DNS with VPN broken again on Mint 18.1

[BillyJ]

A few years back, there was a flurry of activity among Ubuntu and Mint users caused by DNS modifications that prevented the use of a VPN. There were a host of ‘fixes’, many of which more or less worked. Apparently the problem went away – until now. Until recently I was able to use a VPN on a Mint 18.1 system at home in Tucson that was religiously kept up-dated. A few days later, at home in Albuquerque, the system was up-dated, the VPN files downloaded, and the DNS problem was again present:

Everything works fine if the VPN is not used. If the VPN is turned on with the Net Manager applet, the VPN is connected, but nothing that wants to use it works. All apps just hang indefinitely, apparently waiting for DNS to provide the proper data. (Note the use of 'apparently' -- it COULD be something entirely different.) Same if invoked via terminal rather than the applet. The usual tricks and ‘fixes’, even the temporary ones, have been tried, numerous times, with absolutely no success:

– Re-install VPN files
– Re-install OpenVPN, the Network Manager, and the Gnome Network Manager
– Set up via Network Manager
– Set up via console terminal
– Edit various .conf files to include various nameservers
– Edit various .conf files to avoid dnsmasq
– Make /etc/resolv.conf a fixed, chattr’ed nameserver file

... and a few more that I don’t remember offhand. Repeat: tried more than once, none worked.

I spent two long sessions with folks from the VPN provider, one via email and one via chat. It was finally suggested that the problem needed to be escalated. I, and probably a few more Linux Mint users need some help from someone with Mint 18.1, OpenVPN, and DNS expertise. Had the problem? Know how to fix it?

[phd21]

Hi "BillyJ",

Welcome to the wonderful world of Linux Mint and its excellent forum !

It would help to know more about your system setup. If you run "inxi -Fxzd" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

You are not being specific enough. What VPN provider are you using? For years I have been able to easily setup VPN access using KDE, Cinnamon, and Mate editions in versions 17.x and 18.x. And, all my browsers and Internet applications work perfectly and reflect the VPN connection when tested through "ipleak.net", and "https://dnsleaktest.com/". Except, most chat messaging applications will not work with the free "vpnbook" servers (qTox does).

Regardless whether you use a VPN provider or not, you should seriously consider changing your Local ISP connection's DNS IP servers to secure neutral ones from DNS providers like "opennic project", "dns.watch", "openDNS", "freenom world", etc... Then, even if the VPN leaked DNS information, it would be the secure neutral ones you entered.

Update your "openVPN" software using the instructions in the post below.
viewtopic.php?f=157&t=242583&hilit=openvpn


Hope this helps ...

[BillyJ]

Hi, phd21, thanks for the kind reply.

Here's the results of "inxi -Fxzd":

Code: Select all

System:    Host: Mint17 Kernel: 4.4.0-53-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.0.7 (Gtk 3.18.9-1ubuntu3.3) Distro: Linux Mint 18 Sarah
Machine:   System: Dell product: Inspiron 570 v: 00
           Mobo: Dell model: 04GJJT v: A00 Bios: Dell v: A06 date: 03/29/2012
CPU:       Dual core AMD Athlon II X2 245 (-MCP-) cache: 2048 KB
           flags: (lm nx sse sse2 sse3 sse4a svm) bmips: 11571
           clock speeds: max: 2900 MHz 1: 1700 MHz 2: 2200 MHz
Graphics:  Card: Advanced Micro Devices [AMD/ATI] RS880 [Radeon HD 4200] bus-ID: 01:05.0
           Display Server: X.Org 1.18.3 drivers: ati,radeon (unloaded: fbdev,vesa) Resolution: 1920x1080@60.00hz
           GLX Renderer: Gallium 0.4 on AMD RS880 (DRM 2.43.0, LLVM 3.8.0)
           GLX Version: 3.0 Mesa 11.2.0 Direct Rendering: Yes
Audio:     Card-1 Advanced Micro Devices [AMD/ATI] RS880 HDMI Audio [Radeon HD 4200 Series]
           driver: snd_hda_intel bus-ID: 01:05.1
           Card-2 Advanced Micro Devices [AMD/ATI] SBx00 Azalia (Intel HDA) driver: snd_hda_intel bus-ID: 00:14.2
           Sound: Advanced Linux Sound Architecture v: k4.4.0-53-generic
Network:   Card: Broadcom NetLink BCM57788 Gigabit Ethernet PCIe driver: tg3 v: 3.137 bus-ID: 02:00.0
           IF: eth0 state: up speed: 1000 Mbps duplex: full mac: <filter>
Drives:    HDD Total Size: 3000.6GB (54.4% used) ID-1: /dev/sda model: WDC_WD5000AAKX size: 500.1GB
           ID-2: /dev/sdb model: WDC_WD5000AAKX size: 500.1GB
           ID-3: USB /dev/sdg model: Elements_10B8 size: 2000.4GB
           Optical: /dev/sr0 model: PLDS DVD+-RW DH-16ABS rev: PD11 dev-links: cdrom,cdrw,dvd,dvdrw
           Features: speed: 48x multisession: yes
           audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram state: running
Partition: ID-1: / size: 88G used: 59G (70%) fs: ext4 dev: /dev/sdb5
           ID-2: swap-1 size: 4.02GB used: 0.00GB (0%) fs: swap dev: /dev/sdb6
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 49.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 221 Uptime: 37 min Memory: 1171.6/3699.1MB Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.421) inxi: 2.2.35 

I didn't say above that the system boots either Win 7 or Mint 18. The VPN, from Nord, works like a charm on the Win 7 system on the hardware, and worked very well on identical hardware/software on the Tucson system last week. It went up easily with no hitches on both Mints and I was very surprised that it doesn't work on this machine.

As I said, the VPN connects easily (via the Network Manager applet) but the browser returns a 'cannot find server' error when it times out. Other programs like T-bird and the Software Manager simply hang trying to access the Internet. That looks enough like a DNS problem that much effort has been expended trying to track it down, with no success. Maybe it is something else? I'm open to suggestions as to any other approaches.

Incidentally, I re-loaded OpenVPN (again!) per your instructions in the post referenced above. No change. Anything else I should try?

[BillyJ]

It occurs to me to mention that the computer started out being loaded with Mint 17.x (don't remember) and then upgraded to 18 through a rather long process published on the Mint front page. This leaves the kernel, kernel headers, and 1 other kernel-related package from the original Mint 17. The current system is actually 18, NOT 18.1 as I first indicated (18.1 on the feeble brain, I guess). Perhaps all this would go away if I actually 1) up-graded to 18.1 or 2) loaded it from scratch?

[BillyJ]

I stumbled across a post by phd21 written back in August 2016 titled "Re: OpenVPN does not work on Mint 18 Sarah" that had the answer: Use UDP for a VPN tunnel connection. Thanks for contacting the developers' staff at OpenVPN and publishing this. The 'fix' works well.