Missing resolvconf causes silent failure after openvpn has been launched

Question

Missing resolvconf causes silent failure after openvpn has been launched

sorsasampo opened this issue 6 years ago · 7 comments

You are using /etc/openvpn/update-resolv-conf (provided by openvpn package in Debian):

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

The first check this script does is:

[ -x /sbin/resolvconf ] || exit 0

In other words, it will exit successfully and silently if resolvconf is not installed. This will cause DNS to still point to the old DNS servers, causing wget requests to api.protonmail.ch to fail.

You should:

List resolvconf as a dependency since you are relying on update-resolv-conf.
Bail out or at least warn if /sbin/resolvconf is not executable.

(This may be related to issues I had in #3.)

Answer 1 · 2018-12-08T07:56:57.000Z

I'll make a PR for this.

Answer 2 · 2018-12-17T14:07:08.000Z

Hi @sorsasampo !

For #3
It was fixed on a later update :)

Regarding resolvconf update-resolv-conf, we don't mainly rely on any DNS handler. We wrote our own handler in Linux and macOS to avoid compatibility issues.

It should be working smoothly. It has been improved during the last months. We currently haven't received issues regarding it.

But thank you very much for checking!

Answer 3 · 2018-12-17T14:17:54.000Z

Regarding resolvconf update-resolv-conf, we don't mainly rely on any DNS handler. We wrote our own handler in Linux and macOS to avoid compatibility issues.

It should be working smoothly. It has been improved during the last months. We currently haven't received issues regarding it.

I don't understand. Latest git revision of protonvpn-cli depends on update-resolv-conf, which depends on resolvconf. This issue is very much present in the latest git revision. What does "we wrote out own handler" mean in this case? Why did you close the issue?

Answer 4 · 2018-12-17T14:48:29.000Z

@sorsasampo
protonvpn-cli does not fully depend on update-resolv-conf. https://github.com/ProtonVPN/protonvpn-cli/blob/master/protonvpn-cli.sh#L330

This should do the handling of DNS without the requirement of resolvconf or update-resolv-conf.

The depending of update-resolv-conf was from an early version where this part wasn't stable. We can currently remove this update-resolv-conf part and pvpn would work normally.

resolvconf and update-resolv-conf task are managing DNS when connecting and disconnecting from OpenVPN. The independent handler does the same task for both Linux and macOS. It's needed this way in order to prevent DNS leaks

Answer 5 · 2018-12-17T17:22:03.000Z

protonvpn-cli does not fully depend on update-resolv-conf. https://github.com/ProtonVPN/protonvpn-cli/blob/master/protonvpn-cli.sh#L330

Really? I was pretty sure that protonvpn-cli was fully dependent on update-resolv-conf and resolvconf to work on Linux platforms since networksetup is for macOS only.

Answer 6 · 2018-12-17T17:59:57.000Z

@xilopaint Yes,

but for macOS, yes, as you said, networksetup is required to do the process.

Answer 7 · 2018-12-18T17:17:51.000Z

@mazen160 so if there is no problem as you claim, why does DNS break for me when I don't have resolvconf installed?

I don't appreciate how aggressively you close issues people are reporting. It deters contributions.

It should be working smoothly. It has been improved during the last months. We currently haven't received issues regarding it.

Except for the one I opened. And with pretty clear explanation the issue I have, and how to fix it.

Did you even try to reproduce this issue on Linux without resolvconf?