VPN with IPv6 connectivity but no IPv6 DNS server results in broken DNS config

Bug #1390623 reported by Olav Morken on 2014-11-07
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
Fix Released
Medium
network-manager (Ubuntu)
High
Aron Xu
network-manager-openvpn (Ubuntu)
High
Unassigned

Bug Description

When connecting to a VPN that provides both a default route over IPv4 and IPv6, but only DNS servers over IPv4, you can end up with the IPv4 DNS servers set up as "split DNS". When that happens, the user is left without a working DNS configuration.

See the attached log file for an example.

I think the cause is that the patch for avoiding split DNS on VPNs with default routes[1] stops looking when it finds the first VPN configuration with a default route. If that configuration happens to be the IPv6-side of the VPN connection, then it will still add the IPv4 configuration with split DNS.

A workaround is to simply add a IPv6 DNS server to the configuration in addition to the IPv4 DNS servers. In that case, the IPv6 DNS server is added without split DNS.

This has been tested with both Ubuntu 14.04 LTS and Xubuntu 14.04.

Package versions (on Xubuntu 14.04):
 network-manager 0.9.8.8-0ubuntu7
 network-manager-openvpn 0.9.8.2-1ubuntu4
 openvpn 2.3.2-7ubuntu3

[1] http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/dnsmasq-vpn-dns-filtering.patch

Olav Morken (olavmrk) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager (Ubuntu):
status: New → Confirmed
MikeyB (supermathie) wrote :

Affects 15.04 as well.

before VPN:
Aug 25 21:20:14 challenger dnsmasq[2049]: setting upstream servers from DBus
Aug 25 21:20:14 challenger dnsmasq[2049]: using nameserver 2001:db8:b0e2::51#53
Aug 25 21:20:14 challenger dnsmasq[2049]: using nameserver 2001:db8:b0e2::52#53
Aug 25 21:20:14 challenger dnsmasq[2049]: using nameserver 192.168.1.51#53
Aug 25 21:20:14 challenger dnsmasq[2049]: using nameserver 192.168.1.52#53

after VPN:
Aug 25 21:20:20 challenger dnsmasq[2049]: using nameserver 192.168.0.6#53 for domain netdirect.ca
Aug 25 21:20:20 challenger dnsmasq[2049]: using nameserver 192.168.0.6#53 for domain 31.172.in-addr.arpa
Aug 25 21:20:20 challenger dnsmasq[2049]: using nameserver 192.168.0.6#53 for domain 10.in-addr.arpa
Aug 25 21:20:20 challenger dnsmasq[2049]: using nameserver 192.168.0.6#53 for domain 0.168.192.in-addr.arpa
Aug 25 21:20:20 challenger dnsmasq[2049]: using nameserver 192.168.0.6#53 for domain 235.16.216.in-addr.arpa

Dominique Martinet (asmadeus-1) wrote :

Has been fixed upstream through this bug report: https://bugzilla.gnome.org/show_bug.cgi?id=766769

The patches were landed in master and nm-1.2 but not in older releases afaik, would it be possible to backport them to LTS releases, or will they only get security fixes and not applicative fixes? (I'm unfamiliar with policies for older releases of ubuntu)

Thanks,
--
Dominique Martinet | Asmadeus

Sebastien Bacher (seb128) wrote :

Thanks Dominique for pointing the upstream fixes, we plan to SRU 1.2 updaes to 16.04 for sure, 1.2.2 are being worked and we can cherry pick extra fixes then

Aron, could you have a look to those?

n-m
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-2&id=dd3dfad5835eea7617d883d4c665c0be66fa09f7

n-m-openvpn
https://git.gnome.org/browse/network-manager-openvpn/commit/?h=nm-1-2&id=b9f75032d205082e01f19e126a4ef9504f44148e

Changed in network-manager (Ubuntu):
importance: Undecided → Low
assignee: nobody → Aron Xu (happyaron)
importance: Low → High
status: Confirmed → In Progress
Changed in network-manager-openvpn (Ubuntu):
importance: Undecided → High
status: New → In Progress
assignee: nobody → Aron Xu (happyaron)
Changed in network-manager:
importance: Unknown → Medium
status: Unknown → Fix Released
affects: network-manager → network-manager-openvpn
Aron Xu (happyaron) on 2016-06-23
tags: added: desktop-trello-import
Aron Xu (happyaron) wrote :

Fixed in n-m/1.2.4-0ubuntu1 in yakkety.

Changed in network-manager (Ubuntu):
status: In Progress → Fix Released
Aron Xu (happyaron) on 2017-04-29
Changed in network-manager-openvpn (Ubuntu):
assignee: Aron Xu (happyaron) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.