Forcing dhclient to not ignore tun0 interface when it's available

[davenull@tuxfamily.org]

Hello

On 2023-02-24 10:19, davenull@tuxfamily.org wrote:
> Hello,
>
> > […]
> >
> > > Otherwise, when VPN is disconnected, I DO want /etc/resolv.conf to be
> > > generated according to my home router's DHCP tells the computer
> >
> > … yes, that one.
> >
> > Cheers,
> > David.

I finally had the time to dig into the logs from two days ago, when the 
problem happens again
It seems that dhclient does it requests trying different interfaces 
EXCEPT tun0 (see syslog below)

I looked into /etc/dhcp/dhclient.conf, which mostly commented. In the 
non-commented part shown below
I don't see anything related to which interfaces are to be used as 
arguments when dhclient is executed
But I'm not a dhclient expert.

At boot time/without VPN, dhclient is executed with enp.* interface 
accondinng to systemctl/ps -eFH.
But It still tries different interfaces according to logs. And I have no 
idea how it detects
which interfaces to use for it requests and why it doesn't detect tun0.
Maybe because tun0 is not yet exposed by the system at boot time when 
dhclient is started?

It stills try wlan interface even if it is down, which is weird, but 
doesn't seem to do harm except
spamming syslog and spending a few additional seconds before trying 
another interface.

------------

dave@debian-laptop:~$ cat /etc/dhcp/dhclient.conf
-
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers, domain-search, host-name,
	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, 
dhcp6.sntp-servers,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes, ntp-servers;
-
------------
dave@debian-laptop:~$ systemctl status

 ├─ifup@enp2s0f0.service
             │ └─1093 /sbin/dhclient -4 -v -i -pf 
/run/dhclient.enp2s0f0.pid -lf /var/lib/dhcp/dhclient.enp2s0f0.leases -I 
-df /var/lib/dhcp/dhclient6.enp2s0f0.leases enp2s0f0

------------


dave@debian-laptop:~$ sudo ausearch --interpret --file /etc/resolv.conf
----
type=PROCTITLE msg=audit(28/02/2023 14:30:57.787:658) : proctitle=mv -f 
/etc/resolv.conf.dhclient-new.46082 /etc/resolv.conf
type=PATH msg=audit(28/02/2023 14:30:57.787:658) : item=3 
name=/etc/resolv.conf inode=786809 dev=fd:01 mode=file,644 ouid=root 
ogid=root rdev=00:00 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 
cap_fver=0 cap_frootid=0
type=PATH msg=audit(28/02/2023 14:30:57.787:658) : item=2 
name=/etc/resolv.conf.dhclient-new.46082 inode=786811 dev=fd:01 
mode=file,644 ouid=root ogid=root rdev=00:00 nametype=DELETE cap_fp=none 
cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(28/02/2023 14:30:57.787:658) : item=1 name=/etc/ 
inode=783361 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 
nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
cap_frootid=0
type=PATH msg=audit(28/02/2023 14:30:57.787:658) : item=0 name=/etc/ 
inode=783361 dev=fd:01 mode=dir,755 ouid=root ogid=root rdev=00:00 
nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
cap_frootid=0
type=CWD msg=audit(28/02/2023 14:30:57.787:658) : cwd=/
type=SYSCALL msg=audit(28/02/2023 14:30:57.787:658) : arch=x86_64 
syscall=rename success=no exit=EPERM(Opération non permise) 
a0=0x7ffc38ee0a9e a1=0x7ffc38ee0ac2 a2=0x0 a3=0xfffffffffffffa4d items=4 
ppid=46082 pid=46093 auid=unset uid=root gid=root euid=root suid=root 
fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=mv 
exe=/usr/bin/mv subj=unconfined key=(null)
----

Note : exit=EPERM can be ignored, because it happened while I made 
/etc/resolv.conf immutable

------------

dave@debian-laptop:~$ less /var/log/syslog
Feb 28 14:30:48 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 3
Feb 28 14:30:51 debian-laptop dhclient[39759]: DHCPDISCOVER on 
enx8c8caa616f43 to 255.255.255.255 port 67 interval 5
Feb 28 14:30:51 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 4
Feb 28 14:30:55 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 11
Feb 28 14:30:56 debian-laptop dhclient[39759]: DHCPDISCOVER on 
enx8c8caa616f43 to 255.255.255.255 port 67 interval 9
Feb 28 14:30:57 debian-laptop dhclient[1003]: DHCPREQUEST for 
192.168.1.192 on enp2s0f0 to 192.168.1.1 port 67
Feb 28 14:30:57 debian-laptop dhclient[1003]: DHCPACK of 192.168.1.192 
from 192.168.1.1
Feb 28 14:30:57 debian-laptop connmand[1038]: enp2s0f0 {add} address 
192.168.1.192/24 label enp2s0f0 family 2
Feb 28 14:30:57 debian-laptop avahi-daemon[1034]: Registering new 
address record for 192.168.1.192 on enp2s0f0.IPv4.
Feb 28 14:30:57 debian-laptop dhclient[1003]: bound to 192.168.1.192 -- 
renewal in 17866 seconds.
Feb 28 14:31:05 debian-laptop dhclient[39759]: DHCPDISCOVER on 
enx8c8caa616f43 to 255.255.255.255 port 67 interval 12
Feb 28 14:31:06 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 11
Feb 28 14:31:17 debian-laptop dhclient[39759]: DHCPDISCOVER on 
enx8c8caa616f43 to 255.255.255.255 port 67 interval 14
Feb 28 14:31:17 debian-laptop systemd[1]: Started Run anacron jobs.
Feb 28 14:31:17 debian-laptop anacron[46104]: Anacron 2.3 started on 
2023-02-28
Feb 28 14:31:17 debian-laptop anacron[46104]: Normal exit (0 jobs run)
Feb 28 14:31:17 debian-laptop systemd[1]: anacron.service: Succeeded.
Feb 28 14:31:17 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 13
Feb 28 14:31:24 debian-laptop dhclient[39759]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 8
Feb 28 14:31:30 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 8
Feb 28 14:31:31 debian-laptop dhclient[39759]: DHCPDISCOVER on 
enx8c8caa616f43 to 255.255.255.255 port 67 interval 16
Feb 28 14:31:32 debian-laptop dhclient[39759]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 17
Feb 28 14:31:37 debian-laptop rtkit-daemon[1368]: Supervising 18 threads 
of 8 processes of 1 users.
Feb 28 14:31:37 debian-laptop rtkit-daemon[1368]: Supervising 18 threads 
of 8 processes of 1 users.
Feb 28 14:31:38 debian-laptop dhclient[2016]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 11
Feb 28 14:31:47 debian-laptop dhclient[39759]: DHCPDISCOVER on 
enx8c8caa616f43 to 255.255.255.255 port 67 interval 5
Feb 28 14:31:49 debian-laptop dhclient[2016]: No DHCPOFFERS received.
Feb 28 14:31:49 debian-laptop dhclient[2016]: No working leases in 
persistent database - sleeping.
Feb 28 14:31:49 debian-laptop dave: 
/etc/dhcp/dhclient-exit-hooks.d/zzz_avahi-autoipd returned non-zero exit 
status 1
Feb 28 14:31:49 debian-laptop dhclient[39759]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 19
Feb 28 14:31:52 debian-laptop dhclient[39759]: No DHCPOFFERS received.
Feb 28 14:31:52 debian-laptop dhclient[39759]: No working leases in 
persistent database - sleeping.
Feb 28 14:31:52 debian-laptop dave: 
/etc/dhcp/dhclient-exit-hooks.d/zzz_avahi-autoipd returned non-zero exit 
status 1
Feb 28 14:32:08 debian-laptop dhclient[39759]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 15
Feb 28 14:32:23 debian-laptop dhclient[39759]: DHCPDISCOVER on wlp3s0 to 
255.255.255.255 port 67 interval 2
Feb 28 14:32:25 debian-laptop dhclient[39759]: No DHCPOFFERS received.
Feb 28 14:32:25 debian-laptop dhclient[39759]: No working leases in 
persistent database - sleeping.
Feb 28 14:32:25 debian-laptop dave: 
/etc/dhcp/dhclient-exit-hooks.d/zzz_avahi-autoipd returned non-zero exit 
status 1
Feb 28 14:32:48 debian-laptop dhclient[39759]: DHCPDISCOVER on 
wlp3s0:avahi to 255.255.255.255 port 67 interval 8
Feb 28 14:32:56 debian-laptop dhclient[39759]: DHCPDISCOVER on 
wlp3s0:avahi to 255.255.255.255 port 67 interval 11
Feb 28 14:33:07 debian-laptop dhclient[39759]: DHCPDISCOVER on 
wlp3s0:avahi to 255.255.255.255 port 67 interval 12

------------