A propeller head entry today for Linux hackers that is wireless network related: As I'm probably not the only one on this planet considering using Ubuntu 12.04 and connecting it to the Internet over a 3G dongle and uses OpenVPN over the link here's a quick tip how to overcome a little flaw in the network manager that prevents the proper setup of DNS IP addresses when the VPN tunnel is established. Let's hope Google will help you to find this page when you need it 🙂
In the previous Long Term Support version, DNS configuration was dead simple: /etc/resolv.conf contained the IP addresses of the DNS servers to be used and the file was updated after the 3G dialup connection was established and once again after the OpenVPN tunnel came up as it uses different DNS servers that go through the tunnel.
Unfortunately in 12.04 LTS this has considerably changed: /etc/resolv.conf is now a link to /run/resolvconf/resolv.conf. The DNS reference in this file is now always 127.0.0.1 because Ubuntu now uses dnsmasq to reach out and resolv DNS queries instead of the standard network mechanism. The real configuration file that is populated with DNS IP addresses when the Wi-Fi or OpenVPN interface comes up is /var/run/nm-dns-dnsmasq.conf.
The problem comes in when a 3G dialup session is established. It seems to be a bug but the DNS servers are not put into the dnsmasq config file but into resolv.config before the reference to 127.0.0.1. In other words, dnsmasq is not used for 3G dialup or only when the 3G dialup session DNS servers fail.
This is no problem until the point when an OpenVPN tunnel is established via the network manager, which puts its DNS server ip addresses into the dnsmasq config file. As the 3G connection has modified resolv.config these DNS servers are only hit once no answer is received from the DNS servers of the 3G dialup, which are not reachable through the VPN tunnel. Result: DNS queries have to timeout on the 3G dialup DNS servers which do not answer. Then 127.0.0.1 is hit in resolf.conv which takes several seconds which invokes dnsmasq which finally asks the DNS servers that can be reached over the VPN tunnel. In practice that is pretty much standstill. Somebody must have overlooked that unfortunately.
And here's a fix until somebody in the Ubuntu or network manager team figures this out and provides a real patch:
- Create resolv.conf-overwrite in the root directory that only contains 127.0.0.1 as the nameserver IP address
- Create a script with filename 99copyresolvconf in /etc/NetworkManager/dispatcher.d with the following content:
cp /resolv.conf-overwrite /var/run/resolvconf/resolv.conf
- Ensure to do a chmod +x to make the file executable!
Now everytime a network interface comes up the resolv.conf file is overwritten with the default one that only contains 127.0.0.1. It's ugly but it works..