network-manager-openvpn leaks DNS information on Ubuntu 18.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
By default when adding a VPN configuration on Ubuntu 18.04 the DNS configuration supplied by DHCP is not used, resulting in DNS leakage.
How to reproduce:
* Add VPN configuration, for example, import a ovpn file
* activate
* Check for DNS leakage at for example https:/
This has been reported at various locations:
https:/
https:/
https:/
The issue has been solved since network-manage-open version 1.12.0:
https:/
This version or a more recent version is part of Ubuntu 18.10 which doesn't have this issue.
A workaround is to run:
$ systemd-resolve -i tun2 --set-domain=~.
where tun2 is your VPN interface.
We think this is a security issue and at least a backport of network-manage-open > 1.12.0 should be uploaded to the archive.
greetings,
- Gijs
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: network-manager 1.10.6-2ubuntu1
ProcVersionSign
Uname: Linux 4.15.0-36-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Oct 8 11:19:00 2018
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2018-06-06 (123 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
IpRoute:
default via 192.168.178.1 dev enp6s0 proto dhcp metric 100
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.61 metric 100
NetworkManager.
[main]
NetworkingEnab
WirelessEnable
WWANEnabled=true
RfKill:
SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-nm:
RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN
running 1.10.6 connected started full enabled enabled enabled enabled enabled
affects: | network-manager (Ubuntu) → network-manager-openvpn (Ubuntu) |
no longer affects: | network-manager-openvpn |
affects: | network-manager-openvpn (Ubuntu) → network-manager (Ubuntu) |
Thanks for the report Gijs,
This seems to be a recurring problem, or perhaps one that's just difficult to completely solve.
The bug you referenced: /gitlab. gnome.org/ GNOME/NetworkMa nager-openvpn/ issues/ 10 /cgit.freedeskt op.org/ NetworkManager/ NetworkManager/ commit/ ?id=d9782589248 e61c0cb5aec90e3 eb62612891116b
https:/
includes a mention of this fix:
https:/
Previously filed bugs that may provide some further context or information: /bugs.launchpad .net/ubuntu/ +source/ openvpn/ +bug/1652525 /bugs.launchpad .net/ubuntu/ +source/ openvpn/ +bug/1634689 /bugs.launchpad .net/ubuntu/ +source/ openvpn/ +bug/1685391 /bugs.launchpad .net/ubuntu/ +source/ network- manager/ +bug/1672491 /bugs.launchpad .net/ubuntu/ +source/ network- manager/ +bug/1754671
https:/
https:/
https:/
https:/
https:/
Thanks