*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
By default when adding a VPN configuration on Ubuntu 18.04 the DNS configuration supplied by DHCP is not used, resulting in DNS leakage. How to reproduce: * Add VPN configuration, for example, import a ovpn file * activate * Check for DNS leakage at for example https://www.dnsleaktest.com/ This has been reported at various locations: https://github.com/systemd/systemd/issues/7182 https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1690860 https://github.com/eduvpn/python-eduvpn-client/issues/160 The issue has been solved since network-manage-open version 1.12.0: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/issues/10 This version or a more recent version is part of Ubuntu 18.10 which doesn't have this issue. A workaround is to run: $ systemd-resolve -i tun2 --set-domain=~. where tun2 is your VPN interface. We think this is a security issue and at least a backport of network- manage-open > 1.12.0 should be uploaded to the archive. greetings, - Gijs ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: network-manager 1.10.6-2ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-36.39-generic 4.15.18 Uname: Linux 4.15.0-36-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.4 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Oct 8 11:19:00 2018 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback InstallationDate: Installed on 2018-06-06 (123 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) IpRoute: default via 192.168.178.1 dev enp6s0 proto dhcp metric 100 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.61 metric 100 NetworkManager.state: [main] NetworkingEnabled=true WirelessEnabled=true WWANEnabled=true RfKill: SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-nm: RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN running 1.10.6 connected started full enabled enabled enabled enabled enabled ** Affects: network-manager (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: amd64 apport-bug bionic -- network-manager-openvpn leaks DNS information on Ubuntu 18.04 https://bugs.launchpad.net/bugs/1796648 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
