Announcement

**SteveRiley** · Sep 30, 2012, 03:19 PM

In many cases, organizations customize these VPN clients. And sometimes these customizations cause breakage.

Let's take a look at some files. Please show the results of these commands:

1. cat /etc/network/interfaces
2. cat /etc/hosts
3. cat /etc/NetworkManager/NetworkManager.conf
4. ll /etc/resolv.conf

If the output of #4 shows a symlink pointing to ../run/resolvconf/resolv.conf, then:

5. cat /run/resolvconf/resolv.conf

else

5. cat /etc/resolv.conf

**Morrow** · Sep 30, 2012, 03:55 PM

Thanks for your answer! Here the results:

Code:

morrow@morrow-nb-kb:~$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

morrow@morrow-nb-kb:~$ cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       morrow-nb-kb

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

morrow@morrow-nb-kb:~$ cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=dnsmasq

[ifupdown]
managed=false

morrow@morrow-nb-kb:~$ ll /etc/resolv.conf
-rw-r--r-- 1 root root 114 Sep 26 08:16 /etc/resolv.conf

morrow@morrow-nb-kb:~$ cat /etc/resolv.conf
domain mobile.unibas.ch
nameserver 131.152.1.1
nameserver 131.152.1.5
search mobile.unibas.ch docking.p.unibas.ch

**SteveRiley** · Sep 30, 2012, 04:06 PM

Your VPN client messed up /etc/resolv.conf. Beginning with 12.04, all Ubuntu flavors use the resolvconf tool for managing the name resolver. While in general this improves Ubuntu's behavior with respect to dynamically changing networks, I've seen some VPN clients misbehave.

Before we fix this, do you indeed have a /run/resolvconf/resolv.conf? If so, what's inside it?

**Morrow** · Sep 30, 2012, 04:13 PM

Ah, thanks for the information!

I don't seem to have this file:

Code:

morrow@morrow-nb-kb:/run/resolvconf$ ls -l -a
total 0
drwxr-xr-x  3 root root  80 Sep 30 17:28 .
drwxr-xr-x 25 root root 860 Sep 30 18:15 ..
drwxr-xr-x  2 root root  40 Sep 30 17:28 interface
-rw-r--r--  1 root root   0 Sep 30 17:28 postponed-update

**SteveRiley** · Sep 30, 2012, 05:01 PM

Delete the existing file:

Code:

sudo rm /etc/resolv.conf

Reboot your computer, and then check to ensure that /run/resolvconf/resolv.conf is created and that /etc/resolv.conf symlinks to it.

/run is temporary file system contained completely within RAM. It gets recreated on each boot. resolvconf doesn't create the file in /run and doesn't set up the symlink if a "real" /etc/resolv.conf exists.

**Morrow** · Sep 30, 2012, 05:21 PM

Well, deleting /etc/resolv.conf solved the issue, but the file /run/resolvconf/resolv.conf isn't created and there is no symlink:

Code:

morrow@morrow-nb-kb:~$ ll /etc/resolv.conf
ls: cannot access /etc/resolv.conf: No such file or directory
morrow@morrow-nb-kb:~$ ll /run/resolvconf/resolv.conf
ls: cannot access /run/resolvconf/resolv.conf: No such file or directory

**SteveRiley** · Sep 30, 2012, 05:30 PM

Run

Code:

sudo dpkg-reconfigure resolvconf

and answer "Yes" to the question "Prepare /etc/resolv.conf for dynamic updates?"

Then reboot and verify.

**Snowhog** · Sep 30, 2012, 05:30 PM

Originally posted by SteveRiley View Post

Delete the existing file:

Code:

sudo rm /etc/resolv.conf

Reboot your computer, and then check to ensure that /run/resolvconf/resolv.conf is created and that /etc/resolv.conf symlinks to it.

/run is temporary file system contained completely within RAM. It gets recreated on each boot. resolvconf doesn't create the file in /run and doesn't set up the symlink if a "real" /etc/resolv.conf exists.

Me thinks that this isn't correct.

On my 12.04 install, the /etc/resolv.conf file has a date stamp on it of 29 Mar 3 2012. The following packages were dist-upgraded on that date:

The following packages will be upgraded:
dconf-gsettings-backend dconf-service gir1.2-glib-2.0 glib-networking
glib-networking-common glib-networking-services gsettings-desktop-schemas
libatk1.0-0 libatk1.0-data libcroco3 libdconf0 libgeoclue0
libgirepository-1.0-1 libglib2.0-0 libgtk-3-0 libgtk-3-bin libgtk-3-common
libpango1.0-0 librsvg2-2 libsoup-gnome2.4-1 libsoup2.4-1 libtelepathy-glib0

The file contains the following:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

The /etc/resolv.conf file is linked to /run/resolvconf/resolv.conf:

lrwxrwxrwx 1 root root 29 Mar 3 2012 /etc/resolv.conf -> ../run/resolvconf/resolv.conf

So, the /etc/resolv.conf file 'should' exist, and the "run-time" link is established each boot.

**Morrow** · Sep 30, 2012, 05:41 PM

After running sudo dpkg-reconfigure resolvconf, it is equals to your installation now, Snowhog:

Code:

morrow@morrow-nb-kb:~$ ll /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Oct  1 01:32 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
morrow@morrow-nb-kb:~$ ll /run/resolvconf/resolv.conf
-rw-r--r-- 1 root root 172 Oct  1 01:34 /run/resolvconf/resolv.conf
morrow@morrow-nb-kb:~$ cat /run/resolvconf/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

It is now working as expected, with and without running VPN Client.

Thanks very much for your help!

**Snowhog** · Sep 30, 2012, 05:44 PM

You're welcome. That's what we are here for -- to help; as and when we can.

**SteveRiley** · Sep 30, 2012, 07:09 PM

Originally posted by Morrow View Post

After running sudo dpkg-reconfigure resolvconf, it is equals to your installation now, Snowhog:

Yep, that's exactly what you should see.

Originally posted by Snowhog View Post

So, the /etc/resolv.conf file 'should' exist, and the "run-time" link is established each boot.

Let's check the installation scripts. Maybe my summary is off.

When DPKG is installing resolvconf, the pre-installation script erects the scaffolding in /run and in /etc/resolvconf. The "linkify" portion of the post-installation script checks to see if a "real" /etc/resolv.conf exists, and if so, copies it to /etc/resolvconf/resolv.conf.d/original. Next the script copies the "real" one to /run/resolvconf/resolv.conf. Finally, the script creates the link:

Code:

ln -nsf ../run/resolvconf/resolv.conf /etc/resolv.conf

The -f wipes out the existing "real" file.

Package installation is now complete. When the computer is shut down, /run disappears, of course. But the symlink doesn't; it simply points to nothing. You can simulate this yourself:

1. copy /run/resolvconf/resolv.conf to someplace else
2. remove it
3. note that the output of ll /etc/resolv.conf is red

When the computer boots (or even when networking is reconfigured) the resolvconf program reconstructs /run/resolvconf/resolv.conf. Now the symlink has something to point to again. Continuing with the previous example, you can simulate this:

1. copy your saved file back to /run/resolvconf/resolv.conf
2. note that the output of ll /etc/resolv.conf is cyan

So the symlink is actually never modified; the man page for resolvconf confirms this. What happens in the case where, after installation of resolvconf, something comes along and clobbers the carefully constructed symlink? resolvconf does nothing. From the man page:

To make the resolver use this dynamically generated resolver configuration file the administrator should ensure that /etc/resolv.conf is a symbolic link to /run/resolvconf/resolv.conf. This link is normally created on installation of the resolvconf package. The link is never modified by the resolvconf program itself. If you find that /etc/resolv.conf is not being updated, please check to make sure that the link is intact.

The VPN configuration created a static /etc/resolv.conf. Thus, resolvconf was doing nothing. Deleting the static file wasn't sufficient, because the symlink is created only during package configuration. Running dpkg-reconfigure fixed that: it created a new symlink.

*Whew!* I love these little investigations

Announcement

Cisco AnyConnect blocks internet access

Cisco AnyConnect blocks internet access

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment