Setting up VPN via NetworkManager in Linux Mint was actually really simple. But I kept having issues with DNS. I set up my VPN server to push down itself as the dns server to use and a domain-search domain.

  • The domain search domain from vpn was getting mixed in with the other search domains from the local dhcp server when the connection was on eth0.

  • NetworkManager launches dnsmasq when it starts. (Note, there is no /etc/init.d/dnsmasq script or anything like that. It’s merely a built binary sitting in /usr/sbin that gets launched with a bunch of conf options at start) This also works similar with openvpn when you spawn a vpn connection. So on connect to the vpn, the dns address of the gateway gets loaded in dnsmasq just fine. But trying to ping one of my boxes on the local network to my vpn server/gateway, i got a response of boxname.firstsearchdomain.com which is not what I want.

How I fixed this:

  1. Pushed “DOMAIN” instead of “DOMAIN-SEARCH” from the server/gateway.

    push "dhcp-option DOMAIN house.com" 
    push "dhcp-option DNS 192.168.1.1"
    
  2. You can turn off dnsmasq in /etc/NetworkManager/NetworkManager.conf if you want. Not a big deal if you don’t. Either way, the way this works is when you connect to the vpn, settings get pushed down from the vpn server get loaded into dnsmasq.

  3. Personally, I keep it on and enable caching since I want as little extra traffic going through the vpn as possible. You can do this by making a file in /etc/NetworkManager/dnsmasq.d/ and placing dnsmasq configuration parameters in there. dnsmasq, unlike most programs, take configuration parameters over command line parameters.

    • I verify that dnsmasq is pulling my configuration parameters by watching syslog for a line similar to: “started, version 2.66 cachesize 500?
  4. You can see how NetworkManager starts dnsmasq by using ps -ef | grep dnsmasq and see what conf options are passed (manpage).

  5. You can also see in syslog the full connection details etc..

    Apr 25 16:01:51 minty NetworkManager[27583]: <info> VPN connection 'house' (IP4 Config Get) reply received from old-style plugin.
    Apr 25 16:01:51 minty NetworkManager[27583]: <info> VPN Gateway: 1.2.3.4
    Apr 25 16:01:51 minty NetworkManager[27583]: <info> Tunnel Device: tun0
    Apr 25 16:01:51 minty NetworkManager[27583]: <info> IPv4 configuration:
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Internal Gateway: 172.1.1.2
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Internal Address: 172.1.1.3
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Internal Prefix: 32
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Internal Point-to-Point Address: 172.1.1.2
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Maximum Segment Size (MSS): 0
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Static Route: 192.168.1.0/24   Next Hop: 192.168.1.0
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Static Route: 172.1.1.1/32   Next Hop: 172.23.23.1
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Forbid Default Route: no
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   Internal DNS: 192.168.1.1
    Apr 25 16:01:51 minty NetworkManager[27583]: <info>   DNS Domain: 'house.com'
    
  6. If you are managing OpenVPN yourself, here are some scripts for managing your resolv.conf using resolvconf on connect/disconnect.

View this page for more info on dnsmasq/NetworkManager integration.

Blog Logo

Mario Loria


Published

Image

./scriptthe.net

Because 127.0.0.1 gets old after a while.

Back to Overview