[Bug 1671606] Re: DNS server from vpn connection is not being used after network-manager upgrade to 1.2.6-0ubuntu0.16.04.1

Jason Cecil 1671606 at bugs.launchpad.net
Wed Feb 13 03:06:21 UTC 2019 

*** This bug is a duplicate of bug 1688018 ***
    https://bugs.launchpad.net/bugs/1688018

This is the *nastiest* bug I've ever encountered in the wild on my own
in Linux (that has no good solution after this long). Package
1.2.2-0ubuntu0.16.04.4 has disappeared from the mirrors for Xenial (not
that anyone should expect a normal user to go through the deep dive that
is this subject, once one realizes what is happening). The cipher in use
by AWS for Client VPN isn't available in OpenSSL within Trusty Tahr, so
running an old Ubuntu distro is also not a viable solution for me. This
is about as serious of a bug as I could think of, and we're almost two
years in without it being addressed. Hate to be tin-foil-hatty, but this
seems like the kind of thing that gets put into software as a result of
government-agency interests. How many people around the world expecting
their VPN to protect them while viewing content from outside of their
nation state are DNS-leaking all over the place to their local ISP? How
many companies are leaking private zone DNS names (which often reflect
what's running on the target boxes, and would then include information
that could be used as part of an attack vector) to their ISP? I
understand how open source works, but most people (including me) don't
have the ability to work effectively on this nuanced bug. What's the
plan? Sorry to sound disgruntled, but I spent about a week on this
(coming to terms with understanding the issue, and then trying a number
of workarounds). Initially I accused our CTO of running a broken VPN
server (heh), because I could simply not believe that things didn't
"just work" in Linux for this extremely common use case. So we don't
support pushing "dhcp-option" for DNS in Linux. This works in Mac and in
Windows. We need a working/easy way to update our DNS addresses upon
connecting to/disconnected from a VPN that users can trust. This bug is
so obscene, bwahah, I felt like Linus Torvalds dealing with Nvidia...
:-P

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1671606

Title:
  DNS server from vpn connection is not being used after network-manager
  upgrade to 1.2.6-0ubuntu0.16.04.1

Status in network-manager package in Ubuntu:
  Confirmed
Status in resolvconf package in Ubuntu:
  Invalid

Bug description:
  I use my company's cisco vpn via network-manager in Ubuntu 16.04.2
  LTS. After recent upgrade of network-manager:amd64 from version
  1.2.2-0ubuntu0.16.04.4 to version 1.2.6-0ubuntu0.16.04.1 DNS
  resolution of VPN's server hostnames does not work. Roll back to
  version 1.2.2-0ubuntu0.16.04.4 solves the problem.

  Steps for reproducing:
  1. upgrade network-manager:amd64 from version 1.2.2-0ubuntu0.16.04.4 to version 1.2.6-0ubuntu0.16.04.1
  2. connect to VPN via network-manager applet
  3. nslookop servername.internal --> ** server can't find servername.internal: NXDOMAIN
  4. disconnect from VPN via network-manager applet
  5. roll back network-manager via command: sudo apt-get install network-manager=1.2.2-0ubuntu0.16.04.4
  6. restart network-manager via sudo service network-manager restart
  7. connect to VPN via network-manager applet
  8. nslookop servername.internal --> the server is resolved correctly

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: network-manager 1.2.6-0ubuntu0.16.04.1
  ProcVersionSignature: Ubuntu 4.4.0-66.87-generic 4.4.44
  Uname: Linux 4.4.0-66-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Mar  9 19:49:55 2017
  InstallationDate: Installed on 2015-10-05 (520 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=true
   WimaxEnabled=true
  SourcePackage: network-manager
  UpgradeStatus: No upgrade log present (probably fresh install)
  nmcli-nm:
   RUNNING  VERSION  STATE      STARTUP  CONNECTIVITY  NETWORKING  WIFI-HW  WIFI     WWAN-HW  WWAN
   running  1.2.6    connected  started  full          enabled     enabled  enabled  enabled  enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1671606/+subscriptions

More information about the foundations-bugs mailing list