No name resolution (DNS) on openSUSE Leap 15.4

[vinyanalista]

Hi! First of all, thank you for the great program!

I'm an openSUSE Leap user.

A bit of context

I used to connect to my work's GlobalProtect VPN invoking the openconnect command directly, and I made a tutorial on how to do it:

• How to connect to a GlobalProtect VPN - Linux Kamarada

Then my work's network admin showed me there was a way to set up the VPN using the GUI tool Advanced Network Configuration (package NetworkManager-connection-editor on openSUSE, network-manager-gnome on Ubuntu and Debian) and for some time I used it that way.

But then my work started to require two-factor authentication (2FA) to login to the VPN, and the previous methods stopped working, that's when I came accross your program.

What is working

• Installation works fine (I shared installation instructions for openSUSE Leap 15.4 on issue package for OpenSUSE Leap 15.4 #160);
• I'm able to connect to the VPN. The 2FA screen is shown, I enter the TOTP. In the end, I can see a tun0 interface with an assigned IP address if I run ip address;
• I can see routes are setup if I run ip route;
• I'm able to ping some intranet server, if I know its IP address.

What is not working

• Name resolution (DNS): I'm not able to ping intranet servers by their names.

I see that the /etc/resolv.conf file is not updated (maybe issue #53 is related).

And if I run nmcli, I don't see my work's DNS servers listed. Just my ISP gateway at home (which serves a local DNS server).

Networking on openSUSE is managed by either NetworkManager (default for desktops) or Wicked (a framework developed by openSUSE as a replacement for the ifup family of scripts, default for servers).

At the moment, I'm using NetworkManager.

I haven't tested GlobalProtect-openconnect with Wicked yet.

[vinyanalista]

I opened YaST's Network Settings and switched the Network Setup Method to Wicked Service. Then, I had to set up my Wi-Fi connection using YaST.

But, after that, GlobalProtect-openconnect just worked. The /etc/resolv.conf file was updated with my work's internal nameservers and domain search list.

I'm going to use it this way. The drawback of this setup is that I cannot use the GNOME's NetworkManager applet (or the GNOME Settings app, or the Advanced Network Configuration tool) to handle network settings, I need to go through YaST, which, for a desktop, is not practical (especially for the newbie, which is not my case, but I believe is the target user of GlobalProtect-openconnect).

I think we should keep this issue open and investigate a better way to integrate GlobalProtect-openconnect with NetworkManager (and/or openSUSE).

[ldriscoll]

With this one, I opened a ticket with opensuse: https://bugzilla.opensuse.org/show_bug.cgi?id=1204297.

Basically you need to edit /etc/sysconfig/network/config and add:
NETCONFIG_DNS_POLICY='STATIC_FALLBACK tun0 NetworkManager'

[matheussilvasantos]

@ldriscoll, would you know why such a file doesn't exist for me?

[ldriscoll]

@ldriscoll, would you know why such a file doesn't exist for me?

@matheussilvasantos it exists on Leap (15.4) and Tumbleweed; which OpenSUSE distro are you using?

[matheussilvasantos]

@ldriscoll, oh, I'm sorry. Too many tabs opened. I'm actually using Fedora and having the same problem.

[ldriscoll]

@matheussilvasantos sorry, I'm not much help to you there!

[matheussilvasantos]

https://askubuntu.com/a/1169474/620001 made it work for me on Fedora. I believe it might work on OpenSUSE since the issue seems related to openconnect and systemd.