As a workaround, I commented out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf. Now network manager adds VPN DNS servers to /etc/resolv.conf and everything works as expected.
As an additional benefit, it also adds and uses additional search domains but only with "Use this connection only for resources on its network" unchecked, so all traffic is routed to the tunnel. With working DNS I can live with it for now. I'm on Mint 18.3 Cinnamon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1688018 Title: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6 Status in network-manager package in Ubuntu: Triaged Status in network-manager source package in Xenial: In Progress Status in network-manager source package in Yakkety: Triaged Bug description: This was initially opened as #1671606 then later duped to #1639776. Discussion in #1639776 indicate that we need new bug for this so I am opening one ... Please don't mark this as duplicate to #1639776 or other similar bug report. We already lost several months and we are again at beginning ... TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from DHCP instead of one defined by VPN (wrong). DNS resolver should query only DNS servers defined by VPN while connection is active. ================================= Test steps / result: - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 (dnsmasq-base-2.75-1ubuntu0.16.04.2) - restated my laptop to ensure clean start - connected to VPN using openconnect / network-manager-openconnect-gnome Observed results -> DNS queries are forwarded only to DNS servers defined by LAN connection (this is wrong / connection not working at all) - "killall dnsmasq" - dnsmasq get automatically restarted by system Observed results -> most of the the queries are forwarded to DNS servers defined by VPN, but lot of queries get forwarded to DNS servers defined by LAN connection (this is still wrong / DNS leaks, attacker can hijack connection even if VPN is enabled) - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base stay same) - restated my laptop to ensure clean test - connected to same VPN using openconnect Observed results -> DNS queries are forwarded only to DNS servers defined by VPN connection. There are no leaks to LAN DNS server (this is correct behavior). ================================= Paul Smith requested additional details in #1639776. Here are: * If you're using IPv4 vs. IPv6 -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi /vpn) * If you have checked or unchecked the "Use this connection only for resources on its network" -> unchecked on all nw definition * If you have this checked, try unchecking it and see if that makes a difference -> no change if I toggle this option. Behavior is same. * When you say "DNS lookups" please be clear about whether the hostnames being looked up are public (e.g., www.google.com or whatever), on your local LAN, or in the network accessed via the VPN. Does it make a difference which one you choose? -> No difference. * Are you using fully-qualified hostnames, or relying on the DNS domain search path? Does it make a difference if you do it differently? -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see difference when I try same using hostname + domain search. ================================= I am using openconnect (cisco) and openvpn. Test result are by using openconnect but I saw same behaviour also while using openvpn. ================================= Thanks Lukas To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1688018/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
