[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-11-18 Thread Mathew Hodson
*** This bug is a duplicate of bug 1754671 ***
https://bugs.launchpad.net/bugs/1754671

** This bug has been marked a duplicate of bug 1754671
   Full-tunnel VPN DNS leakage regression

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-10-25 Thread Adam Adamski
Ah, I forgot to mention I've found a somewhat working workaround. If you
uncomment the line "DNS" in /etc/systemd/resolved.conf and put list of
DNSes with first VPN's DNS then your normal DNS, then it will always try
to go through the VPN's DNS first even if you're not trying to access a
resource from the VPN. Be careful not to type any dangerous domain names
when connected to the VPN though.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-10-25 Thread Adam Adamski
I'm on Ubuntu 20.04 and I've tried every solution listed above and in
the bug's duplicate and none of them worked... It's really disappointing
that dns doesn't work with VPNs for over 4 years.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-07-08 Thread Dan Streetman
** Tags removed: sts-sponsor-volunteer
** Tags added: seg

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-03-31 Thread Sebastien Bacher
** Changed in: network-manager (Ubuntu Xenial)
 Assignee: Mathieu Trudel-Lapierre (cyphermox) => (unassigned)

** Changed in: network-manager (Ubuntu)
 Assignee: Mathieu Trudel-Lapierre (cyphermox) => (unassigned)

** Changed in: network-manager (Ubuntu Yakkety)
 Assignee: Mathieu Trudel-Lapierre (cyphermox) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-03-30 Thread Dan Streetman
** Tags added: sts-sponsor-volunteer

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2020-03-14 Thread Michael Ekoka
The silence regarding this problem is a bit disconcerting. After jumping
through many hoops, I managed to resolve this with the help of this
answer: https://forum.manjaro.org/t/weird-dns-issue-over-vpn/78092/11

I deleted the /etc/resolv.conf symlink and disabled systemd-resolved as
instructed, then rebooted. After start up, NetworkManager re-created a
file at /etc/resolv.conf (not a symlink this time). Although I could
connect to the Internet, I coulnd't access any website. I inferred some
DNS issues and I simply re-enabled systemd-resolved.

$ sudo systemctl enable systemd-resolved.service

I recreated the symlink pointing /etc/resolv.conf to
/run/resolvconf/resolv.conf

$ sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf

then I rebooted once again.

Next time I connected to the VPN, I could access its resources with no
further issues.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-12-19 Thread Dan Streetman
> I'm also effected by this bug on 18.04.3 (NetworkManager v1.10.14)

please note that n-m version 1.10.14 never was released out of Bionic-
proposed; instead smaller fixes were used to address specific bugs, and
the latest NetworkManager version in Bionic-updates is
1.10.6-2ubuntu1.2.  If you have version 1.10.14 installed, you should
remove and reinstall it, or simply 'downgrade' it with apt to the latest
released version.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-12-19 Thread sokai
Hi!

@Vadym K (hmvs): What is your workaround good for?

In general:
I'm also effected by this bug on 18.04.3 (NetworkManager v1.10.14) and can't 
see any 'official' solution (for Bionic). – Can someone maybe help (me)?

Thanks and KR!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-11-11 Thread Vadym K
18.04.3 LTS !, still reproduced, which makes me sad.

As a workaround: `sudo apt-get install resolvconf-admin`

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-09-01 Thread Dmitrii Shcherbakov
On 19.04 I can see the following (correct) behavior.

With VPN (turned on via NetworkManager):

# note: no "global" DNS servers have been configured by hand through
systemd-resolved conf using "DNS=" directive

systemd-resolved --status

# ...

Link 15 (tun0)
  Current Scopes: DNS
DefaultRoute setting: yes
   LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
  DNSSEC setting: no
DNSSEC supported: no
  Current DNS Server: 
 DNS Servers: 
  
  DNS Domain: ~.


Link 2 (wlp59s0)
  Current Scopes: DNS
DefaultRoute setting: yes
   LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
  DNSSEC setting: no
DNSSEC supported: no
  Current DNS Server: 
 DNS Servers: 
  
  DNS Domain: deadbeefcafe


Without VPN:

systemd-resolved --status
# ...

Link 2 (wlp59s0)
  Current Scopes: DNS
DefaultRoute setting: yes
   LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
  DNSSEC setting: no
DNSSEC supported: no
  Current DNS Server: 
 DNS Servers: 
  
  DNS Domain: ~.
  deadbeefcafe


"~." configuration goes to the tun0 interface once VPN is enabled and is 
removed from the physical interface. In this example it means that 
DHCP-advertised local DNS servers will be used for deadbeefcafe domain only and 
everything else will go through the DNS servers of a VPN service.

Clarifications on how "~." affects DNS request routing:

https://github.com/systemd/systemd/blame/v240/src/resolve/resolved-dns-scope.c#L1411-L1418
 * "~."  really trumps everything and clearly indicates that 
this interface shall receive all
 * traffic it can get. */
http://manpages.ubuntu.com/manpages/disco/man5/resolved.conf.5.html#options
https://www.freedesktop.org/software/systemd/man/resolved.conf.html#Domains=

Packages:

ii  network-manager   1.16.0-0ubuntu2   
amd64network management framework (daemon and userspace tools)
ii  network-manager-config-connectivity-ubuntu1.16.0-0ubuntu2   
all  NetworkManager configuration to enable connectivity 
checking
ii  network-manager-gnome 1.8.20-1ubuntu1   
amd64network management framework (GNOME frontend)
ii  network-manager-openvpn   1.8.10-1  
amd64network management framework (OpenVPN plugin core)
ii  network-manager-openvpn-gnome 1.8.10-1  
amd64network management framework (OpenVPN plugin GNOME GUI)
ii  netplan.io0.97-0ubuntu1~19.04.1 
amd64YAML network configuration abstraction for various backends
ii  systemd   240-6ubuntu5.3
amd64system and service manager


I have also captured DNS packets on all interfaces via Wireshark and confirmed 
that DNS requests go to the correct DNS servers on 19.04.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN i

[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-08-31 Thread Mathew Hodson
** Changed in: network-manager (Ubuntu)
Milestone: ubuntu-17.06 => None

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-08-21 Thread Taran M
This bug and the fact that there seems to be no care in fixing it made
me leave the Ubuntu distro behind. Pathetic. I no longer care if you fix
it or not.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-04-19 Thread Steve Langasek
** Tags added: regression-update

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-02-13 Thread Jason Cecil
The author discusses the drawbacks here: https://github.com/jonathanio
/update-systemd-resolved (one can still leak under certain
circumstances, and we shouldn't only be concerned with the minority who
realize this is even happening/a problem and who can hack together a
workaround themselves). Not that you implied that by sharing your
solution; I'm just speaking generally.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-02-13 Thread dlotton
For those using OpenVPN, I discovered that there is a package named
'openvpn-systemd-resolvd' that finally resolved this issue for me.
Here's the synopsis for the package in the repo...

"This is a helper script designed to integrate OpenVPN with the
systemd-resolved service via DBus instead of trying to override
/etc/resolv.conf, or manipulate systemd-networkd configuration files.

Since systemd-229, the systemd-resolved service has an API available via DBus
which allows directly setting the DNS configuration for a link. This script
makes use of busctl from systemd to send DBus messages to systemd-resolved to
update the DNS for the link created by OpenVPN."

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2019-02-12 Thread Jason Cecil
This is the *nastiest* bug I've ever encountered in the wild on my own
in Linux (that has no good solution after this long). Package
1.2.2-0ubuntu0.16.04.4 has disappeared from the mirrors for Xenial (not
that anyone should expect a normal user to go through the deep dive that
is this subject, once one realizes what is happening). The cipher in use
by AWS for Client VPN isn't available in OpenSSL within Trusty Tahr, so
running an old Ubuntu distro is also not a viable solution for me. This
is about as serious of a bug as I could think of, and we're almost two
years in without it being addressed. Hate to be tin-foil-hatty, but this
seems like the kind of thing that gets put into software as a result of
government-agency interests. How many people around the world expecting
their VPN to protect them while viewing content from outside of their
nation state are DNS-leaking all over the place to their local ISP? How
many companies are leaking private zone DNS names (which often reflect
what's running on the target boxes, and would then include information
that could be used as part of an attack vector) to their ISP? I
understand how open source works, but most people (including me) don't
have the ability to work effectively on this nuanced bug. What's the
plan? Sorry to sound disgruntled, but I spent about a week on this
(coming to terms with understanding the issue, and then trying a number
of workarounds). Initially, I accused our CTO of running a broken VPN
server (heh), because I could simply not believe that things didn't
"just work" in Linux for this extremely common use case. So we don't
support pushing "dhcp-option" for DNS in Linux. This works in Mac and in
Windows. We need a working/easy way to update our DNS addresses upon
connecting to/disconnected from a VPN that users can trust. This bug is
so obscene, bwahah, I felt like Linus Torvalds dealing with Nvidia...
:-P

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> 

[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-12-12 Thread Pioterus
Thanx Colin. 
Anyway anyone knows why this bug is sooo hard to fix? It is old, and quite 
blocking someones workflow.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-12-12 Thread Colin Law
It has only been marked Won't Fix in Yakkety, because Yakkety is well
past it's sell by date.  It is still open on Xenial.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-12-11 Thread Pioterus
Sebastien, could you explain the 'status: Triaged → Won't Fix' meaning?

Is this bug going to stay with us or what?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-12-11 Thread Sebastien Bacher
** Changed in: network-manager (Ubuntu Yakkety)
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Won't Fix

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-11-26 Thread Tiago Maurício
I am running Ubuntu 16.04 with plasma. I was experiencing this issue and
downgraded the network-manager package to 1.2.2-0ubuntu0.16.04.4. Since
the downgrade I haven't had any trouble. Waiting for fix in the latest
version :)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-11-25 Thread ghomem
This problem:

https://bugs.launchpad.net/ubuntu/+source/network-
manager/+bug/1688018/comments/18

remains and now the old package 1.2.2-0ubuntu0.16.04.4 is not available
anymore. Can we go back to the behaviour of 1.2.2-0ubuntu0.16.04.4 ?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-09-08 Thread javierpb
I'm experiencing this issue on Ubuntu 18.04.1. In case this helps
anyone, I've been able to fix following
https://wiki.archlinux.org/index.php/OpenVPN#Update_systemd-
resolved_script. Only after that change the OpenVPN supplied DNS servers
appear on `systemd-resolve --status`. In case that matters, I run
`openvpn` from command line

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-08-17 Thread DaMoisture
Thanks Egor! Connection stayed up all day!!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-08-16 Thread DaMoisture
Well, that was pretty straightforward! Thanks for pointing that one out,
we'll know in a couple hours if it worked.

Peace & Joy; Love & Gratitude

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-08-16 Thread Egor Tensin
@hckrmagoo I had this problem as well, try making NetworkManager run
OpenVPN as root: https://askubuntu.com/a/906055/844205.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-08-15 Thread DaMoisture
THank you Egor! that did the trick on Kubuntu 18.04. Now if I could only
figure out why it disconnects from the VPN after .5-2 hours...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-07-19 Thread Anton Melser
@egor-tensin you are awesome! I think there might be a few related
problems (like https://github.com/systemd/systemd/issues/7182) but this
seems to actually work. I actually saw this bug but didn't click that
your fix would work until having wasted a huge amount of time.

Some one from Ubuntu should DEFINITELY put this in the NetworkManager
FAQ. And it should obviously be a GUI option - it is rather shameful
that we still have to generate our configs with code because the GUI is
so broken...

** Bug watch added: github.com/systemd/systemd/issues #7182
   https://github.com/systemd/systemd/issues/7182

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-06-14 Thread Aron Bohl
Thank you @egor-tensin! I've been struggling with this problem for
years. This is the first work around that actually works! I added that
line under the [ipv4] section of my VPN connection file and then
restarted the network manager with:

   sudo systemctl restart NetworkManager.service

Now it's actually using the DNS specified by the VPN rather than just my
default ISP's DNS.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-06-12 Thread Yale Huang
@egor-tensin Thanks. Your walk-around works.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-06-12 Thread Egor Tensin
> Comment here only if you think the duplicate status is wrong.

Or I won't.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-06-12 Thread Egor Tensin
I had a lot of trouble with NetworkManager+OpenVPN on Ubuntu and
discovered a couple of workarounds.

If you're having trouble resolving internal domain names (like
*.internal.company.com), you might want to try adding something like
this to the [ipv4] section in /etc/NetworkManager/system-
connections/YOUR_VPN_CONNECTION:

dns-search=internal.company.com;

If you want to direct all DNS lookups through your VPN, try adding

dns-priority=-1

to the same section. But this will disable all DNS servers except for
the VPN, so if you have a local DNS server, local domain names will stop
resolving.

I'm using Ubuntu 18.04 & network-manager 1.10.6-2ubuntu1.

I'll duplicate this message in #1671606.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-04-17 Thread Pioterus
Commenting out dnsmasq stopped working. What I have done recently:
https://wiki.ubuntu.com/Kernel/LTSEnablementStack
so my kernel is 4.13 and to my big surprise after connecting with OpenVPN I can 
resolve host names of my remote site (using host myhost.remote.domain.name), 
but I cannot ping to them (or krdc to them etc) host unknown and thats it. What 
is going on?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-04-17 Thread Pioterus
This bug forced me to search for ubuntu alternatives. I'm looking
currently at Manjaro.

About commenting out dns=dnsmasq.
Doing so on laptop (LAN and wifi connections active) has this drawback:
ping my_comp_name
.unresloved name
adding my_comp_name to /etc/hosts  makes the ping my_comp_name  working again, 
but 
unplagging RJ45, system changes automatically to wifi connetcion (other IP) and 
ping my_comp_name again is not working. With dnsmasq enabled the system nicely 
deals with name resolution so there are no such issues. What happens when the 
host name resolution is not working ok? System behaves oddly (it delays some 
operations in many situations).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-04-03 Thread franck
What happened to this bug? Is it still being addressed? I'm also experiencing 
the same problem and the solutions above don't work for me :(

Ubuntu 16.04.4 LTS
NetworkManager 1.2.6
dnsmasq 2.76

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-03-16 Thread Pioterus
Almost year old bug still there. This is core functionality of any OS
(secure VPNs, DNS) which just does not work on Ubuntu. I don't know how
about other distros but I doubt that Ubuntu can claim to be the desktop
system with such a bug.

I can confirm that the simplest workaround is comment out dnsmasq in 
NetworkManager config (ubuntu 16.04). But there are drawbacks of course so this 
makes the system less secure/reliable  in some situations. And of course it 
took me about 5 hours to figure out what is going on. Those hours could be 
spend more productive.
P.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-02-25 Thread Elladan
The script in #37 didn't work for me, as the interface name was "tun0".
The following slightly modified script seems to work OK so far:

# cat 99-openconnect-dnsmasq-bug 
#!/bin/bash
set -e
# force restart of dnsmasq on vpn connect
# See https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018

echo "Running lame bug 1688018 workaround. Args: $*"

if [[ "$1" =~ "tun0" ]] && [ $2 = "up" ]
then
  if [ -e /var/run/NetworkManager/dnsmasq.pid ]
  then
/bin/kill -15 $(cat /var/run/NetworkManager/dnsmasq.pid)
  fi
fi

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-02-17 Thread dlotton
By far, the easiest and most effective workaround I've found is commenting out 
"dns=dnsmasq" in "/etc/NetworkManager/NetworkManager.conf" as a few others have 
suggested above.
 
Disappointing that this continues to be an ongoing problem.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-02-17 Thread code_onkel
Will the fix also ensure that the search domain of the VPN's DHCP server
will be used?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-02-05 Thread Jens Greifenhagen
I found another workaround, that works fine without changing package versions 
or DNS servers.
It is tested with the issues I had with openconnect for NM.

it is "just" killing the dnsmasq instance and it gets restarted
automatically which then results in a working system again. It easy and
not pretty, but works. Then only (perhaps) noticeable interruption is a
few seconds where DNS is not working 15 seconds after the connection has
been established:

$ cat /etc/NetworkManager/dispatcher.d/99-openconnect-dnsmasq-bug
#!/bin/bash
set -e
# force restart of dnsmasq on vpn connect

if [[ "$1" =~ "vpn" ]] && [ $2 = "up" ]
then
  if [ -e /var/run/NetworkManager/dnsmasq.pid ]
  then
$( sleep 15 && /bin/kill -15 $(cat /var/run/NetworkManager/dnsmasq.pid) )
  fi
fi

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2018-01-17 Thread Daniel Eckl
This workaround is not bad indeed and saves me, too. But it has
drawbacks that people need to know

1) In newer Ubuntu versions, "dnsmasq" is the default DNS option, so the
config does not have this option to comment out. Instead you have to set
"dns=default" there.

2) With this workaround, some applications need a restart to recognize
the new DNS servers after you started VPN. Browsers are a prominent
example of reading resolv.conf setup at start and then caching this
until restart.

3) The VPN DNS servers are used then, but they are on top of the
underlying DNS servers coming from your local DHCP. They are just added
to the top of the list. As long as the VPN DNS servers are working, data
security is intact. As soon as these stop working, your system might
send DNS queries (that maybe should be confidential) to the underlying
DNS server.

Issues 2 and 3 are the most dangerous as they can compromise VPN
confidentiality.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-12-27 Thread Roman Vrublevskiy
As a workaround, I commented out dns=dnsmasq in 
/etc/NetworkManager/NetworkManager.conf.
Now network manager adds VPN DNS servers to /etc/resolv.conf and everything 
works as expected.

As an additional benefit, it also adds and uses additional search domains but 
only with "Use this connection only for resources on its network" unchecked, so 
all traffic is routed to the tunnel.
With working DNS I can live with it for now.

I'm on Mint 18.3 Cinnamon.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-11-09 Thread themroc
I have exactly the same Problem like User Orange Shiang-Yuan Kao
(orange-kao) wrote on 2017-03-22 in Comment #10 in duplicate Bug 1671606
since upgrading to

Kubuntu 17.10

https://bugs.launchpad.net/ubuntu/+source/network-
manager/+bug/1671606/comments/10

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-10-31 Thread Spencer Seidel
... and my issue is now resolved in Ubuntu 17.10, at least on a fresh
install. Not sure what changed, but no changes are necessary to
/etc/nsswitch.conf in order to make resolving DNS work with internal
domains while connect to openconnect VPN. Probably I should stick with
LTS :-)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-10-26 Thread ovv
@jsseidel I believe starting from 16.10 ubuntu use systemd-resolved as
dns. Your issues might come from that and it would explain why it's also
present in Fedora 25

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-10-25 Thread Spencer Seidel
I don't know if my issue is related to this or the few others I've seen,
so I pre-apologize if this should be moved elsewhere or even if it's not
relevant in this context. I'm far from an expert in DNS . . .

My experience was that after upgrading to 16.10 (or higher: it happens
in 17.10, too, and I imagine it will in 18.04). DNS lookup for internal
sites would fail when I was connected to an openconnect VPN.

In 16.04, my workaround was to comment out dnsmasq in
NetworkManager.conf, but in 16.10, 17.04, and 18.04, this option no
longer appeared. Also, I additionally had to comment out a reference to
a local host in /etc/resolv.conf, which was added below the VPN-only
nameservers, which in my case were sufficient. Recently, I tried Fedora
25 and was surprised to see the same issue -- this suggests it's not an
Ubuntu-specific problem, unless Canonical is providing some libs that
Fedora is using, I don't know.

I found this workaround for my particular case while again searching in
a Fedora context for a workaround:

https://www.freedesktop.org/software/systemd/man/nss-resolve.html

TL;DR: I added "resolve [!UNAVAIL=return]" to the hosts line in
/etc/nsswitch.conf right before any entry that has "dns" in it. This
worked for me in Fedora and Ubuntu both. (Note that in the latest Arch
release, this was not an issue for me.)

I'm hoping that this comment will prove helpful to anyone like me who
might be searching in vain for a workaround.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source

[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-10-20 Thread William Richards
I wonder how many people's DNS leaked over the year this bug hasn't been
addressed. Oh well..it's just your users' security. Canonical is a joke.
Please stop endangering your users with your incompetence.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-10-10 Thread M.Witte
@cyphermox please comment on the status Mathieu.

Still using the workaround: https://bugs.launchpad.net/ubuntu/+source
/network-manager/+bug/1671606

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-06 Thread Lukas Dzunko
@joll-nicholas I just want to add my view of this situation to this bug
report. :) It was more like message to all in this thread ... my
apologize if it was not written properly (I am not native speaker)

@kantlivelong ... yeah, for now (I mentioned this also in initial
report) but it may not be case in future. Canonical already removed
package for GUI and there is no guarantee that they will leave at least
package for daemons there ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-05 Thread NJ
On my Mint (18.2 and I think I did it on 18.3 too - both Cinnamon) the
network-manager downgrade sufficed; I did not need to adjust resolvconf.
However, I don't think I was using a 'PPTP tunnel'.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-05 Thread dlotton
Just an FYI, I have to downgrade both network-manager=1.2.2-0ubuntu0.16.04.4 
and resolvconf=1.78ubuntu2.  Doing one or the other would not fix the problem 
on my system (Linux Mint Mate 18.1).
 
I'm using a PPTP tunnel.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-05 Thread Shawn B
Just downgrade network-manager to 1.2.2-0ubuntu0.16.04.4 until the issue
is resolved. Pretty simple.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-05 Thread NJ
@lukas-d: I understand, but perhaps you are thinking that I work for
Canonical or that I have the skill to contribute to the network-manager
project. Neither of those things are true. I am a frustrated user (with
fairly low programming ability).

It seems to me that switching to a distribution that is not Ubuntu and
is not based on Ubuntu might be an idea, in your circumstances.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-05 Thread Lukas Dzunko
@joll-nicholas ... "it is not guaranteed secure." ... Explain this to
employer. I am using VPN as it is requirement of my employer. They don't
care if it work or not on Linux. M$ Windows client is working and that
its. We are not in position to negotiate VPN solution especially if it
is not guaranteed to be secure.

Situation is same with my private network. I am using Mikrotik
components which have limited amount of VPN options build in. Therefore
"WireGuard" is again not an option.

For me it is unbelievable that it is still not fixed and this is not
only one bug causing Ubuntu to be useless. ... 14.04 have too old kernel
to work with my laptop. 16.04 problems with vpn and terrible flicker on
skylake chipset. 17.04 everything around gnuradio completely broken ...
maybe it is time to try another distribution ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-03 Thread NJ
@terry69lawson and other frustrated users: perhaps you are in a position
to try *WireGuard* as a replacement for OpenVPN (or for other methods of
connecting to a VPN). Your VPN provider will need to have WireGuard
servers for this to work. If your provider does have such servers, then
you are in luck, for not only does Wireguard work with the latest
(unfixed) Network Manager, it's also fast and easy. Still, it's also
still in development and, though it has had some testing and had good
reviews, it is not guaranteed secure.

Still, I am amazed and boggled that Canonical has not fixed the problem.
Perhaps it's been fixed in a newer version of Ubuntu and not backported?
A bit of information, clearly presented, would not go amiss (@cyphermox)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-03 Thread Seumas Finlayson
Now NONE of my Ubuntu machines, on Xenial or Zesty, will use my VPN for
even a brief time. I've tried several different versions of packages,
but nothing. This is absolutely intolerable. Fix this soon Canonical or
I will be forced to leave for a different Linux distro.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-09-02 Thread martin ehrlich
I hope this bug will be fixed soon for 16.04

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-08-31 Thread Andreas Hasenack
Using a VPN I have at hand (I don't control the server part of it, though), I 
can confirm that with n-m 1.2.6 my local DNS (10.0.5.5) is injected after the 
vpn is established:
Aug 31 20:36:32 31-64 dnsmasq[1118]: setting upstream servers from DBus
Aug 31 20:36:32 31-64 dnsmasq[1118]: using nameserver 10.0.5.5#53(via ens3)
Aug 31 20:36:32 31-64 dnsmasq[1118]: using nameserver 10.172.64.1#53 for domain 
internal
...

That extra 10.0.5.5 DNS server is not injected when I establish the same
connection using n-m 1.2.2.

I have the "Use this connection only for resources on this network" in
the ipv4->routes tab NOT checked, i.e., my intention is that all traffic
goes through the VPN. And I have method set to "ignore" in the ipv6
settings tab, so it's just ipv4.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-08-31 Thread Andreas Hasenack
Oh, that box is on xenial, btw.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-07-12 Thread NJ
Corrections to the above post.

(i) '[I]t its original' should be 'in its original'.

(ii) 'Inference from the conjunction of 1, 2 and 3' should be,
'Inference from the conjunction of 1, 2, 3 and 4' - because I found
another reason.

A facility to edit posts would be welcome (but perhaps that exists and I
overlook it somehow).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-07-12 Thread NJ
1. It has been four months since this bug - it its original incarnation
(https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1671606)
- was reported.

2. The bug is critical: it breaks security software.

3. The bug has been reported to Ubuntu, which has paid employees.

4. The bug is a regression and hence presumably not especially hard to
fix.

Inference from the conjunction of 1, 2 and 3: *this bug should have been
fixed by now*. Yet, it has not. Nor has any explanation been provided as
to why not, at least not here. Not has there been a shortage of people
asking, politely, for a fix.


Perhaps then a slightly more strident question is in order. To wit: **what 
gives?** This is the sort of unfixed major problem that drives people back to 
Windows and Mac OS. (I know that https://bugs.launchpad.net/ubuntu/+bug/1 is 
closed, but still.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-07-09 Thread Seumas Finlayson
Any updates? It would be nice to see full closure on this issue ASAP.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-06-19 Thread NJ
Cruz, thanks for this.

However, (1) after all the trouble I had getting OpenVPN working, I
don't fancy switching to something else (and my system does work at
present, using the older version of Network Manager).

Also, (2) I don't really understand what you say about /etc/hosts,
though probably I could work it out.

Further, (3) if I understand the last paragraph of your comment #13: I
don't know; after all, at the top of this page we can read not only,
'Xenial - In Progress' (though it seems pretty slow progress! It's been
at least a month since this show-stopping bug was first reported) but
also, 'Yakkety - Triaged'.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-06-19 Thread Cruz Fernandez
Just expanding a little bit more my last comment, on Ubuntu 17.04, using
the 'sudo openconnect xxx' command is adding to the file
/run/resolvconf/resolv.conf file the DNS IP addresses as global ones.
Just also added them on the 'icon' version and it fixed it too. In
Ubuntu 17.04 it's using by default the systemd-resolved service (instead
of the reported one dnsmasq).

Maybe we should report a different bug for Ubuntu 17.04 as the packages
interaction look to be other ones?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-06-19 Thread Cruz Fernandez
On my Ubuntu 17.04 (also happened on 16.10, upgraded to 17.10 that same
machine) the bug it's happening to me. My current workaround is to use
an equivalent 'openconnect'.

Command issued in my case:

sudo openconnect --user my-vpn-user --csd-user my-local-unix-user
--csd-wrapper ~/csd-wrapper-download.sh --authgroup GROUP_OF_VPN
https://remote.corporate.network.com

Another workaround I'm using is to put the internal VPNs IPs on
/etc/hosts

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-06-13 Thread NJ
Might I ask when this rather severe bug is due to be fixed (in Xenial or
rather, for me, in Mint)? Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-31 Thread NJ
I am glad to see that this bug is being worked on and is rightly
labelled as being of high importance.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-23 Thread Shawn B
I experience the same issue on 16.04 but it ends up breaking DNS
responses entirely because traffic is forced through the OpenVPN tunnel
where the DNS resides and the local DNS is no longer accessible.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-23 Thread Mathieu Trudel-Lapierre
I don't know what your "DNS leak test" is, but we can't give much weight
to that unless we also know a lot more about your config for the VPN and
how the test is set up, what it looks for, etc.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-23 Thread Aron Bohl
I'm running on Ubuntu GNOME 17.04 and I'm still affected by this issue.
After connecting to VPN and running a DNS leak test, it still shows my
DNS as my usual ISP.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-23 Thread Mathieu Trudel-Lapierre
Has anyone tried to make their connections with an even newer version of
Ubuntu and network-manager, such as on 17.04? That would be a very good
test to do (in my experience, it works correctly).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-23 Thread Mathieu Trudel-Lapierre
I don't know why bugs about "DNS on VPN" were being marked as duplicates
of suspend/resume issues in dnsmasq. It's /related/, but definitely not
the same thing at all. I can only apologize that this wasn't handled
correctly, and try to fix things.

One thing to keep in mind however, is that not all premises on this bug
report are correct: what DNS server to use is directly dependent on the
settings used in the VPN connection: whether it should use the VPN for
everything, or just for the network it provides as routed shipped from
the VPN server. Your observations may vary based on what that setting
is.

I think we have enough information already to start working on a
solution, so I'll mark this bug Triaged/In Progress and assign it to
myself. I'm also milestoning it to 17.06; so that it stays on my todo
list for this month and June -- but that doesn't mean that it *will* be
fixed by then, that will depend on how hard it is to fix and ship the
updates where appropriate.

I only have openvpn to work with now, but the actual type of VPN should
not matter. If it changes something, *that* would be another bug (and
then you should make a separate report). If things work for one VPN
plugin, it means NetworkManager is doing what it should.

As soon as there is a proposed fix for this, I'll make it available on a
PPA for testing, even before it lands in -proposed, so as to have more
certainty that the fix works. I'll comment back here when something is
ready.

** Changed in: network-manager (Ubuntu)
   Status: Confirmed => Triaged

** Changed in: network-manager (Ubuntu)
   Importance: Undecided => High

** Changed in: network-manager (Ubuntu)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Changed in: network-manager (Ubuntu)
Milestone: None => ubuntu-17.06

** Also affects: network-manager (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: network-manager (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: network-manager (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: network-manager (Ubuntu Yakkety)
   Status: New => Triaged

** Changed in: network-manager (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: network-manager (Ubuntu Yakkety)
   Importance: Undecided => High

** Changed in: network-manager (Ubuntu Xenial)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Changed in: network-manager (Ubuntu Yakkety)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Changed in: network-manager (Ubuntu Xenial)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:
  Triaged

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all ne

[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-12 Thread Lukas Dzunko
Seumas: It seems that Canonical simply don't care about VPN users. This
is opened for more than two months and still not reasonable response :(
...

... right now there is only one workaround:

- downgrade network manager:
apt-get install network-manager=1.2.2-0ubuntu0.16.04.4

- set it on hold (to prevent updates):
apt-mark hold network-manager

If necessary then reboot machine.

I hope that someone will pick this before they remove 1.2.2. version
from repository ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-12 Thread NJ
Seumas: since Canonical seem to be dragging their feet on this, you
might as well downgrade to network-manager 1.2.2, which is a version
that works.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-11 Thread Seumas Finlayson
For weeks now my only workaround for this problem has been to run a
terminal script to connect and disconnect the VPN every 20 minutes. This
is very inconvenient and impractical for things which require
uninterrupted network traffic, so I hope a permanent fix is released
ASAP.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688018] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6

2017-05-03 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: network-manager (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1688018

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.

  =

  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
(dnsmasq-base-2.75-1ubuntu0.16.04.2)
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at
  all)

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).

  =

  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 
/vpn)

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
difference
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.

  =

  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.

  =

  Thanks

  Lukas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp