VPN, NetworkManager overwriting resolv.conf and NetworkManager.conf after appVM restart. Cannot resolve VPN DNS

FTdjskqzYJueWkqwSLE2 · September 1, 2020, 7:30pm

Following this guide: https://www.qubes-os.org/doc/vpn/

# To override DHCP DNS, assign DNS addresses to 'vpn_dns' env variable before calling this script;
# Format is 'X.X.X.X  Y.Y.Y.Y [...]'

I’m not sure how to do this. I overwrite /etc/resolv.conf with the proper DNS addresses and the VPN works. However, when I restart the appVM, NetworkManager overwrites resolv.conf

I’ve tried editing /etc/NetworkManager/NetworkManager.conf by appending

dns=none
rc-manager=unmanaged

However this file is overwritten too after restarting appVM.

I’ve tried protecting both of these files with:

sudo chattr +i /file/path/name.type

This does nothing to detour NetworkManager from:

# Generated by NetworkManager

Changing my files.

Side note, https://github.com/QubesOS/qubes-issues/issues/5071 … Also according to the Qubes docs:

#!/bin/bash
VPN_CLIENT='openvpn'
VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'

su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
groupadd -rf qvpn ; sleep 2s
sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"

When I comment

# su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user

after appVM startup the message appears connection established. However this does nothing to resolve the DNS addresses being overwritten.

Thank you for any input!

wobo · September 7, 2020, 3:46am

You don’t have to edit anything anywhere in any script on this documentation. What you have to do is only editing pass.txt file and openvpn-client.ovpn file, because these two files are dependent on your login credentials and your providers servers. That said, If you are really desperate to hard code dns addresses, you have to write following in qubes-vpn-handler.sh following just below #!/bin/bash-
vpn_dns=“X.X.X.X”
addr=“X.X.X.X”
Keep rest of the script as it is.
Replace X.X.X.X with providers DNS or other like 8.8.8.8 only in these two lines.
Lastly I will recommend doing so only in case of your provider offers different benefit on different DNS and by default DNS you can’t have those benefits.
You shouldn’t be tempering with network manager while using CLI method. These are quotes from original documentation-
Note: Do not enable NetworkManager in the ProxyVM, as it can interfere with the scripts’ DNS features. If you enabled NetworkManager or used other methods in a previous attempt, do not re-use the old ProxyVM… Create a new one according to this step.