# [Solved] NetworkManager overwrites resolv.conf for OpenVpn

## Langest

I have problems with DNS leakage because network manager overwrites resolv.conf for openvpn. Searchin I found out about openresolv when reading through the arch wiki and it seems like it has solved similar problems for other people as well. But I think I am using it wrong or it just don't work.

When booting it seems like there is a race for resolv.conf and sometimes openvpn sets the dns server I want and sometimes NetworkManager sets its dns server. I don't think either of them actually uses openresolv, because resolv.conf says in its comment that it is generated by either nm or openvpn.

Any idea what might be wrong?

Thank you!

LangestLast edited by Langest on Wed Jan 31, 2018 8:43 pm; edited 3 times in total

----------

## soitgoes0745

Have you attempted to create a /etc/resolv.conf.head file with your VPNs DNS servers? This will prepend these nameservers to resolv.conf.

----------

## Langest

 *soitgoes0745 wrote:*   

> Have you attempted to create a /etc/resolv.conf.head file with your VPNs DNS servers? This will prepend these nameservers to resolv.conf.

 

That did the trick!

Didn't solve the issue with the race condition but that doesn't matter if I can prepend my own servers.

Thank you!

----------

## soitgoes0745

You are welcome.

----------

## Langest

Sorry, I thought it worked but it turns out that is only works when openvpn is last to modify resolv.conf. When nm generates it, it doesn't care about the resolv.conf.head.

Could it be that nm doesn't use openresolv to generate the resolv.conf? OpenVpn leaves a comment

```
# Generated by resolvconf

```

while NetworkManager leaves a comment 

```
# Generated by NetworkManager
```

----------

## soitgoes0745

I don’t use NetworkManager but I was reading the ArchWiki in regards to your issue and it was suggested that you could make resolv.conf immutable by:

```

# chattr +i /etc/resolv.conf

```

In my opinion this seems like a hack and could create issues outside of your usual network, but I am no network guru.

----------

## n05ph3r42

RTFM

create file

```
 /etc/NetworkManager/NetworkManager.conf
```

if it not exists.

put into it next lines:

```
[main]

dns=none

rc-manager=unmanaged

```

also check  https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.htmlLast edited by n05ph3r42 on Sun Jan 28, 2018 9:38 pm; edited 2 times in total

----------

## UberLord

Ensure that NetworkManager has the resovlconf USE flag.

----------

## n05ph3r42

 *UberLord wrote:*   

> Ensure that NetworkManager has the resovlconf USE flag.

 

On my system I have  - -resolvconf and solution I specified works. 

I mean, no need in resolvconf flag for networkmanager, if u specify "dns=none" in NM conf, as i described earlier.

```
# equery u networkmanager

[ Legend : U - final flag setting for installation]

[        : I - package is installed with flag     ]

[ Colors : set, unset                             ]

 * Found these USE flags for net-misc/networkmanager-1.8.4:

 U I

 - - abi_x86_32         : 32-bit (x86) libraries

 - - audit              : Enable support for Linux audit subsystem using sys-process/audit

 + + bluetooth          : Enable Bluetooth Support

 - - connection-sharing : Use net-dns/dnsmasq and net-firewall/iptables for connection sharing

 + + consolekit         : Use sys-auth/consolekit for session tracking

 + + dhclient           : Use dhclient from net-misc/dhcp for getting ip

 - - dhcpcd             : Use net-misc/dhcpcd for getting ip

 - - gnutls             : Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)

 + + introspection      : Add support for GObject based introspection

 - - json               : Enable JSON validation via dev-libs/jansson in libnm.

 + + modemmanager       : Enable support for mobile broadband devices using net-misc/modemmanager

 + + ncurses            : Add ncurses support (console display library)

 + + nss                : Use dev-libs/nss for cryptography

 - - ofono              : Use net-misc/ofono for telephony support.

 + + policykit          : Enable PolicyKit authentication support

 + + ppp                : Enable support for mobile broadband and PPPoE connections using net-dialup/ppp

 - - resolvconf         : Use net-dns/openresolv for managing DNS information

 - - systemd            : Enable use of systemd-specific libraries and features like socket activation or session tracking

 - - teamd              : Enable Teamd control support

 - - test               : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore

 - - vala               : Enable bindings for dev-lang/vala

 + + wext               : Enable support for the deprecated Wext (Wireless Extensions) API; needed for some older drivers (e.g. ipw2200, ndiswrapper)

 + + wifi               : Enable support for wifi and 802.1x security using net-wireless/wpa_supplicant
```

----------

## UberLord

That might still work.

A perusal of the sources indicates that without the resolvconf path specified it will default to /sbin/resolvconf which is where it's installed for most systems.

The config might also need rc-manager=resolvconf

http://manpages.ubuntu.com/manpages/zesty/man5/NetworkManager.conf.5.html

----------

## n05ph3r42

 *UberLord wrote:*   

> That might still work.
> 
> A perusal of the sources indicates that without the resolvconf path specified it will default to /sbin/resolvconf which is where it's installed for most systems.
> 
> The config might also need rc-manager=resolvconf
> ...

 

Due to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html

In my case, it should be 

```
rc-manager=unmanaged
```

otherwise /etc/resolv.conf will be cleared (and empty) after reboot.

So its a good idea to add it to NM conf

----------

## Langest

 *n05ph3r42 wrote:*   

> RTFM
> 
> create file
> 
> ```
> ...

 

Thank you!

That did the trick.

----------

