[Bug 632712] New: resolv.conf gets overwritten by racoon

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c0 Summary: resolv.conf gets overwritten by racoon Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: mjedamzik@novell.com QAContact: qa@suse.de Found By: Field Engineer Blocker: No I'm using the novell-ipsec tools to connect to the office via VPN. As soon as the VPN connection is started, racoon overwrites the resolv.conf. The issue is that as soon as the VPN connection is stopped, the resolv.conf will not be restored again. cat /etc/resolv.conf ### /etc/resolv.conf file autogenerated by racoon of novell-ipsec-tools! # Process id: 16864 ### search DUS.NOVELL.COM dus.novell.com nameserver 127.0.0.1 nameserver 147.2.75.1 nameserver 130.57.40.66 The current workaround is to use "netconfig update -f" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c1 --- Comment #1 from Marius Tomaschewski <mt@novell.com> 2010-08-19 08:35:46 UTC --- The novell-ipsec-tools plugin should: a) not write /etc/resolv.conf itself, but deliver them to the NetworkManager via NetworkManager plugin API. b) write them using netconfig with custom DNS policy: netconfig modify -s racoon -i $INTERFACE <<<"DNSSERVERS='42.42.42.42'" and remove at the end of the session using: netconfig remove -s racoon -i $INTERFACE in "ifup" mode or in NetworkManager mode with NETCONFIG_DNS_POLICY='STATIC_FALLBACK NetworkManager *' the settings provided by 'racoon' will be preferred (see also new NETCONFIG_DNS_RANKING variable on SLE11-SP1 and 11.3) and written at the begin of the /etc/resolv.conf (forwarders.conf, ...). More aggressive is: NETCONFIG_DNS_POLICY='STATIC_FALLBACK * NetworkManager' It works with any netconfig version... but should be avoided, because it allows any service to override NM settings. c) at least remove the self-generated /etc/resolv.conf and call "netconfig update" at the end of the vpn session, that will restore the settings then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c3 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |mjedamzik@novell.com --- Comment #3 from Li Bin <bili@novell.com> 2010-08-19 10:31:02 UTC --- Martin, It already should be fixed. Don't change the resolv.conf by itself, while use the netconfig. Do you use the vpn by NetworkManager or the command line? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c4 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|mjedamzik@novell.com | --- Comment #4 from Li Bin <bili@novell.com> 2010-08-19 10:37:14 UTC --- Already check it, now it was just fixed in SLED, so maybe we need a update for this issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c7 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cdengler@novell.com --- Comment #7 from Christian Dengler <cdengler@novell.com> 2010-08-19 10:48:06 UTC --- +1 for an update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c9 --- Comment #9 from Li Bin <bili@novell.com> 2010-08-19 11:04:49 UTC --- Hi, http://download.opensuse.org/repositories/home:/BinLi:/branches:/openSUSE:/1... You can get the latest for testing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c11 Martin Jedamzik <mjedamzik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #11 from Martin Jedamzik <mjedamzik@novell.com> 2010-08-19 11:52:21 UTC --- Downloaded and tested, unfortunately only partial success: - Started racoon with rcracoon start - nvpn -c Novell ... mjedamzik@dus-mjedamzik-06062:~/Downloads/Racoon> cat /etc/resolv.conf ### /etc/resolv.conf file autogenerated by racoon of novell-ipsec-tools! # Process id: 28097 ### search DUS.NOVELL.COM dus.novell.com nameserver 127.0.0.1 nameserver 147.2.75.1 nameserver 130.57.40.66 mjedamzik@dus-mjedamzik-06062:~/Downloads/Racoon> nvpn -d VPN client is successfully disconnected from the gateway 193.97.75.254 mjedamzik@dus-mjedamzik-06062:~/Downloads/Racoon> cat /etc/resolv.conf ### /etc/resolv.conf file autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # # Note: Manual change of this file disables netconfig too, but # may get lost when this file contains comments or empty lines # only, the netconfig settings are same with settings in this # file and in case of a "netconfig update -f" call. # ### Please remove (at least) this line when you modify the file! search DUS.NOVELL.COM nameserver 127.0.0.1 nameserver 147.2.75.1 nameserver 130.57.40.66 However, if rcracoon is not started and I connect to the VPN via the knetworkmanager the resolv.conf of racoon stays. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c12 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |mjedamzik@novell.com --- Comment #12 from Li Bin <bili@novell.com> 2010-08-24 04:10:14 UTC --- Martin, Please delete the old /etc/resolv.conf before the new test. Cause the resolv.conf can't change by NetworkManager when others change it. After that the simple is restart the machine, after the connection was okay, check the resolv.conf, then use the nvpn or NetworkManager to connect the VPN server, after that check the resolv.conf. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c13 Martin Jedamzik <mjedamzik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|mjedamzik@novell.com | --- Comment #13 from Martin Jedamzik <mjedamzik@novell.com> 2010-08-26 06:52:06 UTC --- (In reply to comment #12)
Martin,
Please delete the old /etc/resolv.conf before the new test. Cause the resolv.conf can't change by NetworkManager when others change it.
After that the simple is restart the machine, after the connection was okay, check the resolv.conf, then use the nvpn or NetworkManager to connect the VPN server, after that check the resolv.conf.
@Li Great, works like a charm! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c15 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:35562:low --- Comment #15 from Swamp Workflow Management <swamp@suse.com> 2010-08-30 13:08:33 UTC --- The SWAMPID for this issue is 35562. This issue was rated as low. Please submit fixed packages until 2010-09-27. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/35562 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c16 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #16 from Christian Dengler <cdengler@novell.com> 2010-08-30 13:09:07 UTC --- No one from maintenance team against, so starting the update ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c17 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #17 from Li Bin <bili@novell.com> 2010-08-31 03:13:31 UTC --- Done. It just affect the 11.3 only. Thanks! 46746 State:new By:BinLi When:2010-08-31T05:12:17 submit: home:BinLi:branches:openSUSE:11.3:Update:Test/novell-nortelplugins -> openSUSE:11.3:Update:Test Descr: Support the netconfig in SUSE release(bnc#632712,swampid#35562). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c18 Berthold Gunreben <bg@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |bg@novell.com Resolution|FIXED | --- Comment #18 from Berthold Gunreben <bg@novell.com> 2010-09-09 10:29:56 UTC --- Is it really a good idea, pretend being networkmanager when doing the resolve.conf update? I see that we had to fix this issue for every recent distribution again, and I believe that we should fix this in a more reliable way. a) Either allow the novell-nortelplugins to do the modifications with netconfig itself. b) Or fix NetworkManager in a way, that it does all the needed modifications for novell-nortelplugins in a reliable way. Just pretending to be NetworkManager does not seem to be a good solution for this problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c19 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #19 from Li Bin <bili@novell.com> 2010-09-09 11:05:56 UTC --- Berthold, Yes, it's just a temp fix, it can resolve this issue. Now we don't allow any others except the NetworkManager to change the resolv.conf, and I'll fix it in the upstream turnpike(which contains novell-nortelplugins and nvpn), prepare to use some general dispatcher with the '--upscript' to notify the NetworkManager. After that the NetworkManager will use the netconfig to change it. Hope it could be in the next release. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c20 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #20 from Christian Dengler <cdengler@novell.com> 2010-11-15 12:48:14 UTC --- (In reply to comment #19)
Hope it could be in the next release. Thanks!
For this update we need also a proper solution. Can you backport the new fix? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c21 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED --- Comment #21 from Li Bin <bili@novell.com> 2010-11-18 10:48:30 UTC --- Well, a little busy, reply you later. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c22 Aaron Burgemeister <aburgemeister@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aburgemeister@novell.com --- Comment #22 from Aaron Burgemeister <aburgemeister@novell.com> 2011-02-28 20:23:01 UTC --- Found this bug when searching for my issue and this sounds like it. On 11.3 x86_64 with latest updates and I also use the nortel pieces. What brought this to my attention is that when I come into work (and dock for a wired connection) I still have my home DNS server (192.168.1.1) because NetworkManager will not overwrite /etc/resolv.conf (since it is no longer default). The result is slowness until I go and clean things up manually but this is kind of painful. I, too, would like the fix to be released. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=632712 https://bugzilla.novell.com/show_bug.cgi?id=632712#c Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:35562:low | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com