Comments (9)
Ideally you should build openfortivpn 1.21 from sources, although I doubt that would change anything on Ubuntu 22.04.
As explained elsewhere, there are 3 ways openfortivpn handles DNS settings:
- With
--set-dns=1
openfortivpn may try to directly modify/etc/resolv.conf
which is a bad idea on contemporary Linux distributions but still works, more or less. - With
--set-dns=1
and/usr/sbin/resolvconf
will letresolvconf
handle DNS settings. - With
--pppd-use-peerdns=1
openfortivpn will letpppd
handle DNS settings.
I understand you're in case 1. Verbose logs would help confirm such details. What is the output of the following?
ls -l /usr/sbin/resolvconf
dpkg -S /usr/sbin/resolvconf
I would recommend case 2, in which case it's up to resolvconf
to set DNS properly. Actually, 3 different versions of resolvconf
exist:
a. Usually systemd-resolved provides its own version of resolvconf
, as a symlink to resolvectl
. I believe it is not available on Debian and Ubuntu.
b. Debian and Ubuntu have their own version of resolvconf
, packaged as resolvconf
.
c. An alternative available on all or most Linux distributions is openresolv
.
On Ubuntu, I would recommend you try case 2, with resolvconf
provided by resolvconf
(b) or openresolv
(c).
from openfortivpn.
With that said, what is wrong with adding the following at the top of /etc/resolv.conf
?
nameserver 192.168.xxx.xxx
nameserver 192.168.yyy.yyy
search xxxxxxxxx.com 168.192.in-addr.arpa
In theory, we only add what the the FortiGate instructs us to. A verbose log, redacted if needed, as suggested in Reporting issues, would show the XML configuration sent by the FortiGate. Chances are the FortiGate is not properly configured.
from openfortivpn.
Oh, the lines that are being added to my resolv.conf by openfortivpn are fine themselves. The problem is that nothing else is being done to the file, which ends up having two lines with a search.
See, when I was using FortiClient, it replaced the default search line with the new one upon connecting, which made everything work for me out of the box. The behaviour I'm observing here after having switched to openfortivpn is a different one and I've confirmed that getting rid of the old search line fixes the VPN DNS.
The only way I'm currently able to connect to my servers via openfortivpn is by manually editing resolv.conf (replacing the last line with the 3rd one) every time after connecting to the VPN.
All I'm asking you is to please consider this scenario. If you think emulating the FortiClient behaviour by properly replacing the existing search line on resolv.conf would be a good addition to openfortivpn, it will save me having to manually edit the file everyday 🙏
from openfortivpn.
Oh, I'm sorry, I didn't notice your previous comment and only read the latest one.
I actually tried the snap version from the latest/edge channel, which seemed to be the most updated of them all (1.21.0), but it was giving me permission errors when trying to access any file (not only /etc/resolv.conf but also /etc/openfortivpn/config) so I gave up with that one. If push comes to shove, I'll look into building the thing from the latest source myself.
I'm indeed in case 1. Getting the resolvconf package sounds interesting. I'll definitely give that a try and report back.
Thanks!
from openfortivpn.
It looks like the last and previous line:
search .
takes precedence over the new one:
search xxxxxxxxx.com 168.192.in-addr.arpa
Does that sound right? Not sure why this is not a problem on my own Ubuntu 22.04 machine. I will have to compare.
Do not use openfortivpn snaps. It's impossible to package software so tightly coupled to the OS this way. I have given up and https://snapcraft.io/openfortivpn is completely obsolete.
from openfortivpn.
I just did some quick testing and it seems like you're completely right.
If I leave both search lines in the file but I move the new one down below the old one, everything works.
Strangely enough though, it seems to be the other way around for the nameserver lines. My DNS only works by having the new nameserver lines up above the old ones.
This file is such a mess. I'm gonna try getting resolvconf and see if that makes it easier.
from openfortivpn.
Installing resolvconf worked like a charm! (I also had to add "use-resolvconf = 1" to my openfortivpn config file)
The VPN entries are now being properly added and removed into the resolv.conf file (now on foreign mode).
Thanks again for your suggestion!
from openfortivpn.
@Shadowfury22 @DimitriPapadopoulos
I have a similar problem. running resolvectl
Link 21 (ppp0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Also added "use-resolvconf = 1" to the config
On successful connection I get the following message
WARN: Ignoring option "use-resolvconf".
But I still can't connect to my working applications.
Can you please tell me if I missed something?
from openfortivpn.
@sleepmac Did you install resolvconf?
from openfortivpn.
Related Issues (20)
- Using openvpn breaks openfortivpn HOT 3
- Invalid session ID error when trying to connect from a different network HOT 5
- Use private key file from Windows?
- macOS 14.2.1 and 1.21.0 blocks HOT 5
- modify firewall HOT 3
- connecting with @ in username and context in host HOT 3
- Empty cookie error after server upgrade from 7.2.7 to 7.2.8 HOT 10
- "Error writing to SSL connection" on FreeBSD
- 405 Method Not Allowed HOT 1
- openfortivpn on MAC gets stuck HOT 6
- openfortivpn version 1.22.0
- Wrong value in the 'Accept-Encoding' header HOT 2
- openfortivpn version 1.22.1
- IPCP terminated by peer (conflicting remote IP address) HOT 8
- Explain OTP Flag HOT 1
- v1.20.3 on OpenWRT - Hughes Internet HOT 9
- Older macOS do not provide `vdprintf`: `Undefined symbols: "_vdprintf"` HOT 11
- openfortivpn 1.3.0 not working on ubuntu 24.04 HOT 1
- ERROR: SSL_connect: error:0A000126:SSL routines::unexpected eof while reading, Error happen randomly HOT 7
- Possibly caching issue ? pppd-ipparam
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openfortivpn.