So I’ve been playing around with some Raspberry Pi 4’s and on one of them I’ve been using the ARM version of the ExpressVPN client.
What I noticed is that while connected to the VPN I could no longer DNS resolve the names of internal network resources via the DNS server on my router or my internal LAN-based DNS resolving server.
Routing was all fine so it wasn’t to do with the VPN tunnel itself.
Stranger still was that disconnecting the client did not resolve the issue; only a reboot seemed to fix things.
Note that I have configured the client to not use their DNS servers in the first place!!
expressvpn preferences set force_vpn_dns off
Detective-mode: enabled
So I dutifully had a look at my /etc/resolv.conf file and guess what I found?
luis@tor1:~ $ cat /etc/resolv.conf
# Generated by expressvpn
search expressvpn
nameserver 10.96.0.1
This makes a little sense since the client, like many others, has a so-called DNS-leak prevention system and so the client is doing here is making sure that your DNS queries can’t get picked up by a third-party (except them of course!). it not honouring the setting to turn it off is another problem….
However, when I disconnect the client then the file stays exactly the same!
It should have reverted to my default/original settings.
Incidentally, my DNS client settings are being managed from:
“/etc/dhcpcd.conf” with a static domain_name_server directive.
A bit more digging and I discovered that there was a symbolic link between a resolv.conf file in the Express VPN directory and “/etc/resolv.conf”
luis@tor1:~ $ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 31 Sep 23 20:58 /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf
So I decided to have a looked at this directory with the VPN disconnected:
luis@tor1:~ $ ls -l /var/lib/expressvpn/
total 124
drwxr-xr-x 2 root root 4096 Sep 18 23:26 certs
drwx—— 2 root root 4096 Sep 23 21:45 data
drwxr-xr-x 2 root root 4096 Sep 18 23:29 icons
-rw-r–r– 1 root root 106 Sep 23 21:38 resolv.conf
-rw——- 1 root root 102764 Sep 23 21:35 userdata2.dat
The linked file (bold) won’t be very interesting at first because it’s supposed to be in sync but something very interesting happens when the VPN client initiates the connection:
luis@tor1:~ $ ls -l /var/lib/expressvpn/
total 132
drwxr-xr-x 2 root root 4096 Sep 18 23:26 certs
-rw——- 1 root root 32 Sep 23 21:51 config.pass
-rw——- 1 root root 50 Sep 23 21:51 credentials
drwx—— 2 root root 4096 Sep 23 21:51 data
drwxr-xr-x 2 root root 4096 Sep 18 23:29 icons
-rw-r–r– 1 root root 65 Sep 23 21:51 resolv.conf
lrwxrwxrwx 1 root root 31 Sep 23 20:58 resolv.conf.orig -> /var/lib/expressvpn/resolv.conf
-rw——- 1 root root 102764 Sep 23 21:51 userdata2.dat
Here we can see (bold emphasis added) that a soft-link has been created where:
There is an obvious problem with this:
So what do you do about it?
sudo resolvconf -u
sudo systemctl restart systemd-resolved.service