openconnect is connected but does not use the right dns
Solution 1:
I found something that works from an answer on the Manjaro Forum: Weird DNS issue over VPN
So basically what did I do:
sudo systemctl stop systemd-resolvedsudo systemctl disable systemd-resolved- Remove symlink between
/etc/resolv.confand/run/systemd/resolve/resolv.conf- Comment out the line with
hosts: ...in/etc/nsswitch.conf- Reboot
Tbh, it's still a bit voodoo to me about why it works.
The hypothetical underlying reason about why this works from the author is pasted below:
My understanding is that commenting out the line with hosts in
/etc/nsswitch.confallowssudo openconnectto work withoutsystemd-resolved. Indeed, openconnect relies on/etc/vpnc/vpnc-scriptto detect which type of DNS resolver is used and if it finds a row containing the word "resolve" in/etc/nsswitch.conf, it thinkssystemd-resolvedis being used even if it is disabled.This is why I got an error when using
sudo openconnectwithsystemd-resolveddisabled. And this is also why I did enable this service afterwards. However it seems this caused some errors and even if the symlink technique did work, I was still having some issues with DNS leaks. Well, simply commenting this line in/etc/nsswitch.confis what is recommended in the above link and it indeed works. Now, although systemd-resolved is being disabled (the default in Manjaro apparently),sudo openconnectdoes't complain anymore about it and works properly.I don't know whether
vpnc-scriptis at fault here: it should not detectsystemd-resolvedas the DNS resolver being used based on that row innsswitch.conf. It should check ifsystemd-reolvedis enabled IMHO.
Solution 2:
I had this issue. I was due to a known bug. This workaround worked for me:
add this to /etc/network/if-up.d/globalprotect:
#!/bin/sh
# Hacky workaround bug in NM not setting the default routes.
if [ "$IFACE" = "vpn0" ]; then
ip route replace default via 0.0.0.0 dev vpn0
fi