Launchpad has imported 28 comments from the remote bug at
https://bugzilla.gnome.org/show_bug.cgi?id=783569.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help
** Description changed:
[Impact]
- * NetworkManager incorrectly handles dns-priority of the VPN-like
+ * NetworkManager incorrectly handles dns-priority of the VPN-like
connections, which leads to leaking DNS queries outside of the VPN into
the general internet.
- * Upstream has res
** Bug watch added: bugzilla.gnome.org/ #783569
https://bugzilla.gnome.org/show_bug.cgi?id=783569
** Changed in: network-manager
Remote watch: GNOME Bug Tracker #783569 => bugzilla.gnome.org/ #783569
** Bug watch removed: GNOME Bug Tracker #783569
https://gitlab.gnome.org/783569
--
You r
** Bug watch removed: Red Hat Bugzilla #1151544
https://bugzilla.redhat.com/show_bug.cgi?id=1151544
** Bug watch removed: github.com/systemd/systemd/issues #3421
https://github.com/systemd/systemd/issues/3421
** Bug watch removed: GNOME Bug Tracker #746422
https://gitlab.gnome.org/746422
** Changed in: network-manager (Ubuntu Zesty)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN w
I'm not sure if setting negative priority really solves the dns leaks problem
because I'm on 17.10 and I do have dns leaks. If I'm connected to my ISP over a
LTE network and the connection is unstable then it could happen that DNS
queries will be sent over my ISP network and not over my VPN conn
@bagl0312 I agree, there really should be some kind of GUI default way
to set negative DNS priority when setting up certain VPN connections.
The average user shouldn't experience a nasty surprise when DNS leaks
happen by default.
--
You received this bug notification because you are a member of D
Hi,
I confirm that with the command:
sudo nmcli connection modify ipv4.dns-priority -42
there is not anymore DNS leakage.
However I am wondering why this command is needed, why the fix released
cannot include it by default ?
--
You received this bug notification because you are a member of De
Per former comments setting 17.10 to fix released.
** Changed in: network-manager (Ubuntu Artful)
Status: Confirmed => Fix Released
** Changed in: network-manager (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
P
Confirming is working again in 17.10
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-horizon DNS
Status in NetworkManager
The issue I had either was this bug or something else, but somehow it's
apparently working in 17.10. Basically, the domain(s) of the corporate
vpn that I connect to resolve over the VPN again, while everything else
resolves as usual. This worked fine in 16.10, was entirely broken in
17.04 and is
#103 did fix it
Adding:
[ipv4]
dns-priority=-42
to system-connections config file
or runing 'sudo nmcli connection modify ipv4.dns-priority
-42'
and restarting networkmanager service
did fix dns leaking using ProtonVPN on openvpn for me, thanks.
But i didn't quite understand the problem! Is i
I'm not sure about split-horizon DNS, frankly I think that is a
different bug entirely. However, I have had no problems with DNS leaks
over my VPN connections whatsoever on Ubuntu 17.10. The bugfix I
personally requested from the NM-devs and backported to Ubuntu 17.04
(running NetworkManager v1.4.x
The corresponding GNOME bug has been marked fixed in
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=02d56ec87
that commit is in the 17.10 version, if that doesn't work then it's
another issue or the upstream report should be reopened
** Changed in: network-manager (Ubuntu)
This bug still exists in Ubuntu 17.10 (ProtonVPN). In distros as Arch, Manjaro
and Fedora it never happened. Is this going to 18.04 LTS as well?! Why no one
cares?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubunt
Trying the above fix does not work for 17.10. This is highly
unfortunate.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-
It already looks like some kind of a tradition for ubuntu to break
something critical in every single release and keep those bugs as long
as possible.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs
I guess I'll have to go back to 16.04 or 16.10, despite someone
providing a bugfix and several people confirming it, nobody from Ubuntu
seems to care. Crazy, considering how much corporate employees depend
on such BASIC features like this working. Very disappointing.
--
You received this bug no
I can't even get vpn and/or socks5 to work. This is dangerous, perhaps
it should be stressed that people shouldn't use 11.10 as a daily OS
until this is fixed. I know, I know, me should know better. I'm just
glad I checked before assuming I was in a secure tunnel. Otherwise 11.10
is working fine wi
Hi! There is a fix submitted as a patch i. The thread I have been using for a
while. Works flawlessly for me.
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
13. Sep 2017 14:55 by 1624...@bugs.launchpad.net:
> Does anyone know if this happens to be fixed
Does anyone know if this happens to be fixed in 17.10? I have little
hope that the fix is ever going to make into 17.04...
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
#82 Helped me as well. And I'm 17.04...
It'd be nice to see this fixed...
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split
Can confirm: #82 does the trick. Thanks Nicholas, you're awesome!
Let's hope this goes into 17.04 release or at least in zesty-updates.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net
post #82 saved my day, no more dns leaks
Note: getting here took my days
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-h
I am so sick of bugs like this in Ubuntu. Every single time I upgrade I
regret it. Is this going to be available anytime this century or do I
need to learn to juggle configuration scripts?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to n
Also note artful has 1.8.0, thus this fix may be included there already,
or e.g. will only need a simple git cherry-pick of the upstream 1.8
branch fix.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bu
@ Nicholas Stommel (nstommel)
Could you please help to update the bug description SRU template to fix this
issue in 17.04?
I do not fully understand the issue at hand, but I do have access to VPN and
can set VPN setting in Netowrk Manager to route all traffic through VPN. After
doing that, I sh
** No longer affects: systemd (Ubuntu)
** No longer affects: systemd (Ubuntu Artful)
** Project changed: systemd => network-manager
** Changed in: network-manager
Importance: Undecided => Unknown
** Changed in: network-manager
Status: New => Unknown
** Changed in: network-manager
Re
Will this fix be released for 17.04 ?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-horizon DNS
Status in systemd:
Ne
I can also confirm that the latest patch fixes the problem. Thank you
very much for your work!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved b
@Stephan the Penguin god has not forsaken us, my friend :D
So glad it works for you guys, thanks for the nice feedback! This issue bugged
me so much I sorta made it my mission haha. It's fantastic I finally got this
thing sorted out with some help from the Gnome NM devs :)
--
You received this
@Nicholas Stommel
THANKS THANKS THANKS
Hell it works !!!
Oh dear Penguin god, I was almost close to install fedora or sth else.
I owe you a beer !
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs
Hello Nicholas,
just tested the solution proposed in post #82.
My configuration is ubuntu-gnome 17.04
lsb_release -a:
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 17.04
Release:17.04
Codename: zesty
uname -a:
Linux 4.10.0-24-generic #28-Ubuntu SM
Please test with the new patch or patched .deb and follow the steps to
set negative ipv4 dns-priority. I (and lead NM-dev Thomas Haller
himself) believe this resolves the bug. Thanks, and I hope this helps
you all! :)
--
You received this bug notification because you are a member of Desktop
Packa
After setting the ipv4.dns-priority of the VPN connection to a negative number
and patching the source or installing the conveniently packaged .deb below, you
should not experience DNS leaks over NM-VPN.
(Output from extended test at https://dnsleaktest.com )
Test complete
Query round Progress.
I have successfully backported Thomas Haller's excellent upstream
solution as detailed in
https://bugzilla.gnome.org/show_bug.cgi?id=783569 This took some time as
things have changed quite a bit upstream, but the patch works on the
current zesty 17.04 1.4.4-1ubuntu3.1 network-manager! This is a muc
Hey all, so it seems like Thomas Haller at the bug thread
https://bugzilla.gnome.org/show_bug.cgi?id=783569 may have actually
fixed this issue upstream! Not sure how to backport the fix though, I
tried and didn't have any luck, so this may be up to the package
maintainers. I think this might actual
I was encountering DNS issues on Ubuntu 17.04 using OpenVPN.
Your patched NetworkManager worked for me Nicholas.
Thank you !
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/162431
Unfortunately my patch is not a good solution for upstream application.
I agree with what Beniamino Galvani mentioned, that "it is wrong to
assume the connection is a VPN based on the link type, since you can
have non-VPN tun/tap/gre/gretap connections as well, and they are
affected by this patch."
Actually I take that back. The issue is not fixed by the commit
referenced on https://bugzilla.gnome.org/show_bug.cgi?id=783569 as it is
already present in the current version of the network-manager. So we
still have a major problem folks.
--
You received this bug notification because you are a m
** Changed in: systemd (Ubuntu)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
** Also affects: network-manager (Ubuntu Artful)
Importance: Undecided
Status: Confirmed
** Also affects: systemd (Ubuntu Artful)
Importance: High
Assignee: Dimitri John Ledkov (xnox)
My apologies, it seems like this issue could have already been addressed
upstream. See https://bugzilla.gnome.org/show_bug.cgi?id=783569
Anyway, I'll see if I can backport the fix provided there and whether or not it
works. Sorry guys :/
--
You received this bug notification because you are a m
I have upstreamed the patch at
https://bugzilla.gnome.org/show_bug.cgi?id=783569 !
Hopefully this can be incorporated into future releases of network-manager :)
** Bug watch added: GNOME Bug Tracker #783569
https://bugzilla.gnome.org/show_bug.cgi?id=783569
--
You received this bug notificati
If that's the case, would you mind to upstream the patch?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-horizon DNS
Sta
No, it's not an upstream patch. My patch can be applied directly to the
current source on 17.04 obtained using 'apt-get source network-manager',
so that would be network-manager 1.4.4-1ubuntu3 from
http://us.archive.ubuntu.com/ubuntu zesty/main amd64 Packages
--
You received this bug notification
Nicholas, does the patch come from upstream? We should backport the
patch into Ubuntu's NM properly, so everyone can benefit.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/16243
** Attachment added: "patched network-manager .deb for easy testing on Ubuntu
17.04"
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1624317/+attachment/4891741/+files/network-manager_1.4.4-1ubuntu4_amd64.deb
--
You received this bug notification because you are a member of De
In reference to John Bedford's comment:
>bedfojo (commercial-johnbedford) wrote on 2017-06-06: #57
>Nicholas, thank you very much for your work on this patch.
>It works correctly for me: no DNS leak detected by either https://ipleak.net
>or >https://dnsleaktest.com for me, when both detected lea
** Patch removed: "patch for network-manager source"
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1624317/+attachment/4889747/+files/resolved-vpn-dns-leak-fix.patch
** Patch removed: "possible cisco network-manager-openconnect-fix"
https://bugs.launchpad.net/ubuntu/+sourc
Huh, weird, yeah it's quite possible it's a different issue entirely, or
a problem related to network-manager-openconnect. Because the routing-
only domain is clearly listed as DNS Domain ~. so systemd-resolved
should only send queries to the specified dns servers for the interface
vpn0. Yeah...not
The DNS servers have always been listed under the vpn0 link when I run
systemd-resolve --status, even before your patch.
I still get no internal network name resolution, even when hard coding
the DNS servers in network manager.
Maybe I've got a different issue than what others are seeing, but I h
Huh. No, actually my patch DID work. See the line under vpn0 that says
DNS Domain: ~.
So the correct bus call was made and all dns queries SHOULD be directed to the
link-specified listed DNS servers. Your problem actually appears to be that
there are no link-specified dns servers.
See the line
Thanks for taking your time to work though this.
My link name is vpn0
Link 3 (vpn0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers:
DNS Domain: ~.
Link 2 (enp30s
Tim, I have a question for you. When you connect through
network-manager-openconnect-gnome, and type
systemd-resolve --status, what is your link name called? Something like 'tun0'
or 'tap1' or the like?
Because I've been looking around at the openconnect wiki at
http://www.infradead.org/opencon
Jordi, Sure thing, glad I could help. :)
I wonder if somebody can figure out how to help Tim with
network-manager-openconnect. I tried adding two more conditions for cisco vpn
gre connections but apparently it didn't work or those aren't the kind of links
used. Not sure how to address that becau
Hi Nicholas,
I upgraded to 17.04, installed your patch and I can now say that dns
leaks when using network-manager-openvpn + network-manager-openvpn-gnome
are gone for good now. Awesome work, thanks.
--
You received this bug notification because you are a member of Desktop
Packages, which is sub
Sorry to here that, I'm frankly not sure what to do about that then :/
At the very least the original patch fixes stuff for openvpn, which is good.
Perhaps someone else could figure out the cisco openconnect thing.
--
You received this bug notification because you are a member of Desktop
Packag
Maybe I'm doing something wrong, but I installed the deb, and even did a
full reboot, and I'm still leaking my personal IP in the DNS leak test,
and am still unable to ping servers on the inside of the VPN network
when connected to the ANY connect VPN.
--
You received this bug notification becaus
Anyone using Cisco PPTP/IPsec/openconnect VPN, please test the network
manager with the aforementioned patch or with the updated built .deb
provided here. The updated patch should address more types of VPN links.
Thanks!
** Attachment added: "updated patched .deb packaged network-manager for easy
Tim Shannon, from the comment about network-manager-openconnect-gnome, please
use this updated patch to build the network manager. I added conditions for the
cisco GRE and GRETAP link types, see
https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation and
http://www.cisco.com/c/en/us/td/docs
I should add that I'm using network-manager-openvpn and network-manager-
openvpn-gnome.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks V
Nicholas, thank you very much for your work on this patch.
It works correctly for me: no DNS leak detected by either
https://ipleak.net or https://dnsleaktest.com for me, when both detected
leaks in the unpatched version.
Running Ubuntu-MATE 17.04.
Could we perhaps get this upstreamed into NM?
Yeah, apologies as I'm not sure what link type that openconnect uses /
how to identify an openconnect link. It would be a simple matter to add
a conditional for that in the file I patched, please try that. For now
my patch only addresses openvpn tap or tun links, but I'm sure it could
be expanded i
Not working for me, but I assume that's because I'm using network-
manager-openconnect-gnome?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved br
Hi! Thanks for the patch Nicholas. I will upgrade to 17.04, test it and
report back tonight or tomorrow at most.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
>From the Debian man pages, it seems like this is not in fact a problem
of systemd itself, as it allows for domain routing exclusively for dns
servers on a single interface using the routing-only domain. My patch
effectively just tells the NetworkManager to make a systemd bus call
for the routing-
I can confirm this works for multiple vpn connections and after wakeup from
system suspend on Ubuntu 17.04. I encourage you to install the patched .deb or
follow the instructions to build it from source and see for yourself. I'm
honestly so glad this fixes dns leaks for using openvpn through the
The attachment "patch for network-manager source" seems to be a patch.
If it isn't, please remove the "patch" flag from the attachment, remove
the "patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned
** Patch added: "patch for network-manager source"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317/+attachment/4889747/+files/resolved-vpn-dns-leak-fix.patch
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manag
The actual patch is attached above and can be applied to the source code
which you can build yourself. But for your convenience, I have attached
the .deb file below:
** Attachment added: "patched network manager .deb for easy fix installation on
Ubuntu 17.04"
https://bugs.launchpad.net/ubuntu
Please note that this patch and fix only works for Ubuntu 17.04 which relies on
systemd-resolved as a DNS/DNSSEC stub resolver, as well as an LLMNR resolver.
You also need to be using a network-manager plugin like
network-manager-openvpn-gnome.
Install and configure an openvpn connection after go
** Also affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Changed in: network-manager (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
http
72 matches
Mail list logo
