November 10, 2020, 10:52am
Hi, I am trying to use a proprietary VPN (F5) client on fedora 33. It appears to be up and working but I have problems, eg I can not open websites on the VPN network. I think it is related to DNS, it looks to me that systemd-resolvd is not configured properly:
Link 2 (eno1): ~. home
Link 15 (tun0):
Link 2 (eno1): 192.168.1.1 2a01:cb19:6a9:af00:2a9e:fcff:fe94:4c0 fe80::2a9e:fcff:fe94:4c0%22006
Link 15 (tun0):
I have seen the other thread in this forum saying “systemd-resolved not querying DNS server set by openvpn” as well as the “systemd-resolved: introduction to split DNS” article on the Fedora Magazine but I still haven’t found how to fix it.
My understanding is that it simply won’t work unless I disable systemd-resolvd and go back to the previous solution.
November 10, 2020, 11:06am
Yep, or use NetworkManager-openvpn which supports systemd-resolved.
November 10, 2020, 11:08am
Hi, thanks for replying! Do you happen to know how can I use openvpn instead of the proprietary F5vpn client (or maybe do you have any hints where to look for that)?
November 10, 2020, 11:11am
sudo dnf install NetworkManager-openvpn-gnome
nmcli connection import type openvpn file /path/to/profile.ovpn
restorecon -R ~/.cert
And set up DNS:
November 10, 2020, 11:14am
I have seen this thread. My question is, do you know if openvpn support connecting to an F5 BIG-IP vpn server?
November 10, 2020, 11:26am
I think it does not hurt to try.
Usually VPN providers based on OpenVPN support third party clients.
November 10, 2020, 11:28am
Sure, it doesn’t. Where do I get a profile.ovpn file then?
November 10, 2020, 11:48am
Typically from the VPN provider.
Otherwise you can try to configure it manually with the same configuration parameters as the proprietary client.
November 10, 2020, 12:03pm
i tried doing that but I am not comfortable with the several VPN technologies/parameters and I was not given a list of my client, it is supposed to “simply work”
November 10, 2020, 12:43pm
the networkmanager-openvpn-gnome package was already installed on my system but I do not have a connection parameter file neither do I know how to write one so I can not try it. Thanks for trying
November 10, 2020, 12:57pm
You can also try using the GUI dialogue:
Settings > Network > VPN > + > OpenVPN
November 10, 2020, 1:09pm
I think F5 is not using OpenVPN, it some SSL based propriertary protocol, afaik.
November 10, 2020, 3:06pm
Thanks a lot for the input everyone.
Μy use case is F5VPN specific.
I can see some lines mentioning openvpn in the logs but I guess they are not compatible.
I did find a solution, I set by hand the domain and dns servers like this:
sudo resolvectl dns tun0 126.96.36.199 188.8.131.52
sudo resolvectl domain tun0 "~ourdomain.com"
I would like to have found why they are not passed “automatically” from the vpn client I am using or how they could be set automatically on connection, but at least it works now.
Thanks again *
November 10, 2020, 3:21pm
Those changes are supposed to be runtime.
You need to find a way to apply them upon the VPN connection activation.
Otherwise it might be easier to disable systemd-resolved for the time being.
November 11, 2020, 1:45pm
I know they are runtime. I tried adding these
in this file
/etc/systemd/network/tun0.network and restarting the service but it didn’t work. I guess either the file is wrong or I didn’t properly restart the service.
For my personal workstation this is a preferable solution than disabling systemd-resolvd and configuring by hand.
I hope these are useful to others and I hope that it will be solved in the future (i suspect when the f5vpn client is updated)
Thanks again everyone.
November 20, 2020, 10:00am
I’m facing the exact same problem as you.
Have you found a solution to permanently keep the modification of resolvectl?
November 20, 2020, 1:17pm
If your VPN service is a systemd unit, you can try using
November 25, 2020, 4:27pm
Hi, no I haven’t. Unfortunately people keep suggesting me things I do not understand (for eg this
ExecStartPost that vgaetera suggested. So I just run a script by hand every time I connect.
November 25, 2020, 4:35pm
It’s problematic to advice anything specific unless someone shares the VPN client distribution for testing.
December 11, 2020, 10:31am
Yes, I understand. Thanks a lot for any advice however. The VPN client I am using is F5.