Cross posted @ Manjaro Forum
Difficulty: ★☆☆☆☆
From my notepad https://root.nix.dk/en/network-notes/nordvpn-on-arch-based-distribution
This is not a topic on installing NordVPN
It is a topic on setting up Manjaro to ensure the nameserver settings is restored on disconnecting NordVPN and a topic describing how I did the troubleshooting.
I have subscription with a couple of VPN providers
I haven't been using NordVPN much because I had a DNS issue I didn't care to troubleshoot because I also have ProtonVPN - but I got an offer I couldn't refuse - so revisited NordVPN - and damn - the DNS issue was still present.
I took a long chat with NordVPN - first the chat-bot - then a human - which - due the complete lack of logfile - repeatedly told me Arch is not supported and they were not able to assist me.
/etc/resolv.conf
cat /etc/resolv.confnordvpn ccat /etc/resolv.confnordvpn dOne would expect the resolv.conf to be restored - but it is not - it is still containing the NordVPN nameservers.
I not very good at being rejected with a seemingly legit case - so easy to reproduce suffice you are using NordVPN - but I also realize that NordVPN probably would have fixed if it was an issue - so time to do some digging.
I inspected the pamac build folder and unpacked the content of the deb file but I was not able to draw any conclusions - everything appeared to be as it should for a systemd installation.
There is only one way to troubleshoot - and it is live - using Ubuntu - in a virtual machine.
I downloaded the latest Xubuntu 21.04 and fired up virtual machine using - mostly - the defaults - I usually up the VRAM to 4G and the VCPU to 2 and created a minimal installation and restarted the vm.
Before I did anything I inspected the /etc/resolv.conf and that was a give-away - Ubuntu uses systemd-resolved where I know Manjaro uses resolvconf from the package openresolv.
Then I downloaded the same deb file which is used by the nordvpn-bin package in AUR and installed it using dpkg
sudo dpkg -i nordvpn_3.10.0-1_amd64.debThen I did the same tests as above - and NordVPN works flawless. Now that I got hinted to systemd-resolved the rest was a piece of :cheese::cake:
Manjaro uses Network Manager and openresolv to set dns servers.
➜ ~ cat /etc/resolv.conf
# Generated by NetworkManager <----------- Note this line
search net.nix.dk
nameserver 192.168.1.5Launch nordvpn using the command nordvpn c
➜ ~ cat /etc/resolv.conf
# Generated by resolvconf <----------- Note this line
nameserver 103.86.96.100
nameserver 103.86.99.100The system settings in /etc/resolv.conf is not restored on command nordvpn disconnect but remains using nordvpn dns.
And note the <-------- above - indicating that NordVPN client is using resolvconf to rewrite the nameservers.
Remove openresolv or resolvconf - whichever is installed
sudo pacman -R openresolvInstall the package systemd-resolvconf which is a helper package for interaction by apps depending on resolvconf
sudo pacman -Syu systemd-resolvconfEnable systemd-resolved
sudo systemctl enable --now systemd-resolvedBackup the existing resolv.conf
sudo mv /etc/resolv.conf /etc/resolv.conf.bakCreate a symlink to stub-resolv.conf
sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.confShow dns server in use
➜ ~ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.1.5
DNS Servers: 192.168.1.5
Fallback DNS Servers: 1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10
2001:4860:4860::8888
DNS Domain: net.nix.dk
Link 2 (eno1)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.5
DNS Servers: 192.168.1.5nordvpn cAgain show dns server(s) in use
➜ ~ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.1.5
DNS Servers: 192.168.1.5
Fallback DNS Servers: 1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10
2001:4860:4860::8888
DNS Domain: net.nix.dk
Link 2 (eno1)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.5
DNS Servers: 192.168.1.5
Link 6 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS
DNSSEC=allow-downgrade/unsupported
Current DNS Server: 103.86.96.100
DNS Servers: 103.86.96.100 103.86.99.100
DNS Domain: ~.Disconnect NordVPN
nordvpn dNote the Fallback DNS Servers in the above output. If you want to get rid of those it is easy
sudo touch /etc/systemd/resolved.conf.d/fallback_dns.conf[Resolve]
FallbackDNS=sudo systemctl restart systemd-resolvedList nameservers in use
➜ ~ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (eno1)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 192.168.1.5
DNS Domain: net.nix.dkNow armed with the knowledge on how to get NordVPN running as expected I took another chat with NordVPN and provided - in short - the solution to the issue and urged the chat guy to forward - to the people in charge of their knowledgebase - the link to the solution. So if the future you should spot a KB article on NordVPN on this issue - you know where it came from. :slight_smile:
I cannot possible know each and every VPN provider but don't underestimate the value of knowing this little piece of info.
Who knows - maybe switching your installation from using openresolv to using systemd-resolved - is just that trick that solve your VPN issue?
In the article on Arch Wiki - systemd-resolved is another tip for the case VPN or DHCP clients expects a working resolvconf binary - it was not necessary to add - but it is good to know it is there.
If you get socket error
sudo systemctl enable --now nordvpnd.socket