Intermittent DNS Resolution Failure

Question

Intermittent DNS Resolution Failure

Daniel-Boll opened this issue 6 months ago · comments

Problem

Problem Overview

I encountered an issue while using the openfortivpn client, specifically version 1.17.1 sourced from the Arch User Repository (AUR) under the openfortivpn-git package. The core of the problem seemed to stem from an incompatibility with version 2.5.0 of the ppp package. To resolve this, I decided to manually compile the latest openfortivpn version from the GitHub repository and upgraded ppp to version 2.5.0. This process appeared to go smoothly, and I continued to initiate my VPN connection using the same command:

sudo openfortivpn -c config.vpn

Issue Encountered

Post-update, I faced a new challenge: the inability to resolve DNS queries from the host machine. Attempting to ping any internal DNS resulted in an error message:

ping: <internal>.com: Name or service not known

This suggested that there was an issue with DNS resolution post-VPN connection.

Temporary Solution and Recurring Problem

In an attempt to rectify this, I discovered the --pppd-use-peerdns flag and set it to 1. This change initially resolved the DNS resolution issue, allowing for normal operation. However, this solution proved to be temporary. After a certain period, the problem reemerged; DNS queries would fail again, displaying the same error. Interestingly, direct IP-based access to machines on the network remained functional, indicating that the issue was isolated to DNS resolution.

Versions

openfortivpn:   v1.21.0+git10.gde959f4
pppd:           2.5.0
OS:             Artix Linux (OpenRC) 6.6.7-artix1-1

Logs

Openfortivpn output

DEBUG:  openfortivpn 1.21.0
DEBUG:  revision v1.21.0+git10.gde959f4
DEBUG:  Loaded configuration file "config.vpn".
DEBUG:  Loaded password from configuration file "config.vpn"
DEBUG:  Configuration host = "<SERVER_HOST_REDACTED>"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "4434"
DEBUG:  Configuration username = "<USERNAME_REDACTED>"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing TLS connection
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: <SERVER_HOST_REDACTED>
DEBUG:  server_port: 4434
DEBUG:  gateway_ip: <SERVER_HOST_REDACTED>
DEBUG:  gateway_port: 4434
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Set SNI for TLS handshake: <SERVER_HOST_REDACTED>
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
DEBUG:  Cookie: SVPNCOOKIE=7w4BxpweDkm1czJTUdJBSmT+YgxmdX1CGCj4pOil5sQufWV8AYVSMMkI8qgMIi/h%0a0QLt+BISc5TmYUS9CLvBMAA1Al0CbR/wO+iF+vW5DUUwoS/cdZwrGdgLL2i8cr7h%0aRGSPtfWkF3YJJ1r/ElOKxf8byfE1pW3aCXAZQ5eO6edJ45IlwnWp2GZbyyBqQ+nV%0a
INFO:   Authenticated.
DEBUG:  Cookie: SVPNCOOKIE=7w4BxpweDkm1czJTUdJBSmT+YgxmdX1CGCj4pOil5sQufWV8AYVSMMkI8qgMIi/h%0a0QLt+BISc5TmYUS9CLvBMAA1Al0CbR/wO+iF+vW5DUUwoS/cdZwrGdgLL2i8cr7h%0aRGSPtfWkF3YJJ1r/ElOKxf8byfE1pW3aCXAZQ5eO6edJ45IlwnWp2GZbyyBqQ+nV%0a
INFO:   Remote gateway has allocated a VPN.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: <SERVER_HOST_REDACTED>
DEBUG:  server_port: 4434
DEBUG:  gateway_ip: <SERVER_HOST_REDACTED>
DEBUG:  gateway_port: 4434
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Set SNI for TLS handshake: <SERVER_HOST_REDACTED>
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
DEBUG:  Retrieving configuration
DEBUG:  Found dns server 192.168.10.2 in xml config
DEBUG:  Establishing the tunnel
DEBUG:  ppp_path: /usr/bin/pppd
DEBUG:  Switch to tunneling mode
DEBUG:  Starting IO through the tunnel
DEBUG:  pppd_read thread
DEBUG:  ssl_read thread
DEBUG:  ssl_write thread
DEBUG:  if_config thread
DEBUG:  pppd_write thread
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (16 bytes)
DEBUG:  pppd ---> gateway (10 bytes)
DEBUG:  pppd ---> gateway (17 bytes)
DEBUG:  pppd ---> gateway (30 bytes)
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  gateway ---> pppd (10 bytes)
DEBUG:  gateway ---> pppd (25 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
DEBUG:  pppd ---> gateway (24 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
DEBUG:  pppd ---> gateway (24 bytes)
DEBUG:  gateway ---> pppd (24 bytes)
INFO:   Got addresses: [<ADDRESS_REDACTED>], ns [192.168.10.2, 192.168.10.2]
INFO:   Negotiation complete.
DEBUG:  Got Address: <ADDRESS_REDACTED>
DEBUG:  if_config: not ready yet...
DEBUG:  Got Address: <ADDRESS_REDACTED>
DEBUG:  Interface Name: ppp0
DEBUG:  Interface Addr: <ADDRESS_REDACTED>
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
DEBUG:  ip route show to 0.0.0.0/0.0.0.0 dev !ppp0
DEBUG:  ip route show to <SERVER_HOST_REDACTED>/255.255.255.255 dev ppp0
DEBUG:  Removing wrong route to vpn server...
DEBUG:  ip route show to <SERVER_HOST_REDACTED>/255.255.255.255 dev ppp0
DEBUG:  ip route del to <SERVER_HOST_REDACTED>/255.255.255.255 dev ppp0
DEBUG:  ip route show to <SERVER_HOST_REDACTED>/255.255.255.255 dev !ppp0
DEBUG:  Setting route to vpn server...
DEBUG:  ip route show to <SERVER_HOST_REDACTED>/255.255.255.255 via 192.168.1.254 dev wlan0
DEBUG:  ip route add to <SERVER_HOST_REDACTED>/255.255.255.255 via 192.168.1.254 dev wlan0
DEBUG:  ip route add to 192.168.10.0/255.255.255.0 dev ppp0
DEBUG:  ip route add to 192.168.200.0/255.255.255.0 dev ppp0
DEBUG:  ip route add to <REDACTED>/255.255.255.255 dev ppp0
DEBUG:  ip route add to 10.255.47.0/255.255.255.0 dev ppp0
DEBUG:  ip route add to 192.168.5.0/255.255.255.0 dev ppp0
DEBUG:  ip route add to 10.131.0.0/255.255.255.0 dev ppp0
INFO:   Adding VPN nameservers...
DEBUG:  Attempting to modify /etc/resolv.conf directly.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.
INFO:   Tunnel is up and running.
DEBUG:  pppd ---> gateway (70 bytes)
DEBUG:  pppd ---> gateway (70 bytes)

ppp.log content

using channel 16
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0x5419654b>]
rcvd [LCP ConfReq id=0x1 <magic 0xeefa7f51>]
sent [LCP ConfAck id=0x1 <magic 0xeefa7f51>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0x5419654b>]
sent [LCP EchoReq id=0x0 magic=0x5419654b]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::14ef:d84f:b654:b79e>]
rcvd [IPCP ConfReq id=0x1 <addr [SERVER_HOST_REDACTED]>]
sent [IPCP ConfAck id=0x1 <addr [SERVER_HOST_REDACTED]>]
rcvd [LCP EchoRep id=0x0 magic=0xeefa7f51]
rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f 00 00]
Protocol-Reject for 'Compression Control Protocol' (0x80fd) received
rcvd [LCP ProtRej id=0x3 80 57 01 01 00 0e 01 0a 14 ef d8 4f b6 54 b7 9e 00 7b]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
sent [IPCP ConfReq id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
rcvd [IPCP ConfAck id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
Cannot determine ethernet address for proxy ARP
local  IP address [ADDRESS REDACTED]
remote IP address [SERVER_HOST_REDACTED]
primary   DNS address 192.168.10.2
secondary DNS address 192.168.10.2
Script /etc/ppp/ip-up started (pid 31817)
Script /etc/ppp/ip-up finished (pid 31817), status = 0x0
Hangup (SIGHUP)
Modem hangup
Connect time 0.1 minutes.
Sent 0 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 31891)
Connection terminated.
Script /etc/ppp/ip-down finished (pid 31891), status = 0x0
using channel 17
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0x198d604b>]
rcvd [LCP ConfReq id=0x1 <magic 0x7aee671e>]
sent [LCP ConfAck id=0x1 <magic 0x7aee671e>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0x198d604b>]
sent [LCP EchoReq id=0x0 magic=0x198d604b]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::14ce:bcf9:b647:1743>]
rcvd [IPCP ConfReq id=0x1 <addr [SERVER_HOST_REDACTED]>]
sent [IPCP ConfAck id=0x1 <addr [SERVER_HOST_REDACTED]>]
rcvd [LCP EchoRep id=0x0 magic=0x7aee671e]
rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f 00 00]
Protocol-Reject for 'Compression Control Protocol' (0x80fd) received
rcvd [LCP ProtRej id=0x3 80 57 01 01 00 0e 01 0a 14 ce bc f9 b6 47 17 43 00 7b]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
sent [IPCP ConfReq id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
rcvd [IPCP ConfAck id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
Cannot determine ethernet address for proxy ARP
local  IP address [ADDRESS REDACTED]
remote IP address [SERVER_HOST_REDACTED]
primary   DNS address 192.168.10.2
secondary DNS address 192.168.10.2
Script /etc/ppp/ip-up started (pid 32207)
Script /etc/ppp/ip-up finished (pid 32207), status = 0x0

After a while in the openfortivpn logs I get the following:

openfortivpn output after a while

using channel 16
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0x5419654b>]
rcvd [LCP ConfReq id=0x1 <magic 0xeefa7f51>]
sent [LCP ConfAck id=0x1 <magic 0xeefa7f51>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0x5419654b>]
sent [LCP EchoReq id=0x0 magic=0x5419654b]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::14ef:d84f:b654:b79e>]
rcvd [IPCP ConfReq id=0x1 <addr [SERVER_HOST_REDACTED]>]
sent [IPCP ConfAck id=0x1 <addr [SERVER_HOST_REDACTED]>]
rcvd [LCP EchoRep id=0x0 magic=0xeefa7f51]
rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f 00 00]
Protocol-Reject for 'Compression Control Protocol' (0x80fd) received
rcvd [LCP ProtRej id=0x3 80 57 01 01 00 0e 01 0a 14 ef d8 4f b6 54 b7 9e 00 7b]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
sent [IPCP ConfReq id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
rcvd [IPCP ConfAck id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
Cannot determine ethernet address for proxy ARP
local  IP address [ADDRESS REDACTED]
remote IP address [SERVER_HOST_REDACTED]
primary   DNS address 192.168.10.2
secondary DNS address 192.168.10.2
Script /etc/ppp/ip-up started (pid 31817)
Script /etc/ppp/ip-up finished (pid 31817), status = 0x0
Hangup (SIGHUP)
Modem hangup
Connect time 0.1 minutes.
Sent 0 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 31891)
Connection terminated.
Script /etc/ppp/ip-down finished (pid 31891), status = 0x0
using channel 17
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0x198d604b>]
rcvd [LCP ConfReq id=0x1 <magic 0x7aee671e>]
sent [LCP ConfAck id=0x1 <magic 0x7aee671e>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0x198d604b>]
sent [LCP EchoReq id=0x0 magic=0x198d604b]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::14ce:bcf9:b647:1743>]
rcvd [IPCP ConfReq id=0x1 <addr [SERVER_HOST_REDACTED]>]
sent [IPCP ConfAck id=0x1 <addr [SERVER_HOST_REDACTED]>]
rcvd [LCP EchoRep id=0x0 magic=0x7aee671e]
rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f 00 00]
Protocol-Reject for 'Compression Control Protocol' (0x80fd) received
rcvd [LCP ProtRej id=0x3 80 57 01 01 00 0e 01 0a 14 ce bc f9 b6 47 17 43 00 7b]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
sent [IPCP ConfReq id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
rcvd [IPCP ConfAck id=0x3 <addr [ADDRESS REDACTED]> <ms-dns1 192.168.10.2> <ms-dns2 192.168.10.2>]
Cannot determine ethernet address for proxy ARP
local  IP address [ADDRESS REDACTED]
remote IP address [SERVER_HOST_REDACTED]
primary   DNS address 192.168.10.2
secondary DNS address 192.168.10.2
Script /etc/ppp/ip-up started (pid 32207)
Script /etc/ppp/ip-up finished (pid 32207), status = 0x0

Best Regards,
Daniel Boll. 🎴

Dimitri Papadopoulos Orfanos · Answer 1 · Thu Dec 21 2023 02:50:36 GMT+0800 (China Standard Time)

I don't know much about Artix Linux. I guess it is not based on systemd. More importantly, I have no clue how it manages name resolution. My guess is that something like NetworkManager overwrites attempts by openfortivpn or pppd to modify those settings. Please monitor changes of /etc/.resolv.conf. Do they coincide with openfortivpn initialisation, and later with your DNS problems?

You can force the DNS server when running **dig**, thus bypassing any DNS server set in /etc/resolv.conf. Just for testing (that's not a workaround) try the following, where 192.168.10.2 is the IP address of your DNS server:

dig +short @192.168.10.2 <internal>.com

Dimitri Papadopoulos Orfanos · Answer 2 · Thu Dec 21 2023 02:56:59 GMT+0800 (China Standard Time)

However, the above does not explain why it worked with 1.17.1, but not with 1.21. Perhaps that's more related to the version of pppd than the version of openfortivpn. Said otherwise, if you let pppd handle DNS settings, perhaps pppd < 2.5.0 used to handle that as expected (by us), whereas pppd ≥ 2.5.0 has issues.

Daniel Boll · Answer 3 · Thu Dec 21 2023 03:06:23 GMT+0800 (China Standard Time)

I kept checking /etc/resolv.conf as you suggested and nothing has changed at all time.

I ran watch cat /etc/resolv.conf and then the usual openfortivpn command, although it logs:

DEBUG:  Attempting to modify /etc/resolv.conf directly.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.

Nothing is really added

Daniel Boll · Answer 4 · Thu Dec 21 2023 03:08:05 GMT+0800 (China Standard Time)

Dig forcing the DNS server worked, but so does everything at the begging, I will let the VPN run for a while and when I can no longer access the DNS by normal means I will try the dig command again to check.

Daniel Boll · Answer 5 · Thu Dec 21 2023 03:18:56 GMT+0800 (China Standard Time)

@DimitriPapadopoulos apparently it was the gateway, I changed gateways and it worked:

> cat /etc/resolv.conf
nameserver 192.168.10.2
nameserver 192.168.10.2

I think there may be a configuration that does not apply the changes in resolv.conf; If I had the gateway configurations I would provide to enlighten you guys in a possible problem, but as of now I don't have it. I will try to get it, but I think this issue can be closed for now.

Thank you very much for the help.
Best Regards,
Daniel Boll. 🎴

Dimitri Papadopoulos Orfanos · Answer 6 · Thu Dec 21 2023 03:30:01 GMT+0800 (China Standard Time)

There are 3 possibilities:

openfortivpn modifies /etc/resolv.conf
openfortivpn call resolvconf to handle DNS settings
pppd takes over

Option --pppd-use-peerdns triggers case 3, but then that would be a pppd issue, it would not be an openfortivpn issue, would it?

Case 1 works for legacy Linux distributions, and may work for more recent Linux distributions, although modifying /etc/resolv.conf really should be avoided.

Case 2 is supposed to be the best option, but then it depends on resolvconf being available and doing the right thing.

Dimitri Papadopoulos Orfanos · Answer 7 · Thu Dec 21 2023 03:32:33 GMT+0800 (China Standard Time)

This tells me you're in case 1:

DEBUG:  Attempting to modify /etc/resolv.conf directly.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.

Is resolvconf installed?

Daniel Boll · Answer 8 · Thu Dec 21 2023 03:34:22 GMT+0800 (China Standard Time)

This tells me you're in case 1:

DEBUG:  Attempting to modify /etc/resolv.conf directly.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.
DEBUG:  Adding "nameserver 192.168.10.2", to /etc/resolv.conf.

Is resolvconf installed?

No, I was searching how to modify resolv.conf and stumbled upon resolvconf, didn't installed it before trying to modify the gateway, which in turn worked.

Daniel Boll · Answer 9 · Thu Dec 21 2023 03:46:45 GMT+0800 (China Standard Time)

Because mainly resolvconf is made for systemd, I am not sure if I can use it

Dimitri Papadopoulos Orfanos · Answer 10 · Thu Dec 21 2023 04:03:42 GMT+0800 (China Standard Time)

I don't think resolvconf is made for systemd. You've probably got the wrong one, this is the one I was referring to.

Daniel Boll · Answer 11 · Thu Dec 21 2023 04:58:11 GMT+0800 (China Standard Time)

Oh, I see, I will test with this one. I am running only: sudo openfortivpn -c config.vpn -v

Daniel Boll · Answer 12 · Sat Dec 23 2023 05:03:03 GMT+0800 (China Standard Time)

Everything seems good, test very thoroughly today. I will be closing the issue, openresolv really solved the matter. Thank you very much.