Ubuntu
strongswan package

  1. Bug #1783377
  2. Comment #0

Comment 0 for bug 1783377

Revision history for this message
Vin'c (g4-u3uxtu-lr) wrote :

Ubuntu 18.04.1 / bionic

Fresh install on a VM, was facing a bug when connecting to strongswan ikev2 vpn (https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705)

-> Updated from cosmic the required packages for the VPN that has the bug fixed (5.6.2-2):

network-manager-strongswan:
  Installé : 1.4.4-1
  Candidat : 1.4.4-1
 Table de version :
 *** 1.4.4-1 300
        300 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 Packages
        100 /var/lib/dpkg/status
     1.4.2-2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
libcharon-extra-plugins:
  Installé : 5.6.2-2ubuntu1
  Candidat : 5.6.2-2ubuntu1
 Table de version :
 *** 5.6.2-2ubuntu1 300
        300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        100 /var/lib/dpkg/status
     5.6.2-1ubuntu2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libcharon-standard-plugins:
  Installé : 5.6.2-2ubuntu1
  Candidat : 5.6.2-2ubuntu1
 Table de version :
 *** 5.6.2-2ubuntu1 300
        300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        100 /var/lib/dpkg/status
     5.6.2-1ubuntu2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libstrongswan-extra-plugins:
  Installé : 5.6.2-2ubuntu1
  Candidat : 5.6.2-2ubuntu1
 Table de version :
 *** 5.6.2-2ubuntu1 300
        300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        100 /var/lib/dpkg/status
     5.6.2-1ubuntu2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libstrongswan-standard-plugins:
  Installé : 5.6.2-2ubuntu1
  Candidat : 5.6.2-2ubuntu1
 Table de version :
 *** 5.6.2-2ubuntu1 300
        300 http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        100 /var/lib/dpkg/status
     5.6.2-1ubuntu2 500
        500 http://fr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

Before connecting the VPN, `systemd-resolve --status` shows :
         DNS Servers: 192.168.1.254 # my home box resolver

After connecting :
         DNS Servers: 10.0.0.254 # DNS resolver provided by the VPN server
                      192.168.1.254 # my home box resolver

This seems OK, but the resolution fails as it is still using the local DNS :
systemd-resolved[270]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

After issuing `systemctl reload-or-restart systemd-resolved.service`, everything seems fine.

systemd-resolved[5651]: Got DNS stub UDP query packet for id 24298
systemd-resolved[5651]: Looking up RR for my.host.inside.vpn IN A.
systemd-resolved[5651]: Switching to DNS server 10.0.0.254 for interface enp0s3.
systemd-resolved[5651]: Cache miss for my.host.inside.vpn IN A
systemd-resolved[5651]: Transaction 9273 for <my.host.inside.vpn IN A> scope dns on enp0s3/*.
systemd-resolved[5651]: Using feature level UDP+EDNS0 for transaction 9273.
systemd-resolved[5651]: Using DNS server 10.0.0.254 for transaction 9273.

I was hoping that `systemd-resolved` could find the new DNS without restarting its service after connecting to the VPN.

Thanks for reading
Best Regards,
Vincet