Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS Resolution Failure OpenRC #1396

Open
glad2rest opened this issue Feb 3, 2025 · 1 comment
Open

DNS Resolution Failure OpenRC #1396

glad2rest opened this issue Feb 3, 2025 · 1 comment

Comments

@glad2rest
Copy link

When enabling AmneziaVPN using OpenRC, DNS resolution fails for all domain names. This issue prevents any DNS queries from being resolved while the VPN is active. The problem can be temporarily resolved by flushing the amnvpn.a.310.blockDNS chain using the command:

iptables -F amnvpn.a.310.blockDNS

However, this is not a permanent solution and needs to be applied every time the VPN is enabled.

To Reproduce start the AmneziaVPN service using OpenRC:

rc-service amnezia start

Open AmneziaVPN client and press "Connect" button.

Attempt to resolve any domain name, for example:

> curl icanhazip.com
curl: (6) Could not resolve host: icanhazip.com

My openrc service:

#!/sbin/openrc-run

# Copyright 2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# iptables -F amnvpn.a.310.blockDNS 


name="AmneziaVPN daemon"
description="AmneziaVPN Service"
pidfile="/run/amneziavpn-service.pid"
output_log="/var/log/amneziavpn.log"
error_log="/var/log/amneziavpn.log"

depend() { 
  need net
}
start_pre() {
  checkpath --directory --owner root:root --mode 0755 /var/log
  checkpath --file --owner root:root --mode 0644 /var/log/amneziavpn.log
}
start() {
    ebegin "Starting AmneziaVPN Service"
    export LD_LIBRARY_PATH=/opt/AmneziaVPN/client/lib
    start-stop-daemon --start --background --make-pidfile --pidfile "$pidfile" --exec /opt/AmneziaVPN/service/AmneziaVPN-service.sh
    eend $?
}
stop() {
    ebegin "Stopping AmneziaVPN Service"
    start-stop-daemon --stop --pidfile "$pidfile"
    pkill -f [A]mneziaVPN-service
    eend $?
}

Expected behavior:
DNS resolution should work correctly when AmneziaVPN is enabled.

Screenshots:

  • /etc/resolv.conf
    resolv

Very doubtful workaround is to add a start_post() block that will parse iptables and erase blockDNS record in the infinite loop:

start_post() {
  ebegin "Checking iptables rules"
  {
    while true; do
      if iptables -L -n | grep -Pq 'amnvpn.a.310.blockDNS\s+all'; then
        iptables -F amnvpn.a.310.blockDNS
        break
      fi
      sleep 1
    done
  } &
  eend $?
}

Any suggestions to resolve this issue? Thank you.
@NatOwlley
Copy link

Same on Arch Linux
Linux 6.13.2-arch1-1 x86_64
AmneziaVPN version 4.8.3.1 956dd6e
Thanks for the workaround, it worked when I deleted amnvpn.a.310.blockDNS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@glad2rest @NatOwlley