Continuing to use split VPN after Fedora 33 upgrade

mathstuf · November 1, 2020, 10:28am

I upgraded to Fedora 33 yesterday and am also encountering issues with the switch to systemd-resolved. I was using it before, but not going through /etc/resolv.conf means that my use of namespaced-openvpn no longer works. I would like to continue with this pattern if at all possible. I understand that I could use resolvectl to tell systemd-resolved about the device, but it is in a separate namespace, so it can’t actually do anything about it. Can I instead configure things inside of the VPN network namespace to go back to using /etc/resolv.conf or otherwise continue using the split networking setup?

Thanks.

mathstuf · November 1, 2020, 10:34am

I found out that I can edit /etc/nsswitch.conf to remove the resolve [!UNAVAIL=return] elements from the hosts line. However, if it is possible to continue to use network namespaces to keep things separate down to the kernel level, that would be great. Is this a systemd feature request?

vgaetera · November 1, 2020, 10:50am

You might want to utilize policy-based routing with separate routing tables and rules.
Or isolate applications with container-based virtualization.