[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2019-09-02 Thread Bug Watch Updater
Launchpad has imported 28 comments from the remote bug at https://bugzilla.gnome.org/show_bug.cgi?id=783569. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2019-08-31 Thread Mathew Hodson
** Description changed: [Impact] - * NetworkManager incorrectly handles dns-priority of the VPN-like +  * NetworkManager incorrectly handles dns-priority of the VPN-like connections, which leads to leaking DNS queries outside of the VPN into the general internet. - * Upstream has

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2019-08-31 Thread Mathew Hodson
** Bug watch added: bugzilla.gnome.org/ #783569 https://bugzilla.gnome.org/show_bug.cgi?id=783569 ** Changed in: network-manager Remote watch: GNOME Bug Tracker #783569 => bugzilla.gnome.org/ #783569 ** Bug watch removed: GNOME Bug Tracker #783569 https://gitlab.gnome.org/783569 -- You

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2019-07-20 Thread Mathew Hodson
** Bug watch removed: Red Hat Bugzilla #1151544 https://bugzilla.redhat.com/show_bug.cgi?id=1151544 ** Bug watch removed: github.com/systemd/systemd/issues #3421 https://github.com/systemd/systemd/issues/3421 ** Bug watch removed: GNOME Bug Tracker #746422

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2019-05-25 Thread Mathew Hodson
** Changed in: network-manager (Ubuntu Zesty) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-12-29 Thread flux242
I'm not sure if setting negative priority really solves the dns leaks problem because I'm on 17.10 and I do have dns leaks. If I'm connected to my ISP over a LTE network and the connection is unstable then it could happen that DNS queries will be sent over my ISP network and not over my VPN

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-11-08 Thread Nicholas Stommel
@bagl0312 I agree, there really should be some kind of GUI default way to set negative DNS priority when setting up certain VPN connections. The average user shouldn't experience a nasty surprise when DNS leaks happen by default. -- You received this bug notification because you are a member of

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-11-03 Thread bagl0312
Hi, I confirm that with the command: sudo nmcli connection modify ipv4.dns-priority -42 there is not anymore DNS leakage. However I am wondering why this command is needed, why the fix released cannot include it by default ? -- You received this bug notification because you are a member of

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-11-03 Thread ChristianEhrhardt
Per former comments setting 17.10 to fix released. ** Changed in: network-manager (Ubuntu Artful) Status: Confirmed => Fix Released ** Changed in: network-manager (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-11-03 Thread Jordi Miralles
Confirming is working again in 17.10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications about this bug go to:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-11-02 Thread Thomas
The issue I had either was this bug or something else, but somehow it's apparently working in 17.10. Basically, the domain(s) of the corporate vpn that I connect to resolve over the VPN again, while everything else resolves as usual. This worked fine in 16.10, was entirely broken in 17.04 and is

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-31 Thread Ricardo
#103 did fix it Adding: [ipv4] dns-priority=-42 to system-connections config file or runing 'sudo nmcli connection modify ipv4.dns-priority -42' and restarting networkmanager service did fix dns leaking using ProtonVPN on openvpn for me, thanks. But i didn't quite understand the problem! Is

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-25 Thread Nicholas Stommel
I'm not sure about split-horizon DNS, frankly I think that is a different bug entirely. However, I have had no problems with DNS leaks over my VPN connections whatsoever on Ubuntu 17.10. The bugfix I personally requested from the NM-devs and backported to Ubuntu 17.04 (running NetworkManager

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-24 Thread Sebastien Bacher
The corresponding GNOME bug has been marked fixed in https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=02d56ec87 that commit is in the 17.10 version, if that doesn't work then it's another issue or the upstream report should be reopened ** Changed in: network-manager

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-24 Thread Ricardo
This bug still exists in Ubuntu 17.10 (ProtonVPN). In distros as Arch, Manjaro and Fedora it never happened. Is this going to 18.04 LTS as well?! Why no one cares? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-23 Thread demizer
Trying the above fix does not work for 17.10. This is highly unfortunate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-05 Thread Boris Malkov
It already looks like some kind of a tradition for ubuntu to break something critical in every single release and keep those bugs as long as possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-10-04 Thread Thomas
I guess I'll have to go back to 16.04 or 16.10, despite someone providing a bugfix and several people confirming it, nobody from Ubuntu seems to care. Crazy, considering how much corporate employees depend on such BASIC features like this working. Very disappointing. -- You received this bug

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-09-28 Thread Stephen Allen
I can't even get vpn and/or socks5 to work. This is dangerous, perhaps it should be stressed that people shouldn't use 11.10 as a daily OS until this is fixed. I know, I know, me should know better. I'm just glad I checked before assuming I was in a secure tunnel. Otherwise 11.10 is working fine

Re: [Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-09-13 Thread Jordi Miralles
Hi! There is a fix submitted as a patch i. The thread I have been using for a while. Works flawlessly for me. -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com 13. Sep 2017 14:55 by 1624...@bugs.launchpad.net: > Does anyone know if this happens to be

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-09-13 Thread Thomas
Does anyone know if this happens to be fixed in 17.10? I have little hope that the fix is ever going to make into 17.04... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-09-08 Thread David Reagan
#82 Helped me as well. And I'm 17.04... It'd be nice to see this fixed... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-08-10 Thread Nico R
Can confirm: #82 does the trick. Thanks Nicholas, you're awesome! Let's hope this goes into 17.04 release or at least in zesty-updates. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-07-16 Thread utku
post #82 saved my day, no more dns leaks Note: getting here took my days -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-07-06 Thread Judson W
I am so sick of bugs like this in Ubuntu. Every single time I upgrade I regret it. Is this going to be available anytime this century or do I need to learn to juggle configuration scripts? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-07-06 Thread Dimitri John Ledkov
@ Nicholas Stommel (nstommel) Could you please help to update the bug description SRU template to fix this issue in 17.04? I do not fully understand the issue at hand, but I do have access to VPN and can set VPN setting in Netowrk Manager to route all traffic through VPN. After doing that, I

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-07-06 Thread Dimitri John Ledkov
Also note artful has 1.8.0, thus this fix may be included there already, or e.g. will only need a simple git cherry-pick of the upstream 1.8 branch fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-07-06 Thread Dimitri John Ledkov
** No longer affects: systemd (Ubuntu) ** No longer affects: systemd (Ubuntu Artful) ** Project changed: systemd => network-manager ** Changed in: network-manager Importance: Undecided => Unknown ** Changed in: network-manager Status: New => Unknown ** Changed in: network-manager

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-07-05 Thread Sampo Savola
Will this fix be released for 17.04 ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications about this bug go to:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-26 Thread bedfojo
I can also confirm that the latest patch fixes the problem. Thank you very much for your work! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-23 Thread Nicholas Stommel
@Stephan the Penguin god has not forsaken us, my friend :D So glad it works for you guys, thanks for the nice feedback! This issue bugged me so much I sorta made it my mission haha. It's fantastic I finally got this thing sorted out with some help from the Gnome NM devs :) -- You received this

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-23 Thread Stephan
@Nicholas Stommel THANKS THANKS THANKS Hell it works !!! Oh dear Penguin god, I was almost close to install fedora or sth else. I owe you a beer ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-23 Thread bagl0312
Hello Nicholas, just tested the solution proposed in post #82. My configuration is ubuntu-gnome 17.04 lsb_release -a: No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 17.04 Release:17.04 Codename: zesty uname -a: Linux 4.10.0-24-generic #28-Ubuntu

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-23 Thread Nicholas Stommel
Please test with the new patch or patched .deb and follow the steps to set negative ipv4 dns-priority. I (and lead NM-dev Thomas Haller himself) believe this resolves the bug. Thanks, and I hope this helps you all! :) -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-21 Thread Nicholas Stommel
After setting the ipv4.dns-priority of the VPN connection to a negative number and patching the source or installing the conveniently packaged .deb below, you should not experience DNS leaks over NM-VPN. (Output from extended test at https://dnsleaktest.com ) Test complete Query round

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-21 Thread Nicholas Stommel
I have successfully backported Thomas Haller's excellent upstream solution as detailed in https://bugzilla.gnome.org/show_bug.cgi?id=783569 This took some time as things have changed quite a bit upstream, but the patch works on the current zesty 17.04 1.4.4-1ubuntu3.1 network-manager! This is a

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-13 Thread Nicholas Stommel
Hey all, so it seems like Thomas Haller at the bug thread https://bugzilla.gnome.org/show_bug.cgi?id=783569 may have actually fixed this issue upstream! Not sure how to backport the fix though, I tried and didn't have any luck, so this may be up to the package maintainers. I think this might

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-12 Thread Housni Alaoui
I was encountering DNS issues on Ubuntu 17.04 using OpenVPN. Your patched NetworkManager worked for me Nicholas. Thank you ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-09 Thread Nicholas Stommel
Unfortunately my patch is not a good solution for upstream application. I agree with what Beniamino Galvani mentioned, that "it is wrong to assume the connection is a VPN based on the link type, since you can have non-VPN tun/tap/gre/gretap connections as well, and they are affected by this

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-09 Thread Nicholas Stommel
Actually I take that back. The issue is not fixed by the commit referenced on https://bugzilla.gnome.org/show_bug.cgi?id=783569 as it is already present in the current version of the network-manager. So we still have a major problem folks. -- You received this bug notification because you are a

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-09 Thread Brian Murray
** Changed in: systemd (Ubuntu) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Also affects: network-manager (Ubuntu Artful) Importance: Undecided Status: Confirmed ** Also affects: systemd (Ubuntu Artful) Importance: High Assignee: Dimitri John Ledkov (xnox)

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-09 Thread Nicholas Stommel
My apologies, it seems like this issue could have already been addressed upstream. See https://bugzilla.gnome.org/show_bug.cgi?id=783569 Anyway, I'll see if I can backport the fix provided there and whether or not it works. Sorry guys :/ -- You received this bug notification because you are a

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-08 Thread Nicholas Stommel
I have upstreamed the patch at https://bugzilla.gnome.org/show_bug.cgi?id=783569 ! Hopefully this can be incorporated into future releases of network-manager :) ** Bug watch added: GNOME Bug Tracker #783569 https://bugzilla.gnome.org/show_bug.cgi?id=783569 -- You received this bug

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Kai-Heng Feng
If that's the case, would you mind to upstream the patch? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Nicholas Stommel
No, it's not an upstream patch. My patch can be applied directly to the current source on 17.04 obtained using 'apt-get source network-manager', so that would be network-manager 1.4.4-1ubuntu3 from http://us.archive.ubuntu.com/ubuntu zesty/main amd64 Packages -- You received this bug

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Kai-Heng Feng
Nicholas, does the patch come from upstream? We should backport the patch into Ubuntu's NM properly, so everyone can benefit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Nicholas Stommel
In reference to John Bedford's comment: >bedfojo (commercial-johnbedford) wrote on 2017-06-06: #57 >Nicholas, thank you very much for your work on this patch. >It works correctly for me: no DNS leak detected by either https://ipleak.net >or >https://dnsleaktest.com for me, when both detected

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Nicholas Stommel
** Attachment added: "patched network-manager .deb for easy testing on Ubuntu 17.04" https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1624317/+attachment/4891741/+files/network-manager_1.4.4-1ubuntu4_amd64.deb -- You received this bug notification because you are a member of

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Nicholas Stommel
** Patch removed: "patch for network-manager source" https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1624317/+attachment/4889747/+files/resolved-vpn-dns-leak-fix.patch ** Patch removed: "possible cisco network-manager-openconnect-fix"

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Nicholas Stommel
Huh, weird, yeah it's quite possible it's a different issue entirely, or a problem related to network-manager-openconnect. Because the routing- only domain is clearly listed as DNS Domain ~. so systemd-resolved should only send queries to the specified dns servers for the interface vpn0.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Tim Shannon
The DNS servers have always been listed under the vpn0 link when I run systemd-resolve --status, even before your patch. I still get no internal network name resolution, even when hard coding the DNS servers in network manager. Maybe I've got a different issue than what others are seeing, but I

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Nicholas Stommel
Huh. No, actually my patch DID work. See the line under vpn0 that says DNS Domain: ~. So the correct bus call was made and all dns queries SHOULD be directed to the link-specified listed DNS servers. Your problem actually appears to be that there are no link-specified dns servers. See the line

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-07 Thread Tim Shannon
Thanks for taking your time to work though this. My link name is vpn0 Link 3 (vpn0) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: DNS Domain: ~. Link 2

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
Tim, I have a question for you. When you connect through network-manager-openconnect-gnome, and type systemd-resolve --status, what is your link name called? Something like 'tun0' or 'tap1' or the like? Because I've been looking around at the openconnect wiki at

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
Jordi, Sure thing, glad I could help. :) I wonder if somebody can figure out how to help Tim with network-manager-openconnect. I tried adding two more conditions for cisco vpn gre connections but apparently it didn't work or those aren't the kind of links used. Not sure how to address that

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Jordi Miralles
Hi Nicholas, I upgraded to 17.04, installed your patch and I can now say that dns leaks when using network-manager-openvpn + network-manager-openvpn-gnome are gone for good now. Awesome work, thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
Sorry to here that, I'm frankly not sure what to do about that then :/ At the very least the original patch fixes stuff for openvpn, which is good. Perhaps someone else could figure out the cisco openconnect thing. -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Tim Shannon
Maybe I'm doing something wrong, but I installed the deb, and even did a full reboot, and I'm still leaking my personal IP in the DNS leak test, and am still unable to ping servers on the inside of the VPN network when connected to the ANY connect VPN. -- You received this bug notification

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
Anyone using Cisco PPTP/IPsec/openconnect VPN, please test the network manager with the aforementioned patch or with the updated built .deb provided here. The updated patch should address more types of VPN links. Thanks! ** Attachment added: "updated patched .deb packaged network-manager for easy

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
Tim Shannon, from the comment about network-manager-openconnect-gnome, please use this updated patch to build the network manager. I added conditions for the cisco GRE and GRETAP link types, see https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation and

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread bedfojo
I should add that I'm using network-manager-openvpn and network-manager- openvpn-gnome. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
Yeah, apologies as I'm not sure what link type that openconnect uses / how to identify an openconnect link. It would be a simple matter to add a conditional for that in the file I patched, please try that. For now my patch only addresses openvpn tap or tun links, but I'm sure it could be expanded

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread bedfojo
Nicholas, thank you very much for your work on this patch. It works correctly for me: no DNS leak detected by either https://ipleak.net or https://dnsleaktest.com for me, when both detected leaks in the unpatched version. Running Ubuntu-MATE 17.04. Could we perhaps get this upstreamed into NM?

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Tim Shannon
Not working for me, but I assume that's because I'm using network- manager-openconnect-gnome? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Jordi Miralles
Hi! Thanks for the patch Nicholas. I will upgrade to 17.04, test it and report back tonight or tomorrow at most. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
>From the Debian man pages, it seems like this is not in fact a problem of systemd itself, as it allows for domain routing exclusively for dns servers on a single interface using the routing-only domain. My patch effectively just tells the NetworkManager to make a systemd bus call for the

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-06 Thread Nicholas Stommel
I can confirm this works for multiple vpn connections and after wakeup from system suspend on Ubuntu 17.04. I encourage you to install the patched .deb or follow the instructions to build it from source and see for yourself. I'm honestly so glad this fixes dns leaks for using openvpn through

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-05 Thread Ubuntu Foundations Team Bug Bot
The attachment "patch for network-manager source" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-05 Thread Nicholas Stommel
The actual patch is attached above and can be applied to the source code which you can build yourself. But for your convenience, I have attached the .deb file below: ** Attachment added: "patched network manager .deb for easy fix installation on Ubuntu 17.04"

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-05 Thread Nicholas Stommel
Please note that this patch and fix only works for Ubuntu 17.04 which relies on systemd-resolved as a DNS/DNSSEC stub resolver, as well as an LLMNR resolver. You also need to be using a network-manager plugin like network-manager-openvpn-gnome. Install and configure an openvpn connection after

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-05 Thread Nicholas Stommel
** Patch added: "patch for network-manager source" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317/+attachment/4889747/+files/resolved-vpn-dns-leak-fix.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-04 Thread Nicholas Stommel
** Also affects: network-manager (Ubuntu) Importance: Undecided Status: New ** Changed in: network-manager (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-06-02 Thread Brian Murray
** Tags added: rls-aa-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications about this bug go to:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-29 Thread Thomas M Steenholdt
@Vincent, re the "If lookups are routed to multiple interfaces, the first successful response is returned", this is indeed the problem with systemd-resolved as I see it, as that method will never be stable for a split DNS setup... You can never reliably predict if you'll get a good or a bad IP for

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-29 Thread Thomas M Steenholdt
To clarify... I believe NetworkManager is the culprit here - or systemd- resolved is fundamentally broken (i don't have the working knowledge to guess which it is). So my comment #44 is more about getting a working system than addressing any issue with systemd and/or NetworkManager. -- You

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-29 Thread Vincent
Thomas: I am not an expert on this, but as far as I can tell from the documentation you are seeing a different dns replying at times because (I quote the systemd.resolved.service doc) "Multi-label names are routed to all local interfaces that have a DNS sever configured (...) If lookups are

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-29 Thread Thomas M Steenholdt
So I have come up with a working solution that actually solves all MY needs in this regard. Hopefully it will be of use or inspiration to some of you guys too... Part 1 -- Switch NetworkManager to use dnsmasq (this will NOT work with resolved!) # apt-get install dnsmasq-base Add dns=dnsmasq

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-25 Thread Thomas M Steenholdt
I'm on 17.04 too and suffering from this issue for a while. As I understand this issue, the problem may actually very well be in Network-Manager rather than in systemd-resolved, but the problem is indeed very visible with resolved. Here's how I experience the problem (the root of my problems are

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-15 Thread Vincent
Here is a solution that seems to work for me. Note that I use a simple openvpn client configuration file that I run directly from the console. I don't use a GUI for my vpn connection, but I assume you can do the same via a gui interface. Within my openvpn client config file, I call a script

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-08 Thread Jordi Miralles
Hi, I have been posting quite a bit of information on bug https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525 As I didn't really realize there was this one open too, sorry. Maybe something is going to be useful for you. Cheers, J -- You received this bug notification because you

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-04 Thread Tim Shannon
Yeah, setting the nameserver in /etc/resolve.conf doesn't seem to work for me either. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS

Re: [Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-04 Thread Vincent Gerris
You can still add the vpn nameserver to /etc/resolv.conf . Epic blunder by both systemd-resolv maintainer and Ubuntu packagers for stacking a broken configuration together for at the 3rd release. Does anyone know how to escalate this? On May 4, 2017 19:04, "Winckler"

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-04 Thread Winckler
It's a really ugly workaround, but I'm using iptables to block connections to my ISP's DNS. I manually create and remove iptables rules using a script but at least this allows me to work remotely. I hope this get fix soon. -- You received this bug notification because you are a member of Ubuntu

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-05-04 Thread Tim Shannon
Yeah currently none of the workaround mentioned in the previous comments seem to work at all for me on 17.04. Not sure what to do at this point. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-28 Thread Vincent Gerris
indeed, this is COMPLETELY broken on 17.04. It seems systemd-resolved is the only thing being used. My DNS resolving over anyconnect (openconnect) does not work AT ALL anymore. I don't know which brilliant mind decided to change things like that, knowing there are so many bugs open. any work

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-26 Thread ChristianEhrhardt
I dup'ed another bug onto this, as I think they are essentially the same. While Martin worked on the domain-restricted cases the reporter and others outlined that this is not what this bug is about. TL;DR: - anything (like vpn) provides new DNS servers on an extra link - lets call them

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-26 Thread ChristianEhrhardt
Stephan, it is response time dependent - if your campus has a slow DNS answer then the others e.g. on your normal uplink will be preferred. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-24 Thread Stephan
Same problem here with Ubuntu 17.04 on 2 computers. Strange thing is, my private VPN pptp connection with my campus does not use their dns...the paid VPN (Cyberghost) works fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-18 Thread ZuLu
Do someone plan to fix this issue? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications about this bug go to:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-18 Thread gpothier
Maybe this is related? https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1667825 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-17 Thread Thomas
Is this the "Additional DNS servers" and "Additional search domains" IPv4 settings? Basically, while my VPN is enabled I want to use specific a DNS server behind the VPN, but only to resolve (sub)domains underneath that search domain. This used to work for me in 16.10 and is now broken in 17.04.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-04-14 Thread Joe Liau
Confirmed that is still an issue on 17.04. Comment #20 doesn't work, as that line does not exist. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-21 Thread Valentin
Same problem here, using vpnc, Ubuntu 16.04.2. Workaround #20 did the job. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-20 Thread Markus J Schmidt
I can confirm that using the workaround in #6 makes the VPN operable again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-20 Thread Markus J Schmidt
Sorry, I mean in comment #20! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications about this bug go to:

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-20 Thread Markus J Schmidt
Here is my output for @piti: Positive Trust Anchors: . IN DS19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-17 Thread Toomas
I can confirm, that the issue with systemd-resolved is still very much present on Ubuntu 16.10. If Forticlient runs (split horizon), then the name resolution is very slow or nonexistent (timeouts). -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-12 Thread Ognjen
OMG..this is still unresolved? I moved to Linux mint because of this. On Sat, Mar 11, 2017 at 3:49 PM, Markus J Schmidt wrote: > Same problem with VPNC and 16.04.2. Worked before on fresh upgrade to > 16.04.0. > > At the moment I am not able to work remote. Please fix

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-11 Thread Markus J Schmidt
Same problem with VPNC and 16.04.2. Worked before on fresh upgrade to 16.04.0. At the moment I am not able to work remote. Please fix this! ** Tags added: xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS

2017-03-10 Thread Vincent Fortier
Same here. Issue still on going with zesty 17.04 and quite painfull to deal with. One other approach is to re-symlink resolv.conf to /run/systemd/resolve/resolv.conf but openconnect then update /run/resolvconf/resolv.conf making this a total mess. I don't get it, this should be fairly

  1   2   >