Continuing to use split VPN after Fedora 33 upgrade

mathstuf · November 1, 2020, 10:28am

I upgraded to Fedora 33 yesterday and am also encountering issues with the switch to systemd-resolved. I was using it before, but not going through /etc/resolv.conf means that my use of namespaced-openvpn no longer works. I would like to continue with this pattern if at all possible. I understand that I could use resolvectl to tell systemd-resolved about the device, but it is in a separate namespace, so it can’t actually do anything about it. Can I instead configure things inside of the VPN network namespace to go back to using /etc/resolv.conf or otherwise continue using the split networking setup?

Thanks.

mathstuf · November 1, 2020, 10:34am

I found out that I can edit /etc/nsswitch.conf to remove the resolve [!UNAVAIL=return] elements from the hosts line. However, if it is possible to continue to use network namespaces to keep things separate down to the kernel level, that would be great. Is this a systemd feature request?

vgaetera · November 1, 2020, 10:50am

You might want to utilize policy-based routing with separate routing tables and rules.
Or isolate applications with container-based virtualization.

Topic		Replies	Views
DNS Broken in Fedora 33 after update Ask Fedora f33 , networking	2	388	June 27, 2021
F5 VPN dns issue with systemd-resolvd Ask Fedora f33 , vpn , systemd-resolved	19	3528	December 11, 2020
DNS resolution and connectivity issues Project Discussion workstation-wg	1	1334	February 19, 2019
Behavior of Fedora DNS and resolv.conf Ask Fedora	9	5084	October 13, 2021
Should /etc/resolv.conf be a symlink? Ask Fedora	12	6769	August 14, 2020

Continuing to use split VPN after Fedora 33 upgrade

Related topics