** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1599949
Title: NetworkManager Sets Wrong DNS Server When OpenVPN tun0 starts if ipv6 on underlying interface in Ubuntu 16.04 Status in network-manager package in Ubuntu: New Bug description: In Ubuntu 16.04 when I start an OpenVPN tunnel via the NetworkManager GUI over an outer interface for which only IPv4 is configured, only the DNS server that is reachable through the new tun0 interface is configured by network manager. This is correct, no DNS leakage outside the tunnel occurs. However, if I start OpenVPN and use an outer interface (over which tun0 flows) that has both IPv4 and IPv6 configured, the NetworkManager reports the DNS server of the outer interface and the DNS server of the tun0 interface to dnsmasq/resolvconf. This leads to DNS leakage outside tun0 and is a security issue as DNS queries are done inside and outside the tunnel. Here's the interesting part in syslog: ----- Jul 7 20:02:40 wlm NetworkManager[4694]: <warn> [1467914560.9893] device (tun0): failed to disable userspace IPv6LL address handling Jul 7 20:02:40 wlm NetworkManager[4694]: <info> [1467914560.9897] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0] Jul 7 20:02:40 wlm NetworkManager[4694]: <info> [1467914560.9913] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0] Jul 7 20:02:40 wlm NetworkManager[4694]: <info> [1467914560.9917] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0] Jul 7 20:02:40 wlm NetworkManager[4694]: <info> [1467914560.9963] policy: set 'tun0' (tun0) as default for IPv4 routing and DNS Jul 7 20:02:41 wlm NetworkManager[4694]: <info> [1467914560.9967] dns-mgr: Writing DNS information to /sbin/resolvconf Jul 7 20:02:41 wlm systemd[1]: Starting Network Manager Script Dispatcher Service... Jul 7 20:02:41 wlm dnsmasq[16825]: setting upstream servers from DBus Jul 7 20:02:41 wlm dnsmasq[16825]: using nameserver 10.8.0.1#53 Jul 7 20:02:41 wlm dnsmasq[16825]: using nameserver 192.168.42.1#53 Jul 7 20:02:41 wlm dbus[878]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Jul 7 20:02:41 wlm nm-dispatcher: req:1 'vpn-up' [tun0]: new request (1 scripts) ------- Only 10.8.0.1 should be configured at this point. 192.168.42.1 should NOT be configure (and is not if the outer interface is IPv4 only! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1599949/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp