[Desktop-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)
[Expired for network-manager (Ubuntu) because there has been no activity for 60 days.] ** Changed in: network-manager (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1948533 Title: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10) Status in network-manager package in Ubuntu: Expired Bug description: in all linux including ubuntu up to version 21.04, when dns is set to not automatic in network manager and one dns is set manually (exemple 1.1.1.1) when openvpn is used the dns is going through the vpn tunnel. On ubuntu 21.10 (I tested ubuntu, ubuntu mate and xubuntu)I can affirm the dns in this case is not going trough the vpn.it is leaking.I have used ubuntu for years this is first time this problem occurs (21.10).(and it s not just a question of packages because on my arch linux installs I never had such problem, so it must be a config problem. (when using packages stubby or dnscrypt-proxy (to encrypt dns queries) and dns 127.0.0.1 is set in network-manager the dns does goes trough the vpn (but stubby service needs to be sometimes reloded, it is less reliable that it used to be with previous versions of ubuntu) (I cannot speculate where the bug is from (network-manager, systemd resolved etc) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1948533/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)
We have noticed this as well. Using VPN we use a special resolver to handle private IP space, and now, looking into this further it does look like the network-manager is ignoring the dns= specified in the system- connections (set via the network manager settings gui). My settings below, noting X.X.X.x is where my DNS resolver IP address would normally be and X.com I placed in any domain search field. A quick check from the command line shows the server is reachable, and responding properly, just not receiving any requests. [ipv4] dns=X.X.X.X; dns-search= ignore-auto-dns=true method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto It doesn't appear there are any overrides, and netplan shows NetworkManager should be controlling everything. nmcli confirms the DNS is set $ nmcli conn show "MyVPNConnectionName" | grep dns connection.mdns:-1 (default) ipv4.dns: X.X.X.X ipv4.dns-search:-- ipv4.dns-options: -- ipv4.dns-priority: 0 ipv4.ignore-auto-dns: yes ipv6.dns: -- ipv6.dns-search:-- ipv6.dns-options: -- ipv6.dns-priority: 0 ipv6.ignore-auto-dns: no $ cat /etc/network/interfaces # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback $ netplan get network: version: 2 renderer: NetworkManager $ cat /etc/resolv.conf | grep -v "#" nameserver 127.0.0.53 options edns0 trust-ad search X.com In the nmcli, I did notice that tun0, spawned as a seperate connection has no DNS defined $ nmcli conn show "tun0" | grep -i dns connection.mdns:-1 (default) ipv4.dns: -- ipv4.dns-search:-- ipv4.dns-options: -- ipv4.dns-priority: 100 ipv4.ignore-auto-dns: no ipv6.dns: -- ipv6.dns-search:-- ipv6.dns-options: -- ipv6.dns-priority: 100 ipv6.ignore-auto-dns: no I also see the DNS for the actual wired or wireless connection in use is defined, and so must be superseding the OpenVPN defined setting. It does seem like a priority issue, whereby the VPN connection should have priority. In my case both the VPN and the default WiFi connection have priority "0" $ nmcli conn show "MyVPNConnectionName" | grep priority connection.autoconnect-priority:0 ipv4.dns-priority: 0 ipv6.dns-priority: 0 So it seems I would need to change the relative priority to solve this problem. Lower value is higher priority. Network Manager should be setting the default connection to 100, and the VPN to 50, per some Network Manager defaults. https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/configuring- the-order-of-dns-servers_configuring-and-managing-networking This document also suggests if they are the same (mine are both 0) the one with active default route with the lowest metric should win. In my case, the tun0 would win, but it is not where the DNS is defined. It would be nice to see what changed in 20.04, but clearly my guess would be that a) Default Connection (wifi/wired) used to be dns priority 100 lost to the VPN conenction because dns priority was tied, and vpn default gateway metric was lower, or b) because vpn dns priority was lower Either way, something does not seem right with current nm defaults for connections and their dns.priorities -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1948533 Title: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10) Status in network-manager package in Ubuntu: Expired Bug description: in all linux including ubuntu up to version 21.04, when dns is set to not automatic in network manager and one dns is set manually (exemple 1.1.1.1) when openvpn is used the dns is going through the vpn tunnel. On ubuntu 21.10 (I tested ubuntu, ubuntu mate and xubuntu)I can affirm the dns in this case is not going trough the vpn.it is leaking.I have used ubuntu for years this is first time this problem occurs (21.10).(and it s not just a question of packages because on my arch linux installs I never had such problem, so it must be a config problem. (when using packages stubby or dnscrypt-proxy (to encrypt dns queries) and dns 127.0.0.1 is set in network-manager the dns does goes trough the vpn (but stubby service needs to be sometimes reloded, it is less reliable that it used to be with previous versions of ubuntu) (I cannot speculate where
[Desktop-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)
** Tags added: impish ** Also affects: network-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1948533 Title: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10) Status in Ubuntu: New Status in network-manager package in Ubuntu: New Bug description: in all linux including ubuntu up to version 21.04, when dns is set to not automatic in network manager and one dns is set manually (exemple 1.1.1.1) when openvpn is used the dns is going through the vpn tunnel. On ubuntu 21.10 (I tested ubuntu, ubuntu mate and xubuntu)I can affirm the dns in this case is not going trough the vpn.it is leaking.I have used ubuntu for years this is first time this problem occurs (21.10).(and it s not just a question of packages because on my arch linux installs I never had such problem, so it must be a config problem. (when using packages stubby or dnscrypt-proxy (to encrypt dns queries) and dns 127.0.0.1 is set in network-manager the dns does goes trough the vpn (but stubby service needs to be sometimes reloded, it is less reliable that it used to be with previous versions of ubuntu) (I cannot speculate where the bug is from (network-manager, systemd resolved etc) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1948533/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)
** Tags added: jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1948533 Title: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10) Status in Ubuntu: New Status in network-manager package in Ubuntu: New Bug description: in all linux including ubuntu up to version 21.04, when dns is set to not automatic in network manager and one dns is set manually (exemple 1.1.1.1) when openvpn is used the dns is going through the vpn tunnel. On ubuntu 21.10 (I tested ubuntu, ubuntu mate and xubuntu)I can affirm the dns in this case is not going trough the vpn.it is leaking.I have used ubuntu for years this is first time this problem occurs (21.10).(and it s not just a question of packages because on my arch linux installs I never had such problem, so it must be a config problem. (when using packages stubby or dnscrypt-proxy (to encrypt dns queries) and dns 127.0.0.1 is set in network-manager the dns does goes trough the vpn (but stubby service needs to be sometimes reloded, it is less reliable that it used to be with previous versions of ubuntu) (I cannot speculate where the bug is from (network-manager, systemd resolved etc) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1948533/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)
If you look into the openvpn configuration file that Network Manager creates for your connection in /etc/NetworkManager/system-connections, could you please paste the [ipv4] and [ipv6] sections? ** No longer affects: ubuntu ** Changed in: network-manager (Ubuntu) Status: New => Incomplete ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1948533 Title: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10) Status in network-manager package in Ubuntu: Incomplete Bug description: in all linux including ubuntu up to version 21.04, when dns is set to not automatic in network manager and one dns is set manually (exemple 1.1.1.1) when openvpn is used the dns is going through the vpn tunnel. On ubuntu 21.10 (I tested ubuntu, ubuntu mate and xubuntu)I can affirm the dns in this case is not going trough the vpn.it is leaking.I have used ubuntu for years this is first time this problem occurs (21.10).(and it s not just a question of packages because on my arch linux installs I never had such problem, so it must be a config problem. (when using packages stubby or dnscrypt-proxy (to encrypt dns queries) and dns 127.0.0.1 is set in network-manager the dns does goes trough the vpn (but stubby service needs to be sometimes reloded, it is less reliable that it used to be with previous versions of ubuntu) (I cannot speculate where the bug is from (network-manager, systemd resolved etc) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1948533/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp