Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
berlitz
Level 1
Level 1
Posts: 1
Joined: Thu Mar 09, 2017 8:31 pm

Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by berlitz »

When I updated to the latest network-manager (1.2.6-0ubuntu0.16.04.1) DNS leaks appeared immediately in my VPN - my real Internet provider's servers were displayed along with those of the VPN provider. After force-dropping back to 1.2.2-0ubuntu0.16.04.4 the problem went away.

Using the old package is a workaround that may have security implications (it never gave me any usability issues). How risky is continuing to use network-manager 1.2.2-0ubuntu0.16.04.4 ? Unfortunately the gov in my country is fairly draconian and so DNS leaks are unacceptable to me.

Thanks for reading :)

User avatar
phd21
Level 19
Level 19
Posts: 9635
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by phd21 »

Hi "berlitz",

It would help to know more about your system setup. If you run "inxi -Fxzd" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

What country are you in?

I recommend that everyone change their local ISP (Internet Service Provider's) network connection's DNS server IP addresses using your Network Manager system tray panel icon (or your router) to neutral safe ones from "dns.watch", "opennicproject", "OpenDNS", "freenom world", etc... regardless whether you use a VPN or not.

But, if your VPN provider and your Network Manager using the openVPN protocol is working properly, there should be no DNS leaks.

I have not noticed any "network manager" updates recently, was this offered to you through the Mint Update Manager, or did you try to update this yourself through some other means? And, if so, how?

You can test your IP addresses and DNS addresses before and after making changes using "ipleak.net", etc... Check the bottom of the page to fix browsers regarding DNS leaks...

Hope this helps ...
Phd21: Mint 19.2 Cinnamon & xKDE (Xfce) & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 2 in 1, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics. I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

jrichard326
Level 1
Level 1
Posts: 16
Joined: Thu Mar 09, 2017 8:06 am

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by jrichard326 »

I experienced the same problem of DNS leaking with the latest network manager update. The update was through Update Manager. I am running Mint 18.1 XFCE. The solution that worked for me was downgrading the network package to the previous and locking the version in Synaptic Package Manager. Although I had Yandex DNS entries in the config, the VPN would connect using the forced DNS from my router config (OpenDNS). Also my passwords didn't stick with the new version and I had to authenticate the connection.

User avatar
phd21
Level 19
Level 19
Posts: 9635
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by phd21 »

Hi "jrichard326",

I just tested Cinnamon 18.1 64-bit where I have manually changed my local ISP network connection's DNS servers to other secure DNS provider's servers, and it is working fine, using the Network Manager which shows version 1.2.6 in "Synaptic Package Manager (SPM)". My Linux Mint KDE systems (17.3 and 18.1) also check out fine.

Anyone can also use the websites below for verification of current IP addresses and DNS servers. Tip: It is a good idea to know what your default local ISP connection's information is (external IP address and DNS Server IP addresses) before changing them, or using a VPN connection, so that when you do run a test, you can see that they are different as they should be.

ipleak.net
* see bottom of page for browser information on preventing webrtc leaks.
https://ipleak.net/

DNS Leak Test .com - good info too.
https://dnsleaktest.com/results.html

Console terminal commands for Linux Mint 18.x (Ubuntu 16.04+), (Linux Mint 17.x Ubuntu 14.04 users can use "nm-tool")
To show current DNS server IP addresses

Code: Select all

nmcli dev show | grep DNS
To show more information

Code: Select all

nmcli dev show

Obviously, if you connect to a VPN provider's server somewhere, then your external IP address should be different than your normal one, and your DNS servers normally inherit the VPN's DNS servers as well.

If you change your actual hardware router's DNS server IP addresses, then that will probably over-ride changes made through your desktop, so If you want to change any desktop computer connected to that router, you will probably have to change the router's setting for this, or remove those router DNS changes, and change them from the desktop(s).

Hope this helps ...
Phd21: Mint 19.2 Cinnamon & xKDE (Xfce) & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 2 in 1, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics. I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

jrichard326
Level 1
Level 1
Posts: 16
Joined: Thu Mar 09, 2017 8:06 am

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by jrichard326 »

Hi phd21:

Thanks for trying to help. Others have experienced the same issue with the latest 1.26 network manager. There was a post on the Networking section of these forums, but It does not seem to be there anymore. I used "ginjabunny's" instructions to downgrade the package and it worked for me as well. There is definitely something wrong with that 1.2.6-0buntu0.16.0.1.1 update. For now, I am sitting tight at 1.2.2 version and keeping a backup of it, just in case I decide to be brave and accept the next update. I knew something was up when the update previous to this last one, the "Disconnect VPN" item was missing.

User avatar
phd21
Level 19
Level 19
Posts: 9635
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by phd21 »

Hi "jrichard326",

You are welcome.

Did you read this?
https://dnsleaktest.com/how-to-fix-a-dns-leak.html
Apparently OpenVPN client software ver 2.3.9 or higher can also help prevent DNS Leaks when using a VPN. Simply open the .conf (or .ovpn) file for the server that you are connecting to and add the following on a new line
block-outside-dns

In my Cinnamon 18.1 according to the "Synaptic Package Manager (SPM)", the openVPN client is ver 2.3.10

You can also use the "openVPN" developer's repository to keep it up to date. They also mention installing "easy-rsa".

Using OpenVPN apt repositories
https://community.openvpn.net/openvpn/w ... twareRepos
Information on versions
https://openvpn.net/index.php/open-sour ... loads.html

To install their repository, open a console terminal, type in, or copy & paste, each line below one by one:
Step 1:

Code: Select all

sudo -s
Step 2:

Code: Select all

wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
openVPN wrote: Information
Where <version> can be one of
stable: stable releases only - no alphas, betas or RCs
testing: latest releases, including alphas/betas/RCs
release/2.3: OpenvPN 2.3 releases
release/2.4: OpenVPN 2.4 releases, including alphas/betas/RCs

and <osrelease> depends your distribution:
wheezy (Debian 7.x)
jessie (Debian 8.x)
precise (Ubuntu 12.04)
trusty (Ubuntu 14.04) (Linux Mint 17.x)
xenial (Ubuntu 16.04) (Linux Mint 18.x)

echo "deb http://build.openvpn.net/debian/openvpn/<version> <osrelease> main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
Step 3: Install the repository for your version of Linux Mint and the version of OpenVPN client that you want.

Note: The current version used in the repositories for Linux Mint 18 is version 2.3, the instructions below are for 2.4, change it to 2.3 if that is what you prefer.

Linux Mint 18.x
Newest openVPN client in the version 2.4 series

Code: Select all

echo "deb http://build.openvpn.net/debian/openvpn/release/2.4 xenial main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
OR
Linux Mint 17.x
Newest openVPN client in the version 2.4 series

Code: Select all

echo "deb http://build.openvpn.net/debian/openvpn/release/2.4 trusty main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
Step 4:

Code: Select all

sudo apt-get update && sudo apt-get install openvpn
Step 5: Exit the console terminal and restart your computer, or at least logout and log back in.


Hope this helps ...
Phd21: Mint 19.2 Cinnamon & xKDE (Xfce) & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 2 in 1, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics. I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
xenopeek
Level 24
Level 24
Posts: 24738
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by xenopeek »

There are several current bug reports for the DNS of a VPN connection not working correctly after the recent network-manager upgrade:
- https://bugs.launchpad.net/ubuntu/+sour ... ug/1671606
- https://bugs.launchpad.net/ubuntu/+sour ... ug/1671964
This may be related to the issue of the DNS leak?

Several workarounds were suggested in those bug reports:
Workaround: systemctl restart NetworkManager
Restarting NetworkManager didn't work for me. [...] What did work was to modify the VPN connection and change the ipv4 configuration to address only, then manually add the routes I needed for the VPN (I did a broadstroke and routed 10.0.0.0/8 to the vpn tun)
Manually specifying the DNS servers in the connection doesn't seem to help. I was able to work around this by commenting out dnsmasq in /etc/NetworkManager/NetworkManager.conf
If none of those help you can try downgrade network-manager from 1.2.6-0ubuntu0.16.04.1 to 1.2.2-0ubuntu0.16.04.4 with the command:
apt install network-manager/xenial-security
Possibly you will have to downgrade more packages.
Image

User avatar
xenopeek
Level 24
Level 24
Posts: 24738
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by xenopeek »

Another user solved a related issue by downgrading also the package resolvconf.
Image

jrichard326
Level 1
Level 1
Posts: 16
Joined: Thu Mar 09, 2017 8:06 am

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by jrichard326 »

Thanks xenopeek. Right now I have the network manager update blacklisted, but I will check regularly for a new update that might function better. The best workaround for me is to continue using the 1.2.2 package which I have not had any problem with.

Namf_Mint
Level 1
Level 1
Posts: 20
Joined: Fri Apr 28, 2017 9:03 pm

Re: Update of network-manager (1.2.6-0ubuntu0.16.04.1) causes DNS leaks in VPN (WORKAROUND)

Post by Namf_Mint »

xenopeek, and all:

Anyone know when the network-manager will be fixed? It's been a while now, and I'd like to upgrade (to solve other network-manager problems, and just so that I can forget about it and take the package off hold). I don't fancy trying the work-arounds.

Thanks.

Post Reply

Return to “Software & Applications”