NetworkManager Sets Wrong DNS Server When OpenVPN tun0 starts if ipv6 on underlying interface in Ubuntu 16.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
In Ubuntu 16.04 when I start an OpenVPN tunnel via the NetworkManager GUI over an outer interface for which only IPv4 is configured, only the DNS server that is reachable through the new tun0 interface is configured by network manager. This is correct, no DNS leakage outside the tunnel occurs.
However, if I start OpenVPN and use an outer interface (over which tun0 flows) that has both IPv4 and IPv6 configured, the NetworkManager reports the DNS server of the outer interface and the DNS server of the tun0 interface to dnsmasq/resolvconf. This leads to DNS leakage outside tun0 and is a security issue as DNS queries are done inside and outside the tunnel. Here's the interesting part in syslog:
-----
Jul 7 20:02:40 wlm NetworkManager[
Jul 7 20:02:40 wlm NetworkManager[
Jul 7 20:02:40 wlm NetworkManager[
Jul 7 20:02:40 wlm NetworkManager[
Jul 7 20:02:40 wlm NetworkManager[
Jul 7 20:02:41 wlm NetworkManager[
Jul 7 20:02:41 wlm systemd[1]: Starting Network Manager Script Dispatcher Service...
Jul 7 20:02:41 wlm dnsmasq[16825]: setting upstream servers from DBus
Jul 7 20:02:41 wlm dnsmasq[16825]: using nameserver 10.8.0.1#53
Jul 7 20:02:41 wlm dnsmasq[16825]: using nameserver 192.168.42.1#53
Jul 7 20:02:41 wlm dbus[878]: [system] Successfully activated service 'org.freedeskto
Jul 7 20:02:41 wlm nm-dispatcher: req:1 'vpn-up' [tun0]: new request (1 scripts)
-------
Only 10.8.0.1 should be configured at this point. 192.168.42.1 should NOT be configure (and is not if the outer interface is IPv4 only!
information type: | Private Security → Public Security |
Can I make this bug public?