You are not logged in.
- Topics: Active | Unanswered
#1 2024-11-08 19:46:32
- voxell
- Member
- Registered: 2024-11-01
- Posts: 54
Is update-systemd-resolved needed when systemd-resolved not used?
https://wiki.archlinux.org/title/Proton … nVPN_setup
This wiki page on how to set up ProtonVPN to work with OpenVPN talks about how I have to install this script in order for all my traffic to go through the VPN, however, as long as I am aware, there is no systemd-resolved running or installed on my system:
eurydice@serene vpn]$ systemctl --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
alsa-restore.service loaded active exited Save/Restore Sound Card State
dbus-broker.service loaded active running D-Bus System Message Bus
kmod-static-nodes.service loaded active exited Create List of Static Device Nodes
ldconfig.service loaded active exited Rebuild Dynamic Linker Cache
NetworkManager.service loaded active running Network Manager
sddm.service loaded active running Simple Desktop Display Manager
systemd-backlight@backlight:amdgpu_bl1.service loaded active exited Load/Save Screen Backlight Brightness of backlight:amdgpu_bl1
systemd-backlight@leds:platform::kbd_backlight.service loaded active exited Load/Save Screen Backlight Brightness of leds:platform::kbd_backlight
systemd-fsck-root.service loaded active exited File System Check on Root Device
systemd-journal-catalog-update.service loaded active exited Rebuild Journal Catalog
systemd-journal-flush.service loaded active exited Flush Journal to Persistent Storage
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running User Login Management
systemd-modules-load.service loaded active exited Load Kernel Modules
systemd-random-seed.service loaded active exited Load/Save OS Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-sysusers.service loaded active exited Create System Users
systemd-tmpfiles-setup-dev-early.service loaded active exited Create Static Device Nodes in /dev gracefully
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service loaded active exited Create System Files and Directories
systemd-udev-load-credentials.service loaded active exited Load udev Rules from Credentials
systemd-udev-trigger.service loaded active exited Coldplug All udev Devices
systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files
systemd-update-done.service loaded active exited Update is Completed
systemd-update-utmp.service loaded active exited Record System Boot/Shutdown in UTMP
systemd-user-sessions.service loaded active exited Permit User Sessions
systemd-userdbd.service loaded active running User Database Manager
systemd-vconsole-setup.service loaded active exited Virtual Console Setup
user-runtime-dir@1000.service loaded active exited User Runtime Directory /run/user/1000
user@1000.service loaded active running User Manager for UID 1000
wpa_supplicant.service loaded active running WPA supplicant
Legend: LOAD → Reflects whether the unit definition was properly loaded.
ACTIVE → The high-level unit activation state, i.e. generalization of SUB.
SUB → The low-level unit activation state, values depend on unit type.
32 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.Am I still required to install it? I've had issues with my networking setup when I installed something other than NetworkManager (see my post history), so I am skeptical.
Although I am skeptical, OpenVPN complains about a update-resolv-conf script missing:
[eurydice@serene tcp]$ sudo openvpn us-free-104094.protonvpn.tcp.ovpn
[sudo] password for eurydice:
Options error: --up script fails with '/etc/openvpn/update-resolv-conf': No such file or directory (errno=2)
Options error: Please correct this error.
Use --help for more information.here's how the .ovpn file looks like with redacted keys:
# ==============================================================================
# Copyright (c) 2023 Proton AG (Switzerland)
# Email: contact@protonvpn.com
#
# The MIT License (MIT)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# ==============================================================================
# The server you are connecting to is using a circuit in order to separate entry IP from exit IP
# The same entry IP allows to connect to multiple exit IPs in the same data center.
# If you want to explicitly select the exit IP corresponding to server US-FREE#94 you need to
# append a special suffix to your OpenVPN username.
# Please use "REDACTED" in order to enforce exiting through US-FREE#94.
# If you are a paying user you can also enable the ProtonVPN ad blocker (NetShield) or Moderate NAT:
# Use: "REDACTED" to enable anti-malware filtering
# Use: "REDACTED" to additionally enable ad-blocking filtering
# Use: "REDACTED" to enable Moderate NAT
# Note that you can combine the "+nr" suffix with other suffixes.
client
dev tun
proto tcp
remote REDACTED 443
remote REDACTED 7770
remote REDACTED 8443
remote-random
resolv-retry infinite
nobind
cipher AES-256-GCM
setenv CLIENT_CERT 0
tun-mtu 1500
mssfix 0
persist-key
persist-tun
reneg-sec 0
remote-cert-tls server
auth-user-pass
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
</ca>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
REDACTED
-----END OpenVPN Static key V1-----
</tls-crypt>
auth-user-pass ~/vpn/cred.protonvpnLast edited by voxell (2024-11-08 20:04:29)
i use arch (since Nov 1, 2024) btw
Offline
#2 2024-11-08 20:31:07
- -thc
- Member
- Registered: 2017-03-15
- Posts: 771
Re: Is update-systemd-resolved needed when systemd-resolved not used?
First; systemd-resolved is part of the systemd package and installed on your system - it's just disabled and thus excluded from your query. Try
systemctl status systemd-resolvedIt's status should be disabled and inactive.
Second: No, you don't need "update-systemd-resolved" - because (in your case) it's pointless.
Third: The OpenVPN binary may try on connect (either via local config or pushed by the server) to change the DNS servers - how should OpenVPN do this on it's own if it's not called by a network management software?
In your case it tries to execute "/etc/openvpn/update-resolv-conf" (which in turn uses "resolvconf")
up /etc/openvpn/update-resolv-confThis script may be provided by the linux distro (but not by Arch).
If you want to use OpenVPN without systemd-resolved or network management you need the package "resolvconf" "openresolv" and a working script like https://github.com/alfredopalhares/open … esolv-conf
And you have to tell NetworkManager to expect this:
# /etc/NetworkManager/conf.d/rc-manager.conf
[main]
rc-manager=resolvconfLast edited by -thc (2024-11-08 20:46:20)
Offline