You are not logged in.

#1 2025-06-29 16:05:15

gary8588
Member
Registered: 2022-08-09
Posts: 31

[SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

Hello, anyone else running into this problem?

I updated my system today and pacman also updated openresolv:

[2025-06-29T14:52:27+0200] [ALPM] upgraded openresolv (3.16.5-1 -> 3.17.0-1)

I usually start my wireguard tunnel with the wg-quick command but today I received this error:

$ wg-quick up wg131 
[#] ip link add dev wg131 type wireguard
[#] wg setconf wg131 /dev/fd/63
[#] ip -4 address add 192.168.0.4/32 dev wg131
[#] ip link set mtu 1420 up dev wg131
[#] resolvconf -a wg131 -m 0 -x
resolvconf: signature mismatch: /etc/resolv.conf
resolvconf: run `resolvconf -u` to update
[#] ip link delete dev wg131

At this stage /etc/resolv.conf contained the following lines

$ cat /etc/resolv.conf
# Generated by NetworkManager
search fritz.box
nameserver 127.0.0.1
options edns0 trust-ad

I ran "resolvconf -u" like mentioned in the error message and this changed resolv.conf to this:

# Generated by resolvconf
nameserver 10.0.0.131

afterwards I could "wg-quick up" the tunnel however when stopping the tunnel I again received the same error message:

wg-quick down wg131 
[#] ip link delete dev wg131
[#] resolvconf -d wg131 -f
resolvconf: signature mismatch: /etc/resolv.conf
resolvconf: run `resolvconf -u` to update

and the content of resolv.conf changed back to:

# Generated by NetworkManager
search fritz.box
nameserver 127.0.0.1
options edns0 trust-ad

Next I tried to downgrade openresolv to the previous version and this fixed the issue.

[2025-06-29T17:21:10+0200] [ALPM] downgraded openresolv (3.17.0-1 -> 3.16.5-1)

Altough resolv.conf gets changed when starting or stopping the tunnel with the downgraded openresolv package, no error messages and the tunnel works fine. Is NetworkManager supposed to write into resolv.conf even if I have dns=dnsmasq in a networkmanager conf file? I set it up ages ago and up until now everything worked fine. Should I file a bug report to openresolv or is this a setup/config issue on my end?

Thanks,

Edit: Oh, I found the offending commit: "libc: Don't update resolv.conf on signature mismatch" https://github.com/NetworkConfiguration … 2814cf2499

2nd Edit: Seems to be that "NetworkManager needs to be built with resolvconf support" according to the maintainer on this github issue

What should be the correct action to do here?

Last edited by gary8588 (2025-06-30 16:00:02)

Offline

#2 2025-06-29 21:32:05

j_marinaro
Member
Registered: 2023-10-31
Posts: 1

Re: [SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

I confirm exactly the same errors as you.

Offline

#3 2025-06-30 08:22:31

BuZZ-dEE
Member
Registered: 2015-10-14
Posts: 9

Re: [SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

I also get:

resolvconf: signature mismatch: /etc/resolv.conf
resolvconf: run `resolvconf -u` to update

using OpenConnect with GlobalProtect with the command:

sudo openconnect {VPN} --protocol=gp --user={USER} --csd-wrapper=/lib/openconnect/hipreport.sh

Last edited by BuZZ-dEE (2025-06-30 08:25:06)

Offline

#4 2025-06-30 08:38:38

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 13,993

Re: [SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

According to archlinux-general ML thread this is due to a change in openresolv .


See https://gitlab.archlinux.org/archlinux/ … -/issues/2


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

#5 2025-06-30 11:25:42

r0b0t
Member
From: /tmp
Registered: 2009-05-24
Posts: 510

Re: [SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

Can confirm the same issue, the funny thing is that in my case they are complaining just because of the header as in both cases resolv.conf points to 127.0.0.1 but sometimes is generated by Network manager and others by resolvconf depending on which tool run last.

# Generated by NetworkManager
nameserver 127.0.0.1
# Generated by resolvconf
nameserver 127.0.0.1

#Solution
Add this file in conf.d of networkmanager

cat /etc/NetworkManager/conf.d/rc-manager.conf 
[main]
rc-manager=resolvconf

Regenerate the config with resolvconf -u

Reboot the system

Last edited by r0b0t (2025-06-30 11:32:43)

Offline

#6 2025-06-30 15:58:44

gary8588
Member
Registered: 2022-08-09
Posts: 31

Re: [SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

Yep that fixed it! Thanks all

Offline

#7 2025-07-06 15:50:58

wnaBee
Member
Registered: 2021-06-19
Posts: 13

Re: [SOLVED] wireguard: resolvconf: signature mismatch /etc/resolv.conf

Apologies for posting in a [SOLVED] thread, but for posterity a far simpler solution is just removing the

DNS=

entry from the wireguard interface configuration file.
For me this solves the problem and checking that the correct DNS-server is used using

traceroute archlinux.org

no DNS-leaks occur even after a machine restart.


I know nothing.

Offline

Board footer

Powered by FluxBB