Hi all, recent versions of NetworkManager-strongswan plugin cannot parse DNS settings correctly.
---------------------------------------------------------------------- Detailed description of the bug I upgraded two of my work computers: from Ubuntu 17.10 to Ubuntu 18.04 and from Fedora 27 to Fedora 28 Both of them started to ignore the DNS provided by the strongswan VPN server. No addresses in the private net can be resolved now. Meanwhile, the other workstations which remained nonupgraded (Ubuntu 17.10 and Fedora 27) still work fine. There were no changes on the VPN server, which is under my control. I limited my further search for the cause of the bug to the Fedora computers. The functioning Fedora 27 uses NetworkManager 1.8.6 and NetworkManager-strongswan plugin 1.4.0. The nonfunctioning Fedora 28 uses NetworkManager 1.10.6 and and NetworkManager-strongswan plugin 1.4.3. Looking at the output of the journalctl on the functioning computers with Fedora 27, the DNS seems to be parsed correctly: Data: VPN Gateway: 82.100.29.182 Data: Tunnel Device: (null) 14[IKE] peer supports MOBIKE Data: IPv4 configuration: Data: Internal Address: 10.105.106.77 Data: Internal Prefix: 32 Data: Internal Point-to-Point Address: 10.105.106.77 Data: Maximum Segment Size (MSS): 0 Data: Forbid Default Route: yes Data: Internal DNS: 172.17.1.2 Data: DNS Domain: '(none)' Data: No IPv6 configuration VPN connection: (IP Config Get) complete VPN plugin: state changed: started (4) Looking at the output of the journalctl on the failing computers with Fedora 28, the DNS seems to be a totally random address, each time a different one. Data: VPN Gateway: 82.100.29.182 Data: Tunnel Device: (null) Data: IPv4 configuration: Data: Internal Address: 10.105.106.10 Data: Internal Prefix: 32 Data: Internal Point-to-Point Address: 10.105.106.10 Data: Static Route: 10.105.106.10/32 Next Hop: 0.0.0.0 Data: Internal DNS: 144.117.1.140 Data: DNS Domain: '(none)' Data: No IPv6 configuration VPN connection: (IP Config Get) complete VPN plugin: state changed: started (4) Also, no mention of MOBIKE, interesting. Also, in the journalctl of the failing computes, I see the following error, which may be a cause of the problem. This error is not seen on the functioning computers. May 04 09:33:50 localhost.localdomain gnome-shell[1257]: JS ERROR: TypeError: item is undefined setActiveConnections/<@resource:///org/gnome/shell/ui/status/network.js:1518:17 setActiveConnections@resource:///org/gnome/shell/ui/status/network.js:1515:9 wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22 _syncVpnConnections@resource:///org/gnome/shell/ui/status/network.js:1853:9 wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22 In my opinion, the parsing of the DNS record fails for some reason and the displayed DNS is just memory garbage found in an unitialized C variable. Best regards Marian Kechlibar --- Tato zpráva byla zkontrolována na viry programem Avast Antivirus. https://www.avast.com/antivirus
