← Back to team overview

touch-packages team mailing list archive

[Bug 1349011] Re: nm-l2tp-service needs exception in ppp ip-up/down scripts

 

> \o/

Thanks again :)

> That is in most cases the *desired* behavior,

On today's systems, I don't think so. Debian and Ubuntu run a dnsmasq
instance by default, with the only nameserver in /etc/resolv.conf being
127.0.1.1. Rather than overwrite this local caching server with any
remote one, it makes more sense to reconfigure *it* to include/remove
the new nameservers. Not only can you continue to benefit from the
cache, but it's smart enough to route lookups to different servers
depending on the domain. That's a benefit because:

> since only the VPN nameservers have name information about both the VPN and the Internet.
> Also, under what circumstances do you not trust the VPN with your DNS traffic?

Well, if you work at home and connect to an employer's VPN, what earthly
reason is there to send them all your Internet DNS lookups? It's far
preferable to only use their nameservers just for employer.com and 99.10
.in-addr.arpa, or whatever. Not only that, but if you have a local
nameserver that provides local names, you really don't want to wait for
the remote to time out before querying those, either.

That's exactly what NetworkManager does, simply by sending dnsmasq a
DBus message with the new servers, and (optionally) what zones to use
them for. However, it only works if the specific plugin in use is
excluded from resolvconf's ppp/ip-up script.

Come to think of it, there's a growing number of NM VPN plugins in the
repos nowadays. There has to be a better way of handling this than
excluding every one specifically...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1349011

Title:
  nm-l2tp-service needs exception in ppp ip-up/down scripts

Status in “resolvconf” package in Ubuntu:
  Confirmed

Bug description:
  There is an actively maintained NetworkManager L2TP VPN plugin,
  available as an Ubuntu package here: https://launchpad.net/~seriy-
  pr/+archive/ubuntu/network-manager-l2tp. Hopefully it will be a part
  of Ubuntu soon.

  Like nm-pptp-service, it needs an exception in
  /etc/ppp/ip-{up,down}.d/000resolvconf (part of the resolvconf package)
  as follows:

  % diff /etc/ppp/ip-up.d/000resolvconf /tmp/resolvconf-1.69ubuntu1.1/debian/resolvconf.000resolvconf.ppp.ip-up
  16c16
  <   nm-l2tp-service-*|nm-pptp-service-*|/org/freedesktop/NetworkManager/PPP/*)
  ---
  >   nm-pptp-service-*|/org/freedesktop/NetworkManager/PPP/*)

  Since that's how it works for the PPTP plugin, could we add the L2TP
  one as well so that it can work out of the box on Ubuntu?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1349011/+subscriptions


References