So I have come up with a working solution that actually solves all MY needs in this regard. Hopefully it will be of use or inspiration to some of you guys too...
Part 1 -- Switch NetworkManager to use dnsmasq (this will NOT work with resolved!) # apt-get install dnsmasq-base Add dns=dnsmasq to /etc/NetworkManager/NetworkManager.conf [main] section # systemctl disable systemd-resolved # systemctl stop systemd-resolved # systemctl restart network-manager Part 2 -- Modify VPN configuration (in /etc/NetworkManager/system-connections) DNS, Routes and reverse IP for the VPN networks can be tricked to work by modifying the [ipv4] section of the VPN configuration file: dns-search=example.lan;example2.lan;example.net # <-- make sure dns requests for these domains and all subdomains are sent to the VPN DNS servers, allowing the split DNS to work never-default=true # <-- make sure the VPN will not be made the default route ignore-auto-routes=true # <-- if you want to manually select the routes route1=192.168.1.0/24 # <-- sets up a route - with reverse dns forwarding to the vpn dns server for network 1 route2=192.168.2.0/24 # <-- sets up a route - with reverse dns forwarding to the vpn dns server for network 2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS Status in systemd: New Status in systemd package in Ubuntu: Confirmed Bug description: I use a VPN configured with network-manager-openconnect-gnome in which a split-horizon DNS setup assigns different addresses to some names inside the remote network than the addresses seen for those names from outside the remote network. However, systemd-resolved often decides to ignore the VPN’s DNS servers and use the local network’s DNS servers to resolve names (whether in the remote domain or not), breaking the split-horizon DNS. This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL: https://bugzilla.redhat.com/show_bug.cgi?id=1151544 To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
