Ipsec (strongswan) vpn not working properly with ubuntu 19.04 as client?

Question

i have build a vpn server using strongswan by following this tutorial: https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html

The server is behind a router the required ports are forwarded. On the vpn server there are some apps running on nginx and java so I'm usein dnsmasq to forward some domain names to the same server.

the servers ipsec.conf is :

# ipsec.conf - strongSwan IPsec configuration file

config setup
    charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,  mgr 4"

conn %default
    keyexchange=ikev2
    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1$
    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-mo$
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftsubnet=0.0.0.0/0,::/0
    leftcert=vpnHostCert.der
    right=%any
    rightsourceip=10.1.1.0/24
    rightdns=192.169.1.100 #vpn servers local ipaddress

conn IPSec-IKEv2
    keyexchange=ikev2
    auto=add

conn IPSec-IKEv2-EAP
    keyexchange=ikev2
    rightauth=eap-tls
    rightsendcert=never
    eap_identity=%any
    auto=add

conn CiscoIPSec
    keyexchange=ikev1
    rightauth=pubkey
    rightauth2=xauth
    auto=add

the problem is that when I connect to vpn server using ubuntu 19.04 the /etc/resolve.conf file does not update. and my traffic isn't routed properly. i need to edit it every time manually to be able to use vpn. if i connect or disconnect resolve file changes to:

# Generated by NetworkManager
nameserver 127.0.0.53

if i manualy change it to:

# Generated by NetworkManager
nameserver 127.0.0.100

everything works.

on windows 10 and on android (using strongswan app) it works good without any tinkering.

is this a ubuntu problem, or my configuration is wrong. who can i solve this, that it would update automatically?

Answer 1

Don't know if you figured this out yet, but I have a solution. I had the same problem and it is the fact ou Ubuntu handles DNS resoltion.

To fix it I had to disable systemd-resolved and use the default dns system. So:

1 - sudo systemctl disable systemd-resolved
2 - sudo systemctl stop systemd-resolved

3 - nano /etc/NetworkManager/NetworkManager.conf
    [main] #add following line
    dns=default

4 - rm /etc/resolv.conf
5 - reboot

hope it helps