DNS issue resolving host names private vpn

Appologies in advance, I am NOT a networking person

At home I run OpenSuse Leap 15.6. For work I connect through a private VPN, and log into a remote machine. I specficially am having an issue where I cannot resolve the remote host names, I’m only able to connect to the machines with a specific IP address.

This appears to be only on my end, and cannot figure out why. My IT department point it towards me as its fine on their end and seems specific to me and my OS.

I don’t even know what to start searching for to resolve the issue. Any help would be greatly appreciated.

I have installed sysconfig editor and tried adding the VPN DNS server to these variables, but it didn’t help (I really don’t know what any of this does):

NETCONFIG_DNS_STATIC_SEARCHLIST
NETCONFIG_DNS_STATIC_SERVERS

Here are my Suse specs if that helps:
openSUSE Leap 15.6 x86_64
6.4.0-150600.23.7-default
Plasma 5.27.11

Are you using NetworkManager, and if so did you check the VPN DNS configuration settings?

Hello. Do you mean the Network Settings in Yast? I’m not really sure what to set in here, the Network Setup Method has “Network Manager”

And gives me this warning:

“Network is currently handled by NetworkManager or completely disabled. YaST is unable to configure some options”

Thats on the Overview page.

Yes, that confirms that you are using NetworkManager. As you mentioned that you are using Plasma, look down at the task bar and configure the network connection…
image

image

Not really sure what to do from there. I’ve tried adding what they said is the DNS address into the IPv4 and IPv6 “Other DNS Servers” addresses, but nothing has changed for resoving the hostnames.

When the VPN connection is active, show the output of

cat /etc/resolv.conf
nmcli dev show | grep DNS

Thanks, here’s the output for those

cat /etc/resolv.conf

### /etc/resolv.conf is a symlink to /run/netconfig/resolv.conf
### autogenerated by netconfig!
#
# Before you change this file manually, consider to define the
# static DNS configuration using the following variables in the
# /etc/sysconfig/network/config file:
#     NETCONFIG_DNS_STATIC_SEARCHLIST
#     NETCONFIG_DNS_STATIC_SERVERS
#     NETCONFIG_DNS_FORWARDER
# or disable DNS configuration updates via netconfig by setting:
#     NETCONFIG_DNS_POLICY=''
#
# See also the netconfig(8) manual page and other documentation.
#
### Call "netconfig update -f" to force adjusting of /etc/resolv.conf.
nameserver 119.40.106.35
nameserver 119.40.106.36
nmcli dev show | grep DNS
IP4.DNS[1]:                             119.40.106.35
IP4.DNS[2]:                             119.40.106.36

Ok, that confirms that only the public DNS server is assigned/in use.

When you edited the VPN connection profile, did you deactivate it and reactivate it to take effect?

Yeah I’ve restarted my machine and the VPN. If I add additional “Search Domains” those seem to stick and show up when running

cat /etc/resolv.conf

However any additional DNS address, always seems to reset to the ones shown above.

Can you send a screen shot (similar to the below)?

Please also confirm that you are editing the VPN connection of interest.

Sorry I had to block out the IP addresses and search domains. Not sure if I should be adding these to the Bridge or Wired connection? The only thing that seems to stick is the Search Domains in the /etc/resolv.conf…

Ok, that is not a VPN connection (as far as NetworkManager is concerned). It is a bridge. Are you connecting via a company-supplied router perhaps? Unfortunately, I can only speculate here as you haven’t shared enough detail to be of further help.

How do you actually activate your VPN? Are you actually connecting to a remote jump host?

Thanks, sorry I’m not exactly sure what info to provide. I’m connecting through GlobalProtect-openvpn. No physical devices at all.

Once connected if I try and nslookup and my machine host name, just says it can’t find it. Appologies I’m not trying to be cryptc, just need to be careful what info/addresses I’m sharing. Thank you for helping.

Ok, that explains why NM configuration not having any effect at all here. You should really need to take this up with your network/IT people.

Ok thanks again for trying to help. The more I dig in I think I need a certificate to make this a proper connection not use the open source GP client as that doesn’t really have many options.

Yes, if you can set this up to be managed by NetworkManager, then this would be ideal.

Agreed. Thank you again!

Further digging and I found the solution to this

Simply switching my Network Setup Method to Wicked Service seems to resolve it.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.