forticlient vpn broke the non-vpn dns

I am on Ubuntu 14.10 and I installed forticlient to connect to my work network (following their doc) and some time later I started having big trouble connecting to most internet site. After some search (and many test and configuration that I lost track of...), I realized this:

• I don't think the problem happens right after installation and/or 1st use of forticlient
• forticlient happened to show some unreadable error message related to sslvpn
• (now) everything work when connected to the VPN,

then when not on VPN:

• addresses/sites that I went to when connected to the VPN, still work
• host and nslookup seems to work
• ping usually don't - but for addresses I connected to while on VPN
• Firefox always return a "server not found" page - but for addresses I connected to while on VPN
• nslookup output start by Got recursion not available from X.X.X.X, trying next server where X.X.X.X point to a server from my work

Actually it is the last point that made me realise the problem came probably from forticlient, and then I realised the 3rd point.

So I have 2 questions:

1. how can I repair the non-VPN connection?
2. how all that DNS and VPN system works in Ubuntu/Linux? What are the files and program that are related, in which way/order?

Thanks

Solution 1:

I found out that even when not connected to the vpn, may /etc/resolf.conf contained the server address of my work (the X.X.X.X in the question). Actually it contained it twice, and when the client is connected, then there are 3 of those. I guess vpnclient happened to left those lines when some bug occurred.

So I deleted those line, to keep only:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.

And it seems to work well again.

I'll correct this answer if I encounter the problem again.

Solution 2:

I faced a similar issue on Ubuntu 20.04.

After connecting to VPN for the first time using Forticlient, the system could not connect to the Internet at all. Tried uninstalling it, but that didn't work as well.

Forticlient probably messes up the /etc/resolv.conf file.

Tried re-installing resolveconf, but after uninstalling it, couldn't re-install due to no internet.

The solution is to manually download the resolveconf package from Ubuntu repo

http://archive.ubuntu.com/ubuntu/pool/main/r/resolvconf/

along with its dependency ifupdown,

http://archive.ubuntu.com/ubuntu/pool/main/i/ifupdown/

and install them using :

sudo dpkg -i ifupdown_0.8.35ubuntu1_amd64.deb
sudo dpkg -i resolvconf_1.78ubuntu7_all.deb

After installation, add the following line in the /etc/resolvconf/resolv.conf.d/tail file for specifying the nameserver:

nameserver 8.8.8.8

Adding it to tail will make sure the line is appended to the .conf file after any updates are done.

and run the following command to update the .conf file:

sudo resolvconf -u

The nameserver should now appear in the /etc/resolv.conf.

And the Internet should also be back to normal.

Solution 3:

Extending the accepted answer, in order to prevent forticlient from updating the /etc/resolv.conf file with a bogus nameserver line, I used a command recommended here:

 sudo chattr +i /etc/resolv.conf

This way the resolv.conf will not be modified (unlike removing write permission with chmod, which does not stop it from updating the file). Beware: it works for me but not necessarily for others - I expect it will fail when the DNS settings are to be auto-updated after e.g. DHCP.

Before applying the flag, don't forget to remove the line inserted by forticlient. After applying the immutable flag, forticlient reports an error /etc/resolv.conf: Permission denied but VPN works fine regardless.