[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2020-11-15 Thread Mathew Hodson
** Changed in: network-manager (Ubuntu Xenial) Status: Confirmed => Won't Fix ** Changed in: systemd (Ubuntu Xenial) Status: Invalid => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2020-11-14 Thread Bug Watch Updater
** Changed in: network-manager Status: Confirmed => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-11-05 Thread Joe Hohertz
1.10.6-2ubuntu1.2 has cause a regression in functionality. Anyone using a "split" VPN, where there is no default route, AND wish to have DNS services supplied by the server to be honoured, via use of the ipv4.dns-priority parameter, will have this broken. This is a bit of a sore point considering

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-11-04 Thread Launchpad Bug Tracker
This bug was fixed in the package network-manager - 1.10.6-2ubuntu1.2 --- network-manager (1.10.6-2ubuntu1.2) bionic; urgency=medium [ Till Kamppeter ] * debian/tests/nm: Add gi.require_version() calls for NetworkManager and NMClient to avoid stderr output which fails the

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-31 Thread Dariusz Gadomski
I have just run the test case from this bug description on the bionic-proposed version 1.10.6-2ubuntu1.2. tcpdump does not show any leak of the VPN-specific queries. I have not observed other issues in my tests. ** Tags removed: verification-needed verification-needed-bionic ** Tags added:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-28 Thread Till Kamppeter
No worries about my previous comment, it is solved. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-28 Thread Till Kamppeter
Now network-manager is hanging on (all autopkg tests passed): Not touching package due to block request by freeze (contact #ubuntu- release if update is needed) Which freeze do we currently have on Bionic? -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-26 Thread Eric Desrochers
The netplan.io (arm64) autopkgtest failure (due to timeout) has been retried today, it passed: http://autopkgtest.ubuntu.com/packages/n/netplan.io/bionic/arm64 No more failure reported in pending sru page. - Eric -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-25 Thread Timo Aaltonen
Hello dwmw2, or anyone else affected, Accepted network-manager into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network- manager/1.10.6-2ubuntu1.2 in a few hours, and then in the -proposed repository. Please help us by testing this new

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-22 Thread Till Kamppeter
Sorry for the late reply, I was on a conference last week. I installed the PPA now and tested with the reproducer of the initial posting. This works for me. Also the machine in general seems to work OK with this version of network-manager. Thank you very much Dariusz for packaging this version.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-11 Thread Mathew Hodson
This fix was first included in upstream 1.12.0, so this was actually fixed in Cosmic with network-manager 1.12.2-0ubuntu3 ** Changed in: network-manager (Ubuntu Cosmic) Importance: Undecided => High ** Changed in: network-manager (Ubuntu Cosmic) Status: Won't Fix => Fix Released --

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-10 Thread Till Kamppeter
Great work, thank you very much! It will need some testing of which I can only test the reproducer in the initial description of this bug report, not any regressions which the first attempt of upstream-update-based SRU, as I could not reproduce these by myself. So I would say to take this as a

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-10-10 Thread Dariusz Gadomski
I have backported what was listed as nm-1-10 fix for the bug in the upstream bugzilla [1]. I have also applied fixes for bug #1825946 and bug #1790098 to it. [1] https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=1e486a721de1fec76c81bfc461671a7fbdae531b After testing this

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-09-08 Thread Mathew Hodson
** Bug watch removed: bugzilla.gnome.org/ #766769 https://bugzilla.gnome.org/show_bug.cgi?id=766769 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-09-02 Thread Bug Watch Updater
Launchpad has imported 73 comments from the remote bug at https://bugzilla.gnome.org/show_bug.cgi?id=746422. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-08-31 Thread Mathew Hodson
** CVE removed: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-15688 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-08-21 Thread dwmw2
I have worked out the problem with the new NetworkManager which required me to set ipv4.dns-priority=-1 (which, in turn, messes things up for those with fresh installs that don't get the new NetworkManager). The new NM sets ipv4.dns-search=~. automatically for full-tunnel VPNs but it doesn't also

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-08-19 Thread dwmw2
Any word on when this CVE will be fixed? In the meantime I have put the 1.10.14-0ubuntu2 package into an apt repository at http://david.woodhou.se/cve-2018-1000135/ for users who need it. I couldn't work out how to copy it into a PPA without rebuilding it. In the short term can someone please at

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-07-18 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: network-manager (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-07-18 Thread dwmw2
> That's weird, do you understand why? The update was deleted so you should be > back to initial > situation, we had no change to the previous package build Other package changes? Certainly systemd-resolver although we don't use that (because of a previous VPN DNS leak problem) we use dnsmasq.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-07-18 Thread Till Kamppeter
seb128, it seems that dwmw2 NEEDS this SRU, without he does not get his environment working correctly, with SRU he gets it at least working setting the parameters he mentioned. I asked the posters of the regressions whether they get their situation fixed when using this SRU, the systemd SRU and

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-07-18 Thread Sebastien Bacher
> Then the NM update was pulled, and new installations aren't working at all, even if we don't set the DNS config as described. That's weird, do you understand why? The update was deleted so you should be back to initial situation, we had no change to the previous package build Also Till is

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-07-18 Thread dwmw2
Do we have any idea when this will be fixed? Most of my users used to get away with the DNS leakage and it was "only" a security problem but stuff actually worked. Then the NM and other updates were shipped, we set ipv4.dns-priority=-1 and ipv4.dns-search=~. and it all worked fine. Then the NM

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-10 Thread Dan Streetman
This was fixed in systemd 237-3ubuntu10.22 for bionic, and 239-7ubuntu10.14 for cosmic. I missed a "#" in the changelog (sorry) so the tooling didn't automatically mark this bug as fix released. ** Changed in: systemd (Ubuntu Bionic) Status: Fix Committed => Fix Released ** Changed in:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-06 Thread Till Kamppeter
I have checked again on Bionic, making sure that the installed systemd actually comes from the bionic-proposed repository, that the behavior according to the test case shown in the initial description of this bug is correct, DNS queries of destinations in the VPN done through the VPN's DNS and DNS

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-04 Thread dwmw2
@ddstreet We don't use systemd-resolver here. It's fairly trivial to set up a VPN service; the openconnect 'make check' uses ocserv automatically, for example. You shouldn't have difficulty reproducing this locally. -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-04 Thread Sebastien Bacher
We are not going to do cosmic/n-m changes at this point, best to upgrade to Disco if you need that issue resolved ** Changed in: network-manager (Ubuntu Bionic) Assignee: Olivier Tilloy (osomon) => Till Kamppeter (till-kamppeter) ** Changed in: network-manager (Ubuntu Cosmic) Status:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-04 Thread Dan Streetman
@dwmw2 and/or @till-kamppeter, can you verify the systemd upload for this bug for b and c? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-03 Thread Sebastien Bacher
bug #1831261 is also described as a potential side effect from this change -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-06-01 Thread Dan Streetman
> Is this going to be fixed in disco? speaking for systemd only, the commit needed is a97a3b256cd6c56ab1d817440d3b8acb3272ee17: https://github.com/systemd/systemd/commit/a97a3b256 that's included starting at v240, so is already in disco. -- You received this bug notification because you are a

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-31 Thread Paul Smith
Is this going to be fixed in disco? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go to:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-31 Thread Timo Aaltonen
systemd accepted to bionic/cosmic-proposed, please test ** Tags removed: verification-failed verification-failed-bionic ** Tags added: verification-needed verification-needed-bionic verification-needed-cosmic ** Changed in: systemd (Ubuntu Cosmic) Status: In Progress => Fix Committed **

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-30 Thread Dan Streetman
Uploaded patched systemd to b/c queues. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go to:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-29 Thread Dan Streetman
** Tags added: ddstreet-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go to:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-29 Thread Dan Streetman
** Also affects: network-manager (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Cosmic) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: systemd

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-27 Thread dwmw2
And (in case any of my colleagues are paying attention and inclined to do it before the next time I get to spend any real time in front of a computer, next week), without the dns-priority and dns-search settings that made it work again after the recent NM update. -- You received this bug

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-27 Thread Till Kamppeter
dwmw2, yes, exactly for this case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go to:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-27 Thread dwmw2
Till, you want that for the case where dnsmasq is being used and is misbehaving? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-27 Thread Till Kamppeter
Please create the following files (and directories if needed for them): 1. /etc/systemd/journald.d/noratelimit.conf containing RateLimitIntervalSec=0 RateLimitBurst=0 2. /etc/NetworkManager/conf.d/debug.conf [logging] level=TRACE domains=ALL Then restart journald: sudo systemctl restart

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread dwmw2
On the 1.10.14 regression simply making those dns-priority/dns- search settings the *default* behaviour for a full-tunnel VPN would appear to be the correct thing to do (i.e. use the DNS of a full-tunnel VPN for *all* lookups), and I think it should resolve the problems people were seeing. --

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread dwmw2
Dammit, "completely unnecessary in bionic but inherited from xenial"... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread dwmw2
On the switch to using dnsmasq: that decision predates my tenure so I have limited visibility. I can try to get our IT team to expend effort in moving to systemd-resolved and see what breaks. It may even be completely unnecessary in xenial, and is merely inherited to make our bionic setups less

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread Steve Langasek
Due to the SRU regressions reported in LP: #1829838 and LP: #1829566, I have reverted this SRU for the moment, restoring network-manager 1.10.6-2ubuntu1.1 to bionic-updates. I am marking this bug verification-failed pending resolution of the reported regressions. ** Changed in: network-manager

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread Steve Langasek
> These systems are using dnsmasq not systemd-resolver. > This was done for historical reasons; I'm not sure of > the specific bug which caused that choice. NetworkManager in Ubuntu 16.04 and earlier defaulted to integrating with dnsmasq. But on 18.04 and later, this integration has been

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread dwmw2
This is Bionic. After last week's update to 1.10.14-0ubuntu2 all my VPN users (who are using dnsmasq) reported that DNS supported working for them while they were on the VPN. Some internal names were looked up correctly, others weren't. I resolved it for them as follows: $ sudo nmcli con modify

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread Till Kamppeter
dwmw2, the systemd fix was mainly meant for people with standard configuration where this fix is actually needed and solve the problem. You are writing that adding "dns-priority=-1;dns-search=~." solves the problem for you. Where/to which file did you add this? Do you need this already with the

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread dwmw2
We aren't using systemd-resolver for various historical reasons; we are using dnsmasq which should be expected to work. It isn't, but we have manually added the dns-priority=-1;dns-search=~. settings which make it work, as an emergency deployment when the latest NM update broke things for

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-22 Thread Till Kamppeter
Unfortunately, the SRU for systemd did not yet get processed. Therefore I have now uploaded this version of systemd to my PPA so that you can already test/get your problem solved. Please tell here whether it actually fixes the bug. Here is my PPA:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-15 Thread dwmw2
These systems are using dnsmasq not systemd-resolver. This was done for historical reasons; I'm not sure of the specific bug which caused that choice. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-15 Thread Till Kamppeter
dwmw2, did you apply the systemd fix from comment #27? For this bug to be fixed you need BOTRH the fixed packages of network-manager and systemd. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-15 Thread dwmw2
I am receiving reports that it isn't fixed in 18.04 either. Users are still seeing DNS lookups on the local network, until they manually edit the VPN config to include: [ipv4] dns-priority=-1 dns-search=~.; I thought that wasn't going to be necessary? -- You received this bug notification

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-13 Thread Adam Conrad
The original bug report was about a regression in 16.04 with the dnsmasq integration. While I'm glad this got the ball rolling on the bionic networkd integration, let's not forget that we broke xenial? Added a xenial task for network-manager accordingly. ** Also affects: network-manager (Ubuntu

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-13 Thread Launchpad Bug Tracker
This bug was fixed in the package network-manager - 1.10.14-0ubuntu2 --- network-manager (1.10.14-0ubuntu2) bionic; urgency=medium [ Till Kamppeter ] * debian/tests/nm: Add gi.require_version() calls for NetworkManager and NMClient to avoid stderr output which fails the test.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-13 Thread Łukasz Zemczak
Will be releasing network-manager without the systemd part for now as it poses no threat to the user. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-09 Thread Till Kamppeter
Good news, the network-manager SRU is not broken or wrong, but an additional SRU, on systemd, is needed to actually fix this bug. I got a hint from Iain Lane (Laney, thank you very much) to the following fix in systemd upstream: https://github.com/systemd/systemd/commit/a97a3b256 and backported

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-08 Thread Till Kamppeter
I have now done the test under [Test Case] in the initial description of this bug report. I have a completely updated (including -proposed) Bionic machine (real iron, a Lenovo X1 Carbon 2nd gen from 2015) with network-manager 1.10.14-0ubuntu1 I have configured the Canonical VPN, both UK and US.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-05-02 Thread Mathieu Trudel-Lapierre
** Description changed: - * Impact + [Impact] + When using a VPN the DNS requests might still be sent to a DNS server outside the VPN when they should not - When using a VPN the DNS requests might still be sent to a DNS server - outside the VPN when they should not + [Test case] + 1) Set up a

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-04-13 Thread Steve Langasek
Based on comment #12 I am not sure that this is considered "verification-done" by the relevant developers and there was no comment given when the tags were changed. Resetting. I also think there should be an affirmative test as part of this SRU that the use case I described in comment #13 has

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-04-13 Thread Mathew Hodson
** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-03-31 Thread Mathew Hodson
Looking at the upstream bug, it looks like the fix relies on reworking large parts of the code and wouldn't be easy to SRU to Xenial. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-03-11 Thread dwmw2
@seb128 please see "In 16.04 the NetworkManager package used to carry this patch..." in the bug description above. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-03-11 Thread Sebastien Bacher
@dwmw2, 'This was a regression there caused by an earlier update.' would give some details ont that? you should probably open another report specifically about that if there was a regression in a xenial update -- You received this bug notification because you are a member of Ubuntu Bugs, which

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-03-08 Thread dwmw2
Is there a 16.04 package? This was a regression there caused by an earlier update. I have users reporting the same bizarre behaviour I wasn't able to clearly describe before — essentially, DNS being sent out seemingly random interfaces (sometimes VPN, sometimes local). My advice to just install

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-02-08 Thread Taylor Raack
I can also confirm that the network-manager package version 1.10.14-0ubuntu1 from bionic-proposed fixes the issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-02-05 Thread fessmage
@dwmw2, as far as i understand, you should configuring DNS through systemd-resolve only. Try remove your edits from `/etc/NetworkManager /system-connections`, or even delete your connections from NetworkManager interface, and create new. After that, establish vpn connection and see at

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-02-04 Thread dwmw2
Not sure what happened there. It was looking up *some* names in the $COMPANY.com domain on the VPN, but others not, consistently. I couldn't see a pattern. I have manually set ipv4.dns-search="~." and ipv4.dns-priority=-1 and now it does seem to be behaving. However, this shouldn't be necessary.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-02-04 Thread dwmw2
Hm, that didn't last long. Now it isn't looking up *anything* in the VPN domains. It's all going to the local VPN server. I don't know what changed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-02-04 Thread dwmw2
network-manager-1.10.14-0ubuntu1 does seem to fix the DNS problem here; thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2019-01-08 Thread Olivier Tilloy
@Steve (sorry for the late reply): not sure how that relates to bug #1726124, but in my limited understanding of the changes, they shouldn't regress the split-DNS use case. Some relevant pointers to better understand the fixes and their context: -

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-23 Thread fessmage
I installed package of network-manager 1.10.14-0ubuntu1 from bionic- proposed, and can confirm that version fixed dns leak: now when vpn connection established it gets `DNS Domain: ~.` in systemd-resolve automatically, so no more needed to manually apply command `systemd- resolve -i tun0

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-21 Thread Steve Langasek
How does this proposed change relate to LP: #1726124? Are users who are currently relying on correct split DNS handling by network-manager +systemd-resolved in bionic going to see this regress and have all DNS requests now sent over the VPN when they aren't supposed to? -- You received this bug

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-21 Thread Olivier Tilloy
Please test and share your feedback on this new version here, but refrain from changing the verification-needed-bionic tag for now. This new version includes many changes and we want to give it an extended testing period to ensure no regressions sneak in, before it is published to bionic-updates.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-21 Thread Brian Murray
Hello dwmw2, or anyone else affected, Accepted network-manager into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network- manager/1.10.14-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-19 Thread Launchpad Bug Tracker
** Merge proposal unlinked: https://code.launchpad.net/~osomon/network-manager/+git/network-manager/+merge/361051 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-19 Thread Sebastien Bacher
I've updated the description for the SRU but if someone had a better description of a testcase that would be welcome ** Description changed: + * Impact + + When using a VPN the DNS requests might still be sent to a DNS server + outside the VPN when they should not + + * Test case + +

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-12-18 Thread Launchpad Bug Tracker
** Merge proposal linked: https://code.launchpad.net/~osomon/network-manager/+git/network-manager/+merge/361051 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-11-19 Thread Olivier Tilloy
The fix was backported to the upstream 1.10 series. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-11-07 Thread Olivier Tilloy
This is fixed in the 1.12 series of network-manager (1.12.0 release), so cosmic and dingo are not affected. ** Changed in: network-manager (Ubuntu) Status: Confirmed => Fix Released ** Changed in: network-manager (Ubuntu) Assignee: Olivier Tilloy (osomon) => (unassigned) -- You

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-11-07 Thread Olivier Tilloy
See the discussion in the upstream bug report. The fix is in the master branch and needs to be backported to the 1.10 series so that we can pick it up in bionic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-11-02 Thread fessmage
Same question, will it be backported to Ubuntu 18.04 ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-10-29 Thread Gijs Molenaar
Is it possible to upload a fixed package to bionic backports? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-05-16 Thread Bug Watch Updater
** Changed in: network-manager Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-05-14 Thread Olivier Tilloy
A fix was merged to the upstream master branch: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d9782589248e61c0cb5aec90e3eb62612891116b -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-04-10 Thread Olivier Tilloy
There's active work going on upstream (see https://bugzilla.gnome.org/show_bug.cgi?id=746422 and https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=bg /dns-bgo746422) to fix the issue. https://bugzilla.gnome.org/show_bug.cgi?id=746422#c36 explains how. Once in master, it would

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-03-27 Thread Bug Watch Updater
** Changed in: network-manager Status: Unknown => Confirmed ** Changed in: network-manager Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-03-27 Thread Sebastien Bacher
** Bug watch added: GNOME Bug Tracker #746422 https://bugzilla.gnome.org/show_bug.cgi?id=746422 ** Also affects: network-manager via https://bugzilla.gnome.org/show_bug.cgi?id=746422 Importance: Unknown Status: Unknown ** Changed in: network-manager (Ubuntu) Assignee:

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-03-26 Thread Will Cooke
** Tags added: incoming rs-bb- ** Tags removed: incoming rs-bb- ** Tags added: rls-bb-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-03-20 Thread dwmw2
This is CVE-2018-1000135. For some reason the 'Link to CVE' option above doesn't seem to work. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000135 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000135 -- You received this bug notification because you are a

[Bug 1754671] Re: Full-tunnel VPN DNS leakage regression

2018-03-09 Thread Mathieu Trudel-Lapierre
Confirming this is broken. Dropping the patch 0001-dns-use-DBus-to-make- dnsmasq-nameserver-changes.patch in network-manager (1.2.4-0ubuntu0.16.04.1) was done, but it looks like not all the code in that patch was actually upstream. ** Changed in: network-manager (Ubuntu) Status: New =>