Ubuntu – Is it possible to remove the default gateway from /etc/resolv.conf after successful VPN connection


I have configured PPTP VPN connection on Ubuntu 16.04.3 LTS via NetworkManager (nm-pptp-ppp-plugin) and it works. My configuration:

  1. VPN
    • Gateway
    • User name
    • Password
    • Advanced – set some options on PPTP Advanced Options
  2. IPv4 Settings
    • Method: Automatic (VPN) addresses only
    • DNS servers : (internal IP address of VPN's default gateway)
  3. IPv6 Settins
    • Method: Ignore

I commented out #dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf, ran sudo dpkg-reconfigure resolvconf and sudo resolvconf -u.

Without VPN connection my /etc/resolv.conf contains the following line:


where is IP of my router.
After that, VPN connection /etc/resolv.conf changes to:


But as far as I can understand it should contain only

Is it possible to remove my router's IP ( from /etc/resolv.conf programmatically?
I mean by NetworkManager dispatcher or similar.

It seems that I do not have the DNS leak issue with my current configuration.

P.S. I understand that my question may have been discussed before, but possible duplicates do not fit my needs.

Update 1. On my other 16.04 laptop I also needed to disable systemd-resolved.service with:

sudo systemctl stop systemd-resolved.service
sudo systemctl disable systemd-resolved.service

Best Answer

This is a well known bug of NetworkManager, specifically it is #1211110. It goes back to Ubuntu 13.04 up to 16.04 and to a worse extent to Ubuntu 16.10.

It seems that I do not have DNS leak issue with my current configuration.

Then consider yourself pretty lucky. :) Most users (including myself) experienced severe DNS leaks and tried different approaches to solve them.

Here are some approaches suggested in the bug report (summarized):

Comment #22 by Mac Bassett

Make a backup copy of this NetworkManager file:

sudo cp /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper.orig

Add the following 3 lines to the file.

/etc/openvpn/update-resolv-conf $@
/usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper.orig $@


sudo chmod +x /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper

Caveat: you need to run the following command after disconnecting the VPN.

sudo script_type=down dev=tun0 /etc/openvpn/update-resolv-conf

Comments #27 and #29 by myself

Edit your VPN connection (via NM) and set up static DNS, for example using Google servers:,

This way, the DNS request is sent through an external IP, hence it is routed using the VPN.

Then also set up your wireless connection to use those static DNS servers.

Comment #31 by DaveHenson

Run openvpn through the command line.

(... some other cumbersome solutions that I won't discuss here ...)

Comment #81 by Çağatay Yüksel

Remove this configuration file:

sudo rm -rf /etc/resolv.conf

Add this line to the [main] section of /etc/NetworkManager/NetworkManager.conf:


If you have the dnsmasq package installed, you should make sure the dnsmasq service is not enabled otherwise this will not work. You should also reboot.

The real solution

This bug has been fixed in Ubuntu 17.04. Rather than trying random patches on your system, it is probably a better idea to simply upgrade. :)

Related Question