resolvconf overwritten

Support
#1

I’m trying to make User > Tor > VPN > Internet
After I installed resolvconf

My /etc/resolv.conf it’s overwritten every time. I tried to sudo chattr +i /etc/resolv.conf but I get error

chattr: Operation not supported while reading flags on /etc/resolv.conf

Because resolv.conf is link
/etc/resolv.conf -> ../run/resolvconf/resolv.conf

I found some solutions on internet there say I need to
apt autoremove resolvconf
unlink /etc/resolv.conf
But I’m not sure if I should.

Second question: What dns I should use ?
Here it types Connecting to Tor before a VPN

nameserver 10.5.0.1

but here

## Riseup.net OpenVPN DNS server
nameserver 172.27.100.1

and on riseup website they don’t edit /etc/resolv.conf instead of that they
Download [this script for updating the resolver](https://riseup.net/vpn/vpn-red/update-resolv.conf) and place it in /etc/openvpn/update-resolv.conf

Also riseup use riseup.ovpn file for configurations, whonix docs use riseup.conf or there is no difference ?

#2

Hi Mageya

These instructions work if they are followed exactly as written. It’s likely a mistake was made.

What dns I should use ?

Use your providers dns server

Follow the instructions exactly as written. Some of the provider specific information will need to be added by you.

You have a riseup account, correct?

Edit:

Recommend:

I would start from the beginning to make sure no mistakes were made. If you edited any files other than what is your instructed to do, go back and revert those edits. Make sure to follow only the Whonix instructions for resolvconf. Do use the riseup.conf folder as instructed. Remember those configurations were taken from riseup.ovpn and added to that file.

2 Likes
#3

I use riseup. Whonix docs have 2 docs for connecting to Tor before a VPN. and in one doc it says you should use nameserver 10.5.0.1 Connecting to Tor before a VPN
And second doc VPN Tunnel Setup Examples says you need to use
## Riseup.net OpenVPN DNS server
nameserver 172.27.100.1

What dns I should use 172.27.100.1 or 10.5.0.1 ?

Yes

Do you know what I can make to edit resolvconf ? It keep overwriting. I edit it and save and when I open it again after I start vpn it’s empty, it have default settings and I cant chattr it.

#4

172.27.100.1

Do you have the proper permissions for resolvconf?

https://whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#DNS_Configuration_2

2 Likes
#5 
ls -al /run/resolvconf
total 4
drwxrwxr-x  3 root tunnel 100 date and time .
drwxr-xr-x 33 root root   860 date and time ..
-rw-r--r--  1 root root     0 date and time enable-updates
drwxrwxr-x  2 root tunnel  40 date and time interface
-rw-r--r--  1 root root   151 date and time resolv.conf

ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 31 date and time /etc/resolv.conf -> /etc/resolvconf/run/resolv.conf

#6

Looks like you did not run this command…?

sudo chown --recursive root:tunnel /run/resolvconf
1 Like
#7

I run sudo chown --recursive root:tunnel /run/resolvconf
and
sudo chmod --recursive 775 /run/resolvconf

and I get this
total 4
drwxrwxr-x 3 root tunnel 100 date and time .
drwxr-xr-x 33 root root 860 date and time …
-rwxrwxr-x 1 root tunnel 0 date and time enable-updates
drwxrwxr-x 2 root tunnel 40 date and time interface
-rwxrwxr-x 1 root tunnel 151 date and time resolv.conf

but after few second or reboot all is OVERWRITTEN flags and file resolv.conf
and I get this again

ls -al /run/resolvconf
total 4
drwxrwxr-x  3 root tunnel 100 date and time .
drwxr-xr-x 33 root root   860 date and time ..
-rw-r--r--  1 root root     0 date and time enable-updates
drwxrwxr-x  2 root tunnel  40 date and time interface
-rw-r--r--  1 root root   151 date and time resolv.conf

and I cant chattr
chattr: Operation not supported while reading flags on /etc/resolv.conf

here is cat for resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND – YOUR CHANGES WILL BE OVERWRITTEN

#8

What I should do ?

Should I try this ?

#9

Hi Mageya

Could you try:

sudo chattr +i /etc/resolvconf/run/resolv.conf

Try restarting both VPN and Tor. Does that help?

If not, you can unset:

sudo chattr -i /etc/resolvconf/run/resolv.conf

2 Likes
#10

I get this
A: chattr: Inappropriate ioctl for device while reading flags on /etc/resolvconf/run/resolv.conf

But I found other solution
I rm /etc/resolv.conf and then create again resolv.conf and chattr it. Now it do not get overwritten

But I can’t connect to VPN
date and time host sudo[1468]: pam_unix(sudo:session): session opened for user root by (uid=0)
date and time host sudo[1468]: date and time TUN/TAP device tun0 opened
date and timehost ovpn-openvpn[1477]: WARNING: file ‘auth.txt’ is group or others accessible
date and time host ovpn-openvpn[1477]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] bu
date and time host ovpn-openvpn[1477]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
date and time host systemd[1]: openvpn@openvpn.service: PID file /run/openvpn/openvpn.pid not readable (yet?) after start: No such file or d
date and time host ovpn-openvpn[1480]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
date and time host systemd[1]: Started OpenVPN connection to openvpn.
date and time host ovpn-openvpn[1480]: TCP/UDP: Preserving recently used remote address: [AF_INET]198.252.153.226:80
date and time host ovpn-openvpn[1480]: Attempting to establish TCP connection with [AF_INET]198.252.153.226:80 [nonblock]

I think that’s because I have whonix date and time synchronization error
Whonix GW and WS have different clock(like 5 min difference). How can I check if Whonix GW have internet and it’s working on Tor ?
Is there I way to check if Tor is working on WS without removing all the settings that I set for VPN ?

#11

Try:

https://whonix.org/wiki/Troubleshooting#Clock_Fix

Be sure to:

sudo chown --recursive root:tunnel /run/resolvconf

sudo chmod --recursive 775 /run/resolvconf

1 Like