Ubuntu
openvpn package

  1. Bug #1652525
  2. Comment #19

Comment 19 for bug 1652525

Revision history for this message
Jordi Miralles (jmiralles) wrote :

And still adding further input (in hopes it's useful) when this time I tested activating the UFW and the CLI client while the network-manager-openvpn applet was still ON the rogue DNS server appears once again. Keep in mind that this shouldn't really be on any of the configuration files at all. Before testing I had designated 84.200.69.80 as the only resolver for that connection on network-manager.

More logs (syslog, Ununtu 17.04 - 4.10.0-20-generic, all packages up to date) :

Everything was good until I put up the firewall (blocking the VPN DNS on pursose, just to see how it reacted to a stress test)

May 8 04:10:17 tuxedo kernel: [ 2919.884244] [UFW BLOCK] IN= OUT=tun1 SRC=10.43.16.23 DST=10.43.16.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=58632 DF PROTO=UDP SPT=48934 DPT=53 LEN=42
May 8 04:10:17 tuxedo kernel: [ 2919.884259] [UFW BLOCK] IN= OUT=tun1 SRC=10.43.16.23 DST=10.43.16.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=58633 DF PROTO=UDP SPT=48934 DPT=53 LEN=42
May 8 04:10:17 tuxedo kernel: [ 2919.884273] [UFW BLOCK] IN= OUT=tun1 SRC=10.43.16.23 DST=10.43.16.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=58634 DF PROTO=UDP SPT=48934 DPT=53 LEN=42
May 8 04:10:17 tuxedo kernel: [ 2919.884287] [UFW BLOCK] IN= OUT=tun1 SRC=10.43.16.23 DST=10.43.16.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=58635 DF PROTO=UDP SPT=48934 DPT=53 LEN=42
May 8 04:10:17 tuxedo kernel: [ 2919.884302] [UFW BLOCK] IN= OUT=tun1 SRC=10.43.16.23 DST=10.43.16.1 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=58636 DF PROTO=UDP SPT=48934 DPT=53 LEN=42
May 8 04:10:17 tuxedo compiz[2489]: WARN 2017-05-08 04:10:17 unity.dash.view DashView.cpp:1272 Search failed 'fire'=> Timeout was reached
May 8 04:10:17 tuxedo unity-scope-hom[5319]: scope.vala:669: Unable to search scope: Timeout was reached
May 8 04:10:17 tuxedo unity-scope-hom[5319]: unity-master-scope.vala:114: Unable to search scope: 'Timeout was reached'
May 8 04:10:20 tuxedo unity-panel-ser[2498]: menus_destroyed: assertion 'IS_WINDOW_MENU(wm)' failed
May 8 04:10:37 tuxedo NetworkManager[1315]: <info> [1494209437.6569] devices removed (path: /sys/devices/virtual/net/tun1, iface: tun1)
May 8 04:10:37 tuxedo NetworkManager[1315]: <info> [1494209437.6579] device (tun1): state change: activated -> unmanaged (reason 'unmanaged') [100 10 3]
May 8 04:10:37 tuxedo dbus[1288]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
May 8 04:10:37 tuxedo systemd[1]: Starting Network Manager Script Dispatcher Service...
May 8 04:10:37 tuxedo dbus[1288]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
May 8 04:10:37 tuxedo nm-dispatcher: req:1 'down' [tun1]: new request (2 scripts)
May 8 04:10:37 tuxedo nm-dispatcher: req:1 'down' [tun1]: start running ordered scripts...
May 8 04:10:37 tuxedo FirewallHandler: Saving iptables rules.
May 8 04:10:37 tuxedo nm-dispatcher[9622]: <30>May 8 04:10:37 FirewallHandler: Saving iptables rules.
May 8 04:10:37 tuxedo systemd[1]: Started Network Manager Script Dispatcher Service.
May 8 04:10:44 tuxedo NetworkManager[1315]: <info> [1494209444.6758] audit: op="connection-deactivate" uuid="9fcd6b62-3762-424f-9b2e-e1cfe38b3fa7" name="Italy" pid=2535 uid=1000 result="success"

May 8 04:10:44 tuxedo nm-dispatcher: req:2 'vpn-down' [tun0]: new request (2 scripts)
May 8 04:10:44 tuxedo nm-dispatcher: req:2 'vpn-down' [tun0]: start running ordered scripts...
May 8 04:10:44 tuxedo NetworkManager[1315]: <info> [1494209444.6796] vpn-connection[0x563fc05d8180,9fcd6b62-3762-424f-9b2e-e1cfe38b3fa7,"Italy",0]: VPN plugin: state changed: stopping (5)
May 8 04:10:44 tuxedo NetworkManager[1315]: <info> [1494209444.6796] vpn-connection[0x563fc05d8180,9fcd6b62-3762-424f-9b2e-e1cfe38b3fa7,"Italy",0]: VPN plugin: state changed: stopped (6)
May 8 04:10:44 tuxedo NetworkManager[1315]: <info> [1494209444.6809] policy: set 'MakiNET2' (wlp3s0) as default for IPv4 routing and DNS
May 8 04:10:44 tuxedo NetworkManager[1315]: <info> [1494209444.6816] device (tun0): state change: activated -> unmanaged (reason 'unmanaged') [100 10 3]

And here it falls back to the google DNS, I dont know why, but they are really persistent.

May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.8.8.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.4.4.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8888.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8844.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.8.8.
May 8 04:10:44 tuxedo whoopsie[1311]: [04:10:44] Cannot reach: https://daisy.ubuntu.com
May 8 04:10:44 tuxedo whoopsie[1311]: [04:10:44] offline
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.4.4.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8888.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8844.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.8.8.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.4.4.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8888.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8844.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.8.8.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.4.4.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8888.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 2001:4860:4860::8844.
May 8 04:10:44 tuxedo systemd-resolved[1439]: Switching to fallback DNS server 8.8.8.8.