You are not logged in.

#1 2017-08-15 02:04:24

extr
Member
Registered: 2016-09-23
Posts: 4

Why did my update-resolv-conf script stop working?

I've essentially already fixed the problem but I'm curious why I had to do anything in the first place. I recently moved and my new internet provider has ivp6 support. Great, but my VPN doesn't support that. Okay, so I disable ipv6 with:

sudo sysctl net.ipv6.conf.wlp3s0.disable_ipv6=1

My ipv6 interface stops working, so far so good. So I go to connect to my VPN:

Mon Aug 14 21:50:18 2017 WARNING: file '/etc/openvpn/pass.txt' is group or others accessible
Mon Aug 14 21:50:18 2017 OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 24 2017
Mon Aug 14 21:50:18 2017 library versions: OpenSSL 1.1.0f  25 May 2017, LZO 2.10
Mon Aug 14 21:50:18 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Mon Aug 14 21:50:18 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Aug 14 21:50:18 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 14 21:50:18 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 14 21:50:18 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]209.222.19.250:2049
Mon Aug 14 21:50:18 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Aug 14 21:50:18 2017 UDP link local: (not bound)
Mon Aug 14 21:50:18 2017 UDP link remote: [AF_INET]209.222.19.250:2049
Mon Aug 14 21:50:18 2017 TLS: Initial packet from [AF_INET]209.222.19.250:2049, sid=dfd442f1 71ee8dc2
Mon Aug 14 21:50:18 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Aug 14 21:50:18 2017 VERIFY OK: depth=1, C=MT, ST=Malta, L=Malta, O=IVPN.net, CN=IVPN.net CA, emailAddress=support@ivpn.net
Mon Aug 14 21:50:18 2017 VERIFY OK: nsCertType=SERVER
Mon Aug 14 21:50:18 2017 VERIFY X509NAME OK: CN=us-nj1.gw.ivpn.net
Mon Aug 14 21:50:18 2017 VERIFY OK: depth=0, CN=us-nj1.gw.ivpn.net
Mon Aug 14 21:50:18 2017 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Aug 14 21:50:18 2017 [us-nj1.gw.ivpn.net] Peer Connection Initiated with [AF_INET]209.222.19.250:2049
Mon Aug 14 21:50:19 2017 SENT CONTROL [us-nj1.gw.ivpn.net]: 'PUSH_REQUEST' (status=1)
Mon Aug 14 21:50:19 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,explicit-exit-notify 3,route-gateway 10.37.16.1,topology subnet,ping 10,ping-restart 60,dhcp-option DNS 10.37.16.1,ifconfig 10.37.16.45 255.255.252.0,peer-id 57,cipher AES-256-GCM'
Mon Aug 14 21:50:19 2017 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:2 is ignored by previous <connection> blocks 
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: timers and/or timeouts modified
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: --ifconfig/up options modified
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: route options modified
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: route-related options modified
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: peer-id set
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Aug 14 21:50:19 2017 OPTIONS IMPORT: data channel crypto options modified
Mon Aug 14 21:50:19 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Aug 14 21:50:19 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Aug 14 21:50:19 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Aug 14 21:50:19 2017 ROUTE_GATEWAY 10.0.1.1/255.255.255.0 IFACE=wlp3s0 HWADDR=00:24:d7:8d:4b:38
Mon Aug 14 21:50:19 2017 TUN/TAP device tun0 opened
Mon Aug 14 21:50:19 2017 TUN/TAP TX queue length set to 100
Mon Aug 14 21:50:19 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Aug 14 21:50:19 2017 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Aug 14 21:50:19 2017 /usr/bin/ip addr add dev tun0 10.37.16.45/22 broadcast 10.37.19.255
Mon Aug 14 21:50:19 2017 /etc/openvpn/update-resolv-conf tun0 1500 1553 10.37.16.45 255.255.252.0 init
which: no resolvconf in ((null))
dhcp-option DNS 10.37.16.1
/etc/openvpn/update-resolv-conf: line 58: -x: command not found
Mon Aug 14 21:50:19 2017 /usr/bin/ip route add 209.222.19.250/32 via 10.0.1.1
Mon Aug 14 21:50:19 2017 /usr/bin/ip route add 0.0.0.0/1 via 10.37.16.1
Mon Aug 14 21:50:19 2017 /usr/bin/ip route add 128.0.0.0/1 via 10.37.16.1
Mon Aug 14 21:50:19 2017 Initialization Sequence Completed

I immediately lose connection due to lack of DNS. (Pinging 8.8.8.8 or such works fine)

Note the line:

which: no resolvconf in ((null)) 

Which appears to be referencing the very first line in my /etc/openvpn/update-resolv-conf script:

RESOLVCONF=$(which resolvconf)

Changing this line to

RESOLVCONF=/usr/bin/resolvconf

solves the issue, it finds the binary, resolv.conf is updated normally, and DNS resolution resumes.

The question is, why is this suddenly necessary? It seems bizarre that which would suddenly start failing to find my resolvconf binary? I assume it's something to with my disabling of ipv6, in the openvpn log the line 'do_ifconfig, tt->did_ifconfig_ipv6_setup=0' seems new to me, wondering if that has anything to do with it. Just want to understand what is going on, appreciate any help.

Offline

#2 2017-08-15 02:06:51

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,463

Re: Why did my update-resolv-conf script stop working?

Where is this running from? If it's from a shell without a PATH set, `which resolvconf` would fail

Offline

#3 2017-08-15 02:10:27

extr
Member
Registered: 2016-09-23
Posts: 4

Re: Why did my update-resolv-conf script stop working?

I execute OpenVPN manually with a bash alias:

manualvpn() {
    #manually connect to openvpn must specify config file
    sudo openvpn --nobind --config /etc/openvpn/client/$1.conf
}
alias ivpn=manualvpn

But this hasn't ever caused an issue in the past and I've been using it for a good part of a year now.

Edit: Sure enough, adding

export PATH="/usr/bin"

solves the problem. So now the question is why the script needs to have the PATH explicitly set all of a sudden.

Last edited by extr (2017-08-15 02:18:24)

Offline

#4 2017-08-15 12:04:44

seth
Member
Registered: 2012-09-03
Posts: 49,977

Re: Why did my update-resolv-conf script stop working?

Also see

/etc/openvpn/update-resolv-conf: line 58: -x: command not found

What exactly does /etc/openvpn/update-resolv-conf look like?

Online

Board footer

Powered by FluxBB