9 Jun
2020
9 Jun
'20
12:27
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-ID: <alpine.LSU.2.21.2006091303320.11364@Telcontar.valinor>
On Tuesday, 2020-06-09 at 09:33 +0200, Martin Caj wrote:
> HI,
>
> I checked it and I think you are missing a small part for DNSmasq with the
> internal DNs servers.
>
> I'm using dnsmas as well and so far it was working very well.
>
>
> I hope my comment bellow will help you
>
>
> Martin
>
>
>
> On 08. 06. 20 23:12, Carlos E. R. wrote:
>>
>>
>> Hi,
...
>> Jun 08 22:19:22 Telcontar openvpn[6990]: heroes/client.up tun0 1500 1553
>> 192.168.252.185 192.168.252.1 init
>> Jun 08 22:19:22 Telcontar openvpn[6990]: WARNING: External program may not
>> be called unless '--script-security 2' or higher is enabled. See --h>
>> Jun 08 22:19:22 Telcontar openvpn[6990]: WARNING: Failed running command
>> (--up/--down): external program fork failed
> - This means that an external program did not work - probably some fork in
> the up script.....
This one I found out what it was and corrected it. The file
"/etc/openvpn/heroes.conf" needs this line:
script-security 2
Maybe this has to be added on the wiki example file.
...
>> The clue is in the log:
...
>> <1.5> 2020-06-08T22:25:55.800899+02:00 Telcontar root - - - client-up
>> starts for tun0, found DNS servers 192.168.47.101 192.168.47.102 and wrote
>> them into /etc/dnsmasq.servers.conf
>> <3.6> 2020-06-08T22:25:55.832258+02:00 Telcontar systemd 1 - - Stopping
>> DNS caching server....
>> <3.6> 2020-06-08T22:25:55.832516+02:00 Telcontar dnsmasq 23896 - -
>> exiting on receipt of SIGTERM
> This part point to dnsmasq service.
Yes.
>>
>> Notice it says:
>>
>> ... client-up starts for tun0, found DNS servers 192.168.47.101
>> 192.168.47.102 and wrote them into /etc/dnsmasq.servers.conf
>>
> you need to create that file : /etc/dnsmasq.servers.conf ,
No, that file should be created automatically. That's the point, the
"/etc/openvpn/heroes/client.up" (copied from the VPN wiki page) creates
one file, then writes to the log that it created another file, which does
not exist.
Look, this is the file, copied from our VPN wiki page:
#!/bin/bash
#dnsmasq version
shopt -o -s noglob
dev=$1
if test -x /sbin/netconfig -a -n "${dev}" ; then
dns_server=()
for fopt in ${!foreign_option_*} ; do
test -n "${!fopt}" || continue
data=(${!fopt})
test "${data[0]}" = "dhcp-option" && \
case "${data[1]}" in
DNS) dns_server+=("${data[2]}") ;;
esac
done
for server in ${dns_server[*]}; do
echo "server=/infra.opensuse.org/$server"
echo "server=/.47.168.192.in-addr.arpa/$server"
done >/etc/dnsmasq.opensuseservers.conf
# for the debug enable this:
#cat /etc/dnsmasq.servers.conf |logger
fi
echo "client-up starts for "${dev}", found DNS servers "${dns_server[*]}" and wrote them into /etc/dnsmasq.servers.conf" |logger
if [ -e /etc/init.d/dnsmasq ] ; then
/etc/init.d/dnsmasq restart
else
/bin/systemctl restart dnsmasq.service
fi
exit 0
You see, it writes the file "/etc/dnsmasq.opensuseservers.conf", but then
says in the log that it wrote "/etc/dnsmasq.servers.conf" file instead -
which does not exist.
That file contains the same as your file:
Telcontar:/etc/openvpn # cat /etc/dnsmasq.opensuseservers.conf
server=/infra.opensuse.org/192.168.47.101
server=/.47.168.192.in-addr.arpa/192.168.47.101
server=/infra.opensuse.org/192.168.47.102
server=/.47.168.192.in-addr.arpa/192.168.47.102
Telcontar:/etc/openvpn #
>
> in my case it looks like this:
>
> server=/infra.opensuse.org/192.168.47.101
> server=/.47.168.192.in-addr.arpa/192.168.47.101
> server=/infra.opensuse.org/192.168.47.102
> server=/.47.168.192.in-addr.arpa/192.168.47.102
However, I think that is just a typo in the client.up with no effect but
wrong log entry. The problem why I don't get name solving must be something
else.
> # Include all files in a directory which end in .conf
> conf-dir=/etc/dnsmasq.d/,*.conf
>
>
> once you start the vpn there should be new file like this one:
>
> cat /etc/dnsmasq.d/opensuse.conf
>
> domain-needed
> # Resolve VPN gates by well known nameservers to avoid problems
> server=/scar.opensuse.org/8.8.8.8
> # These servers will be always resolved by original name servers. You can add
> more here...
> except-interface=virbr0,tun0,br0
> no-dhcp-interface=
> bind-interfaces
> # In this file we specify what domains to resolve with SUSE nameservers
> conf-file=/etc/dnsmasq.opensuseservers.conf
Yes, I have:
/etc/dnsmasq.d/opensuse.conf
#server=/scar.opensuse.org/8.8.8.8
server=/scar.opensuse.org/192.168.1.16
except-interface=virbr0,tun0,br0
no-dhcp-interface=
bind-interfaces
# In this file we specify what domains to resolve with SUSE nameservers
conf-file=/etc/dnsmasq.opensuseservers.conf
I have changed:
server=/scar.opensuse.org/8.8.8.8
with:
server=/scar.opensuse.org/192.168.1.16
Because I don't like using google, and I have my own local named server in my LAN. And it works, apparently:
Telcontar:/etc/openvpn # host scar.opensuse.org 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
scar.opensuse.org has address 195.135.221.151
scar.opensuse.org has IPv6 address 2001:67c:2178:8::28
Telcontar:/etc/openvpn #
elcontar:/etc/openvpn # host scar.opensuse.org
scar.opensuse.org has address 195.135.221.151
scar.opensuse.org has IPv6 address 2001:67c:2178:8::28
Telcontar:/etc/openvpn #
>
>
> And also please check you down script.
>
> It can looks like this example:
>
> # !/bin/bash
> # Remove Heroes internal name servers
>
>> /etc/dnsmasq.servers.conf
> /bin/systemctl try-restart dnsmasq.service
> echo "client-down set empty file etc/dnsmasq.servers.conf and reload the
> dnsmasq service" |logger
> exit 0
I have the sample file in our wiki, with some changes I did minutes ago:
#!/bin/bash
# Remove internal name servers
echo > /etc/dnsmasq.opensuseservers.conf
/bin/systemctl try-restart dnsmasq.service
echo "client-down set empty file /etc/dnsmasq.opensuseservers.conf and reload the dnsmasq service" | logger -t openvpn-client-down -p daemon.info
exit 0
Notice that you have:
> /etc/dnsmasq.servers.conf
a file that does not exist in my case. I have:
echo > /etc/dnsmasq.opensuseservers.conf
The wiki has:
>/etc/dnsmasq.opensuseservers.conf
I just added the echo for my clarity (I prefer code to be verbose ;-) )
Still, I noticed yesterday problems in the shutdown of the tunnel:
Jun 09 02:44:08 Telcontar systemd[1]: Removed slice User Slice of UID 9.
Jun 09 02:45:02 Telcontar openvpn[7327]: event_wait : Interrupted system call (code=4)
Jun 09 02:45:02 Telcontar openvpn[7327]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jun 09 02:45:02 Telcontar systemd[1]: Stopping OpenVPN tunneling daemon instance using /etc/openvpn/heroes.conf...
Jun 09 02:45:02 Telcontar openvpn[7327]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jun 09 02:45:02 Telcontar openvpn[7327]: ERROR: Linux route delete command failed: external program exited with error status: 2
Jun 09 02:45:02 Telcontar openvpn[7327]: /bin/ip addr del dev tun0 local 192.168.252.185 peer 192.168.252.1
Jun 09 02:45:02 Telcontar openvpn[7327]: Linux ip addr del failed: external program exited with error status: 2
Jun 09 02:45:02 Telcontar wickedd[1619]: error retrieving tun attribute from sysfs
Jun 09 02:45:02 Telcontar openvpn[7327]: heroes/client.down tun0 1500 1553 192.168.252.185 192.168.252.1 init
Jun 09 02:45:02 Telcontar nobody[16075]: client-down set empty file /etc/dnsmasq.opensuseservers.conf and reload the dnsmasq service
Jun 09 02:45:02 Telcontar openvpn[7327]: SIGTERM[hard,] received, process exiting
Jun 09 02:45:02 Telcontar systemd[1]: Stopped OpenVPN tunneling daemon instance using /etc/openvpn/heroes.conf.
I don't have a clue of what external program it is talking about, and what
is error status 2. maybe it is the "route" command itself? I don't see a
table of output status errors in its man page :-?
So, I try to connect now. Log:
<3.6> 2020-06-09T13:56:11.725997+02:00 Telcontar systemd 1 - - Starting OpenVPN tunneling daemon instance using /etc/openvpn/heroes.conf...
<3.5> 2020-06-09T13:56:11.762866+02:00 Telcontar openvpn 22285 - - OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
<3.5> 2020-06-09T13:56:11.763117+02:00 Telcontar openvpn 22285 - - library versions: OpenSSL 1.1.0i-fips 14 Aug 2018, LZO 2.10
<3.4> 2020-06-09T13:56:32.059152+02:00 Telcontar openvpn 22299 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.6> 2020-06-09T13:56:32.059602+02:00 Telcontar systemd 1 - - Started OpenVPN tunneling daemon instance using /etc/openvpn/heroes.conf.
<3.5> 2020-06-09T13:56:32.149427+02:00 Telcontar openvpn 22299 - - TCP/UDP: Preserving recently used remote address: [AF_INET]195.135.221.151:1194
<3.5> 2020-06-09T13:56:32.149579+02:00 Telcontar openvpn 22299 - - UDP link local: (not bound)
<3.5> 2020-06-09T13:56:32.149637+02:00 Telcontar openvpn 22299 - - UDP link remote: [AF_INET]195.135.221.151:1194
<3.5> 2020-06-09T13:56:32.149692+02:00 Telcontar openvpn 22299 - - NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
<3.4> 2020-06-09T13:56:32.199750+02:00 Telcontar openvpn 22299 - - WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
<3.5> 2020-06-09T13:56:32.387877+02:00 Telcontar openvpn 22299 - - [scar.opensuse.org] Peer Connection Initiated with [AF_INET]195.135.221.151:1194
<3.5> 2020-06-09T13:56:33.546114+02:00 Telcontar openvpn 22299 - - TUN/TAP device tun0 opened
<3.5> 2020-06-09T13:56:33.546376+02:00 Telcontar openvpn 22299 - - do_ifconfig, tt->did_ifconfig_ipv6_setup=0
<3.5> 2020-06-09T13:56:33.546525+02:00 Telcontar openvpn 22299 - - /bin/ip link set dev tun0 up mtu 1500
<3.6> 2020-06-09T13:56:33.546781+02:00 Telcontar systemd-udevd 22301 - - link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
<3.5> 2020-06-09T13:56:33.554816+02:00 Telcontar openvpn 22299 - - /bin/ip addr add dev tun0 local 192.168.252.185 peer 192.168.252.1
<3.5> 2020-06-09T13:56:33.555840+02:00 Telcontar openvpn 22299 - - heroes/client.up tun0 1500 1553 192.168.252.185 192.168.252.1 init
<3.6> 2020-06-09T13:56:33.585407+02:00 Telcontar openvpn-client-up - - - client-up starts for tun0, found DNS servers 192.168.47.101 192.168.47.102 and wrote them into /etc/dnsmasq.opensuseservers.conf
<3.6> 2020-06-09T13:56:33.618892+02:00 Telcontar dnsmasq 20030 - - exiting on receipt of SIGTERM
<3.6> 2020-06-09T13:56:33.619118+02:00 Telcontar systemd 1 - - Stopping DNS caching server....
<3.6> 2020-06-09T13:56:33.619441+02:00 Telcontar systemd 1 - - Stopped DNS caching server..
<3.6> 2020-06-09T13:56:33.620221+02:00 Telcontar systemd 1 - - Starting DNS caching server....
<3.6> 2020-06-09T13:56:33.653372+02:00 Telcontar dnsmasq 22310 - - dnsmasq: syntax check OK.
<3.6> 2020-06-09T13:56:33.687298+02:00 Telcontar systemd 1 - - Started DNS caching server..
<3.6> 2020-06-09T13:56:33.687626+02:00 Telcontar dnsmasq 22311 - - started, version 2.78 cachesize 2000
<3.6> 2020-06-09T13:56:33.687835+02:00 Telcontar dnsmasq 22311 - - compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
<3.6> 2020-06-09T13:56:33.687957+02:00 Telcontar dnsmasq 22311 - - DBus support enabled: connected to system bus
<3.6> 2020-06-09T13:56:33.688093+02:00 Telcontar dnsmasq 22311 - - asynchronous logging enabled, queue limit is 5 messages
<3.6> 2020-06-09T13:56:33.688208+02:00 Telcontar dnsmasq 22311 - - using local addresses only for domain valinor
<3.6> 2020-06-09T13:56:33.688319+02:00 Telcontar dnsmasq 22311 - - using nameserver 192.168.1.16#53 for domain valinor
<3.6> 2020-06-09T13:56:33.688427+02:00 Telcontar dnsmasq 22311 - - using nameserver 1.0.0.1#53
<3.6> 2020-06-09T13:56:33.688532+02:00 Telcontar dnsmasq 22311 - - using nameserver 1.1.1.1#53
<3.6> 2020-06-09T13:56:33.688645+02:00 Telcontar dnsmasq 22311 - - using nameserver 80.58.61.254#53
<3.6> 2020-06-09T13:56:33.688782+02:00 Telcontar dnsmasq 22311 - - using nameserver 80.58.61.250#53
<3.6> 2020-06-09T13:56:33.688896+02:00 Telcontar dnsmasq 22311 - - reading /etc/resolv.conf
<3.6> 2020-06-09T13:56:33.688992+02:00 Telcontar dnsmasq 22311 - - using local addresses only for domain valinor
<3.6> 2020-06-09T13:56:33.689086+02:00 Telcontar dnsmasq 22311 - - using nameserver 192.168.1.16#53 for domain valinor
<3.6> 2020-06-09T13:56:33.689183+02:00 Telcontar dnsmasq 22311 - - using nameserver 1.0.0.1#53
<3.6> 2020-06-09T13:56:33.689279+02:00 Telcontar dnsmasq 22311 - - using nameserver 1.1.1.1#53
<3.6> 2020-06-09T13:56:33.689374+02:00 Telcontar dnsmasq 22311 - - using nameserver 80.58.61.254#53
<3.6> 2020-06-09T13:56:33.689468+02:00 Telcontar dnsmasq 22311 - - using nameserver 80.58.61.250#53
<3.4> 2020-06-09T13:56:33.689580+02:00 Telcontar dnsmasq 22311 - - ignoring nameserver 127.0.0.1 - local interface
<3.6> 2020-06-09T13:56:33.689699+02:00 Telcontar dnsmasq 22311 - - read /etc/hosts - 38 addresses
<3.5> 2020-06-09T13:56:33.690627+02:00 Telcontar openvpn 22299 - - GID set to nobody
<3.5> 2020-06-09T13:56:33.690799+02:00 Telcontar openvpn 22299 - - UID set to nobody
<3.5> 2020-06-09T13:56:33.696264+02:00 Telcontar openvpn 22299 - - Initialization Sequence Completed
As you can see, dnsmasq does not report it is using the internal VPN name servers.
And name check fails:
Telcontar:/etc/openvpn # host -v freeipa.infra.opensuse.org
Trying "freeipa.infra.opensuse.org"
Host freeipa.infra.opensuse.org not found: 2(SERVFAIL)
Received 44 bytes from 127.0.0.1#53 in 1582 ms
Telcontar:/etc/openvpn #
Telcontar:/etc/openvpn # cat /etc/dnsmasq.opensuseservers.conf
server=/infra.opensuse.org/192.168.47.101
server=/.47.168.192.in-addr.arpa/192.168.47.101
server=/infra.opensuse.org/192.168.47.102
server=/.47.168.192.in-addr.arpa/192.168.47.102
Telcontar:/etc/openvpn #
The log doesn't mention usage of "/etc/dnsmasq.d/opensuse.conf" :-?
Found it! Dnsmasq doesn't include that directory in the default config.
# Include another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
#conf-dir=/etc/dnsmasq.d
No go:
Telcontar:/etc/openvpn # host -v freeipa.infra.opensuse.org
Trying "freeipa.infra.opensuse.org"
;; connection timed out; no servers could be reached
Telcontar:/etc/openvpn #
Now the error is:
<3.6> 2020-06-09T14:06:42.256927+02:00 Telcontar dnsmasq 22895 - - dnsmasq: cannot read /etc/dnsmasq.opensuseservers.conf: Permission denied
<3.2> 2020-06-09T14:06:42.257140+02:00 Telcontar dnsmasq 22895 - - cannot read /etc/dnsmasq.opensuseservers.conf: Permission denied
Telcontar:/etc/openvpn # l /etc/dnsmasq.opensuseservers.conf
- -rw-r--r-- 1 root root 180 Jun 9 14:06 /etc/dnsmasq.opensuseservers.conf
Telcontar:/etc/openvpn #
Huh? It has read permission to all. No apparnmor errors, either.
etc/apparmor.d/local/usr.sbin.dnsmasq
# Site-specific additions and overrides for 'usr.sbin.dnsmasq'
/etc/dnsmasq.opensuseservers.conf r,
Maybe restart aa?
Now I don't have connection:
Telcontar:/etc/openvpn # systemctl stop openvpn@heroes
Telcontar:/etc/openvpn # systemctl start openvpn@heroes
Enter Auth Username: robin_listas
Enter Auth Password: ****************************************
Telcontar:/etc/openvpn # ping 192.168.47.102
PING 192.168.47.102 (192.168.47.102) 56(84) bytes of data.
^C
- --- 192.168.47.102 ping statistics ---
21 packets transmitted, 0 received, 100% packet loss, time 20349ms
Telcontar:/etc/openvpn #
<3.6> 2020-06-09T14:16:40.610113+02:00 Telcontar systemd 1 - - Starting OpenVPN tunneling daemon instance using /etc/openvpn/heroes.conf...
<3.5> 2020-06-09T14:16:40.644124+02:00 Telcontar openvpn 23731 - - OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
<3.5> 2020-06-09T14:16:40.644372+02:00 Telcontar openvpn 23731 - - library versions: OpenSSL 1.1.0i-fips 14 Aug 2018, LZO 2.10
<3.4> 2020-06-09T14:16:54.034893+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.6> 2020-06-09T14:16:54.035228+02:00 Telcontar systemd 1 - - Started OpenVPN tunneling daemon instance using /etc/openvpn/heroes.conf.
<3.3> 2020-06-09T14:16:54.036003+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:16:54.036324+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:16:54.036466+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:16:54.036609+02:00 Telcontar openvpn 23741 - - NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
<3.5> 2020-06-09T14:16:54.036781+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
<3.4> 2020-06-09T14:16:59.036490+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.3> 2020-06-09T14:16:59.036827+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:16:59.037018+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:16:59.037135+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:16:59.037246+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
<3.4> 2020-06-09T14:17:04.037187+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.3> 2020-06-09T14:17:04.037515+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:17:04.037718+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:17:04.037823+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:17:04.037930+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
<3.4> 2020-06-09T14:17:09.037902+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.3> 2020-06-09T14:17:09.038232+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:17:09.038468+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:17:09.038631+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:17:09.038755+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
<3.4> 2020-06-09T14:17:14.038640+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.3> 2020-06-09T14:17:14.039045+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:17:14.039204+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:17:14.039326+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:17:14.039431+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
<3.4> 2020-06-09T14:17:24.039348+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.3> 2020-06-09T14:17:24.039650+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:17:24.039868+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:17:24.039998+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:17:24.040112+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
<3.4> 2020-06-09T14:17:44.040052+02:00 Telcontar openvpn 23741 - - NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
<3.3> 2020-06-09T14:17:44.040466+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.3> 2020-06-09T14:17:44.040626+02:00 Telcontar openvpn 23741 - - RESOLVE: Cannot resolve host address: gate.opensuse.org:1194 (Name or service not known)
<3.4> 2020-06-09T14:17:44.040763+02:00 Telcontar openvpn 23741 - - Could not determine IPv4/IPv6 protocol
<3.5> 2020-06-09T14:17:44.040872+02:00 Telcontar openvpn 23741 - - SIGUSR1[soft,init_instance] received, process restarting
I'm baffled. Now the VPN doesn't start. Maybe the system doesn't like retries?
gate.opensuse.org is external, can not be resolved. Huh? My entire name
solving is failing, even when I stop the VPN, because:
Jun 09 14:06:42 Telcontar systemd[1]: Starting DNS caching server....
Jun 09 14:06:42 Telcontar dnsmasq[22895]: dnsmasq: cannot read /etc/dnsmasq.opensuseservers.conf: Permission denied
Jun 09 14:06:42 Telcontar dnsmasq[22895]: cannot read /etc/dnsmasq.opensuseservers.conf: Permission denied
Jun 09 14:06:42 Telcontar dnsmasq[22895]: FAILED to start up
Jun 09 14:06:42 Telcontar systemd[1]: dnsmasq.service: Control process exited, code=exited status=3
Jun 09 14:06:42 Telcontar systemd[1]: Failed to start DNS caching server..
Jun 09 14:06:42 Telcontar systemd[1]: dnsmasq.service: Unit entered failed state.
Jun 09 14:06:42 Telcontar systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Question on apparmor:
/etc/apparmor.d/usr.sbin.dnsmasq:
...
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.dnsmasq>
}
Should I remove the '#' before the include?
- --
Cheers,
Carlos E. R.
(from openSUSE 15.1 x86_64 at Telcontar)
-----BEGIN PGP SIGNATURE-----
iHYEARECADYWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXt+AJxgcY2FybG9zLmUu
ckBvcGVuc3VzZS5vcmcACgkQtTMYHG2NR9UUpgCfbPCA8d3eMqJ0GmbmFTrSXS2x
hssAn3Bt2Lm1IIaRn6AyJNkZY6dLc220
=ZFte
-----END PGP SIGNATURE-----