In reference to John Bedford's comment: >bedfojo (commercial-johnbedford) wrote on 2017-06-06: #57 >Nicholas, thank you very much for your work on this patch. >It works correctly for me: no DNS leak detected by either https://ipleak.net >or >https://dnsleaktest.com for me, when both detected leaks in the unpatched >version. >Running Ubuntu-MATE 17.04. >Could we perhaps get this upstreamed into NM? >bedfojo (commercial-johnbedford) wrote on 2017-06-06: #58 >I should add that I'm using network-manager-openvpn and >network-manager-openvpn-gnome.
I think it would be great if we could get this patch upstreamed into the network-manager! I've attached a finalized version of the patch with a more informative / verbose syslog message that also accounts for cisco gre/gretap connections not in #49. Please use this patch when building network-manager for Ubuntu 17.04. I will also attach a .deb build of network-manager for easy installation and testing for anyone interested. So far, this is known to solve dns leaks with network-manager-openvpn but could also solve dns leaks for other VPNs that use TUN, TAP, or Cisco GRE network interfaces through the network-manager. You should now see a message in your syslog when connecting that looks like the following: NetworkManager[32636]: <info> [1496880041.6435] systemd-resolved[0x55cc602ce430]: Link #12 type is VPN TUN or TAP, fixing DNS leak... Make sure to stop apt from replacing the patched .deb using: sudo apt-mark hold network-manager To verify that you are using the 'routing-only domain', use the command systemd-resolve --status and look for the line "DNS Domain: ~." under the VPN link number. Alternatively, check that you are not experiencing DNS leaks using the 'extended test' on https://dnsleaktest.com/ Cheers :) ** Patch added: "resolved-vpn-dns-leak-fix.patch" https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1624317/+attachment/4891740/+files/resolved-vpn-dns-leak-fix.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS Status in systemd: New Status in network-manager package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: I use a VPN configured with network-manager-openconnect-gnome in which a split-horizon DNS setup assigns different addresses to some names inside the remote network than the addresses seen for those names from outside the remote network. However, systemd-resolved often decides to ignore the VPN’s DNS servers and use the local network’s DNS servers to resolve names (whether in the remote domain or not), breaking the split-horizon DNS. This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL: https://bugzilla.redhat.com/show_bug.cgi?id=1151544 To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
