> Comment here only if you think the duplicate status is wrong.

Or I won't.

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.

  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6

Status in network-manager package in Ubuntu:
Status in network-manager source package in Xenial:
  In Progress
Status in network-manager source package in Yakkety:

Bug description:
  This was initially opened as #1671606 then later duped to #1639776.
  Discussion in #1639776 indicate that we need new bug for this so I am
  opening one ... Please don't mark this as duplicate to #1639776 or
  other similar bug report. We already lost several months and we are
  again at beginning ...

  TL;DR; -> network-manager-1.2.2-0ubuntu0.16.04.4 use DNS defined by
  VPN (correct). network-manager-1.2.6-0ubuntu0.16.04.1 use DNS from
  DHCP instead of one defined by VPN (wrong).

  DNS resolver should query only DNS servers defined by VPN while
  connection is active.


  Test steps / result:

  - upgraded network-manager to 1.2.6-0ubuntu0.16.04.1 
  - restated my laptop to ensure clean start
  - connected to VPN using openconnect / network-manager-openconnect-gnome

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by LAN connection (this is wrong / connection not working at

  - "killall dnsmasq"
  - dnsmasq get automatically restarted by system

  Observed results -> most of the the queries are forwarded to DNS
  servers defined by VPN, but lot of queries get forwarded to DNS
  servers defined by LAN connection (this is still wrong / DNS leaks,
  attacker can hijack connection even if VPN is enabled)

  - I downgraded back network-manager to 1.2.2-0ubuntu0.16.04.4 (dnsmasq-base 
stay same)
  - restated my laptop to ensure clean test
  - connected to same VPN using openconnect

  Observed results -> DNS queries are forwarded only to DNS servers
  defined by VPN connection. There are no leaks to LAN DNS server (this
  is correct behavior).


  Paul Smith requested additional details in #1639776. Here are:

  * If you're using IPv4 vs. IPv6
  -> IPv4 only. I have IPv6 set to ignore on all network definition (lan / wifi 

  * If you have checked or unchecked the "Use this connection only for 
resources on its network"
  -> unchecked on all nw definition

  * If you have this checked, try unchecking it and see if that makes a 
  -> no change if I toggle this option. Behavior is same.

  * When you say "DNS lookups" please be clear about whether the hostnames 
being looked up are public (e.g., www.google.com or whatever), on your local 
LAN, or in the network accessed via the VPN. Does it make a difference which 
one you choose?
  -> No difference.

  * Are you using fully-qualified hostnames, or relying on the DNS domain 
search path? Does it make a difference if you do it differently?
  -> I normaly use FQDN due to nature of HTTPs cert validation. I don't see 
difference when I try same using hostname + domain search.


  I am using openconnect (cisco) and openvpn. Test result are by using
  openconnect but I saw same behaviour also while using openvpn.




To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to