivpn-domain nameserver 10.1.1.1 # resolv.conf from wlan0 # Generated by dhcpcd from wlan0 nameserver 192.168.1.1 Output of "cat /etc/resolv.conf": # Generated by resolvconf domain ivpn-domain nameserver 10.1.1.1 <--- vpn nameserver 192.168.1.1 <--- wlan I don't have ifplugd installed but I do have sys-apps/netplug-1.2.9-r5.
Well... I cannot explain that! Best to update /sbin/resolvconf and add some debug info. Just after the first line add: { echo "LOG-END $$" date echo "$*" ps -efa find /var/run/resolvconf/ echo "LOG-END $$" } >> /tmp/resolvconf.log
Created attachment 348008 [details] resolvconf log - wlan down, wlan up, resolvconf -u
Well, still have no clue. Let's come back to the basics... What happens if you: resolvconf -d wlan0 echo "nameserver 192.168.1.1" | resolvconf -a wlan0 -m 2003 Do you see the order is incorrect? If so, can you please send me: resolvconf -d wlan0 echo "nameserver 192.168.1.1" | resolvconf -a wlan0 -m 2003 2> /tmp/resolvconf.debug.log If not, lets try to put the following in the resolvconf script: { echo "LOG-BEGIN $$" date echo "$*" ps -efa find /var/run/resolvconf/ echo "LOG-END $$" } >> /tmp/resolvconf.log exec 2>> /tmp/resolvconf.log set -x Thanks!
Created attachment 348034 [details] Same a before, with more output Running: resolvconf -d wlan0 echo "nameserver 192.168.1.1" | resolvconf -a wlan0 -m 2003 Actually kept vpn as first on the list, as opposed to what happens when I bring the wlan0 interface down. Added log with more output as requested.
Are you sure you running net-dns/openresolv-3.5.4-r2?
And can you please add the following to the debug: echo "${IF_METRIC}"
(In reply to comment #9) > modules_wlan0="wpa_supplicant" above can be global... modules="wpa_supplicant" > wpa_supplicant_wlan0="-W -B -Dwext -iwlan0 > -c/etc/wpa_supplicant/wpa_supplicant.conf" Why isn't this simply: wpa_supplicant_wlan0="-D nl80211" Or if you have very old card: wpa_supplicant_wlan0="-D wext" Not that it is related...
Created attachment 348036 [details] Same a before, with more output and IF_METRIC * net-dns/openresolv Latest version available: 3.5.4-r2 Latest version installed: 3.5.4-r2 Quite sure about the version. Attached the same as before plus the metric as requested. echo "${IF_METRIC}" added after set -x
What do you have at /etc/resolvconf.conf ? It seems you have non default interface_order.
This is my resolvconf.conf # Configuration for resolvconf(8) # See resolvconf.conf(5) for details resolv_conf=/etc/resolv.conf # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. #name_servers=127.0.0.1
OK... Go to /lib64/dhcpcd/dhcpcd-run-hooks for list_interfaces and add: --- { + local interface_order
(In reply to comment #23) > OK... > > Go to /lib64/dhcpcd/dhcpcd-run-hooks for list_interfaces and add: > --- > { > + local interface_order wait, it won't help... but this is the problem... will figure out how best to solve it.
(In reply to comment #24) > (In reply to comment #23) > > OK... > > > > Go to /lib64/dhcpcd/dhcpcd-run-hooks for list_interfaces and add: > > --- > > { > > + local interface_order > > wait, it won't help... but this is the problem... will figure out how best > to solve it. add the following at top of /sbin/resolvconf --- unset interface_order ---
> add the following at top of /sbin/resolvconf > --- > unset interface_order > --- This one fixed it.
I also did a grep on /etc for interface_order but got no matches. I've no idea where this comes from.
Created attachment 348086 [details, diff] openresolv-3.5.4-config-conflict.patch
Created attachment 348088 [details, diff] openresolv-3.5.4-r2.ebuild.diff
Sorry it took so long to figure this out. Can you please confirm this works? Thanks!
Yup the attached patches fix it.
Thanks for the good detective work.
Hello lack, Can you please commit this or should I. Thanks, Alon
Fixed in openresolv-3.5.4-r3.