[Swan] DHCP overwrites resolv.conf

Paul Wouters paul at nohats.ca
Tue Jan 19 16:28:26 UTC 2021

On Mon, 18 Jan 2021, Ian Willis wrote:

> I'm currently using centos8 for some mobile users.
> The setup is relies on the fact that ipsec starts on boot and connects to a remote freeipa server allowing kerberos auth for login and DNS.
> The ipsec setup uses a rsa keys for host auth.
> It works reasonably well except that when the dhcp lease expires network manager overwrites /etc/resol.conf. What is the best way to manage this situation.
> As a kludge I've set ipsec to restart every 5 minutes via a cron job which works some of the time.
> Any thoughts appreciated.

libreswan needs to extend support to notify network manager of the DNS
update, then it should no longer conflict. It's on my todo list, but
I haven't yet had the time to do this.

[patches welcome, see /usr/libexec/ipsec/_updown.xfrm]


More information about the Swan mailing list