[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Mathew Hodson]

*** This bug is a duplicate of bug 1754671 ***
https://bugs.launchpad.net/bugs/1754671

** This bug has been marked a duplicate of bug 1754671
   Full-tunnel VPN DNS leakage regression

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Launchpad Bug Tracker]

[Expired for openvpn (Ubuntu) because there has been no activity for 60
days.]

** Changed in: openvpn (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Eylul]

Mathieu, sorry for the delay. 
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525
is the bug ID. Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1634689] Re: DNS leak after upgrade to 16.10

[James]

My setup is pretty generic. I'm sure Eylul's log files are
representative of the same bug.

On Mon, Dec 19, 2016 at 11:47 AM, Mathieu Trudel-Lapierre
 wrote:
> Eylul, please file a separate bug for your particular issue, you
> configuration may be quite different than James'. When you've done so,
> please comment back here with the bug number.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1634689
>
> Title:
>   DNS leak after upgrade to 16.10
>
> Status in openvpn package in Ubuntu:
>   Incomplete
>
> Bug description:
>   Two different openvpn servers I have tried now have a DNS leak with an
>   Ubuntu 16.10 client. This worked fine for both of these servers with
>   Ubuntu 16.04 clients.
>
>   I've edited this to reflect better understanding of the bug. I
>   initially believed it was not redirecting the gateway at all. It turns
>   out that it is correctly redirecting the gateway, and is using the
>   pushed DNS ip. But the DNS being pushed is secondary to the ISP's DNS,
>   which results in a DNS leak. This was not the behavior of openvpn with
>   Ubuntu 16.04.
>
>   This may be related to the bug described in this comment: (He
>   describes a "fix" applied to 16.10, which might be the source of the
>   problem.)
>
>   https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/120/comments/50
>
>   That comment leads to the package below, which may also be the source of 
> the problem:
>   https://launchpad.net/ubuntu/+source/network-manager/1.2.2-0ubuntu4
>
>   edit2: The problem also exists when running openvpn from the command
>   line, so the network manager is not part of the problem.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Mathieu Trudel-Lapierre]

Eylul, please file a separate bug for your particular issue, you
configuration may be quite different than James'. When you've done so,
please comment back here with the bug number.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Eylul]

Also noticed this. when using a couple of example setup files (different
servers) that worked without leak in 16.04, in 16.10 there is dns leak.
I am not sure how to exactly send requests mean for VPN but would be
willing to try if I can figure it out. The rest of the information is
below.

How is the VPN configured on the client?

Export of VPN settings as .ovpn: 
client
remote  
ca 
cert 
key 
comp-lzo yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nm-openvpn
group nm-openvpn


vpn conf at /etc/NetworkManager: 

[connection]
id=
uuid=
type=vpn
permissions=
secondaries=
timestamp=

[vpn]
connection-type=tls
remote=:
comp-lzo=yes
cert-pass-flags=0
cert=
dev=tun
key=
ca=
service-type=org.freedesktop.NetworkManager.openvpn

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto

Is it set up to "Use this connection only for the resources on its network"? Is 
that the case for both IPv4 and IPv6?
No, and no. 

What are the contents of /etc/resolv.conf?

/etc/resolve.conf while VPN is running: 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search home

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Mathieu Trudel-Lapierre]

"There is a DNS leak" doesn't tell us much. Could you please further
describe what you're seeing as incorrect behavior, and exactly how the
VPN is configured on the client? Is it set up to "Use this connection
only for the resources on its network"? Is that the case for both IPv4
and IPv6?

What are the contents of /etc/resolv.conf, and what happens if you try
to send requests meant for the VPN (preferably without any browser or
other things running that could send DNS requests), and immediately
afterwards send a USR1 signal to dnsmasq? (You can use "sudo kill -USR1
`pidof dnsmasq`", or sudo kill -USR1 just the dnsmasq process spawned by
NetworkManager).

** Changed in: openvpn (Ubuntu)
   Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[Launchpad Bug Tracker]

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: openvpn (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1634689] Re: DNS leak after upgrade to 16.10

[James]

** Description changed:

  Two different openvpn servers I have tried now have a DNS leak with an
  Ubuntu 16.10 client. This worked fine for both of these servers with
  Ubuntu 16.04 clients.
  
  I've edited this to reflect better understanding of the bug. I initially
  believed it was not redirecting the gateway at all. It turns out that it
  is correctly redirecting the gateway, and is using the pushed DNS ip.
  But the DNS being pushed is secondary to the ISP's DNS, which results in
  a DNS leak. This was not the behavior of openvpn with Ubuntu 16.04.
  
  This may be related to the bug described in this comment: (He describes
  a "fix" applied to 16.10, which might be the source of the problem.)
  
  https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/120/comments/50
  
- That comment leads to the package below, which may also be the source of the 
problem: 
+ That comment leads to the package below, which may also be the source of the 
problem:
  https://launchpad.net/ubuntu/+source/network-manager/1.2.2-0ubuntu4
+ 
+ edit2: The problem also exists when running openvpn from the command
+ line, so the network manager is not part of the problem.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1634689

Title:
  DNS leak after upgrade to 16.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1634689/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs