[Bug 1685391] Re: DNS leak in Xubuntu 17.04
Thanks for the research on this guys. I had been a idle spectator to the systemd controversies, but didn't realize that I might be bumping up into those choices in a real way myself. Attached is my systemd-resolve --status. I imagine it shows what you are talking about. And I also went ahead and tried to switch to dnsmasq and see if that fixed the problem. Unfortunately, it seems that I may need to do something different to actually shut down systemd-resolved. I tried those instructions with a restart, and systemd-resolved was still running. I tried those instructions without a restart, but either systemd-resolved started up again by itself or perhaps by me reconnecting to my VPN via network-manager. I did confirm that systemd- resolved was at some point disabled after executing the commands in step #2 of those instructions, but not sure what started it up again. Correct me if I'm wrong, but DNS leaking via systemd related issues should be a pretty high priority bug, correct? If it's not the case, and your sense is that there are a lot of technical or political hurdles to this being corrected, perhaps it makes sense for me to return to 16.04 in the meantime. ** Attachment added: "sys.status" https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+attachment/4868227/+files/sys.status -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1685391] Re: DNS leak in Xubuntu 17.04
Sure thing, Simon. Here is the tcpdump. I then tried to access the https://www.dnsleaktest.com/ site which showed that I was experiencing the DNS leak. If you need anything else (or need that in ASCII), just me know. Thanks for looking into this. ** Attachment added: "dns.pcap" https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+attachment/4867816/+files/dns.pcap -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1685391] Re: DNS leak in Xubuntu 17.04
Is this discussion relevant to what we're talking about? https://superuser.com/questions/1153203/ubuntu-17-04-systemd-resolved-dns-lookups-randomly-fail -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1685391] Re: DNS leak in Xubuntu 17.04
Thanks for the comments. My /etc/resolv.conf is attached. There's a lot in the /etc/resolvconf/ directory -- just let me know if you'd like anything from there and I'll grab it as well. ** Attachment added: "resolv.conf" https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+attachment/4867753/+files/resolv.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1685391] Re: DNS leak in Xubuntu 17.04
As for dig +trace, I just did that on www.ubuntu.com, with the attached output (this is on my VPN). Note: I'm not sure why this is, but sometimes using the dig +trace command will simply return much less info, like so: dig +trace www.ubuntu.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace www.ubuntu.com ;; global options: +cmd ;; Received 28 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms Perhaps this is expected, but I thought I'd mention it. ** Attachment added: "output" https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+attachment/4867497/+files/output -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1685391] Re: DNS leak in Xubuntu 17.04
Your description of DNS leak is consistent with my own understanding. Specifically, DNS testing sites show my own ISP being used instead of being that of the VPN. As for my setup, I simply follow the Private Internet Access Linux step- by-step instructions here: https://www.privateinternetaccess.com/forum/discussion/18003/openvpn- step-by-step-setups-for-various-debian-based-linux-oss-with-videos- ubuntu-mint-debian . In short, the instructions tell you to: 1). Update/install packages like openvpn, network-manager, etc. 2). Download ovpn and crt files from the PIA website 3). Add them to network-manager and make a couple changes before saving. This procedure has worked for me in the past (as recently as a few weeks ago on 16.10 after the dnsmasq issue was corrected), but they are not working for me on 17.04. I imagine most of the settings you are interested in are located in the ovpn file that I imported, which I include below as an attachment. Since it's short, I'll also append the file info to the bottom of this message. Does this answer your questions? If not, I'm happy to add whatever other information you might need. I'm a pedestrian user of VPN, so you might need to be explicit in what command line instructions you need me to execute. Thanks! P.S. While it's of course possible that I'm just doing something stupid since installing 17.04, here is another recent result I found online where someone is experiencing new issues in 17.04: https://www.privateinternetaccess.com/forum/discussion/23756/pia-client- on-ubuntu-17-04-dns-leak, although they are using the official PIA client, whereas I am not. - [ovpn file info] client dev tun proto udp remote us-east.privateinternetaccess.com 1198 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 crl-verify crl.rsa.2048.pem ca ca.rsa.2048.crt disable-occ ** Attachment added: "US East.ovpn" https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+attachment/4867468/+files/US%20East.ovpn -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1652525] Re: DNS leak in ubuntu 16.10
Thank you, Seth. I've attempted to begin the conversation here: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652525 Title: DNS leak in ubuntu 16.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1685391] [NEW] DNS leak in Xubuntu 17.04
Public bug reported: I recently installed Xubuntu 17.04 and am seeing DNS leaks after connecting with my VPN (as seen from www.dnsleaktest.com and similar sites). A couple weeks ago, on 16.04 and 16.10, I had similar issues, but they were fixed with an update to dnsmasq (see https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1639776). However, that fix doesn't seem to be working for me anymore in 17.04. I've included my /var/log/syslog, which I hope provides some useful information. Happy to give whatever else is needed. I see the DNS leaks both when connecting through network-manager (my normal way) as well as using openvpn from the commandline. ** Affects: openvpn (Ubuntu) Importance: Undecided Status: New ** Attachment added: "/var/log/syslog" https://bugs.launchpad.net/bugs/1685391/+attachment/4866242/+files/syslog -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685391 Title: DNS leak in Xubuntu 17.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1639776] Re: name resolution (dnsmasq) fails to send queries out after suspend/resume reconnects the interface
This bug fix corrected my VPN leaks in Ubuntu 16.10, but I've since upgraded to 17.04 (fresh install) and I'm seeing DNS leaks again. Should this issue be fixed in Zesty already, or is that coming later? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1639776 Title: name resolution (dnsmasq) fails to send queries out after suspend/resume reconnects the interface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1639776/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1652525] Re: DNS leak in ubuntu 16.10
I am seeing DNS leaks in 17.04. I had been running 16.10 and the dnsmasq fix that was released fixed my issue back then. But in Zesty I'm seeing this problem too and not sure how to resolve it yet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652525 Title: DNS leak in ubuntu 16.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs