LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-01-2020, 03:07 AM   #1
desmi
LQ Newbie
 
Registered: Apr 2020
Posts: 6

Rep: Reputation: Disabled
Question VPN issues with DNS in linux mint 19.3


So like a lot of people I am working from home at the moment. There are some internal work websites I can only reach from VPN.

On my old laptop, that runs Ubuntu 19.10 I can make the VPN connection (from the connection manager) and when its on I can only visit internal office websites. I found out I can use a checkbox "Use this connection only for resources on its network". When that is ON it works perfectly.

Now at the beginning of the year I got a new laptop and installed Linux Mint 19.3 (the latest I think).

When I add the VPN I get the same issue, I can only visit my internal office sites. But then I check the same checkbox, I cant visit any internal sites.

If I start openvpn from the commandline it connects, but I don't have DNS because I can only ping IPs from my office network but no websites are resolved.

I found sort of a workaround:

sudo ifmetric tun0 1000

This makes my VPN connection less important (I think?) and I can use both VPN and normal internet.

But after a while it kills my Wifi connection. I dont really understand why.

Anyway I can only work from home at the moment and I would really like to use my new much faster laptop.

I did find this bug and maybe its related, I'm not sure: https://bugs.launchpad.net/ubuntu/+s...n/+bug/1598665

I tried as much as I can, but at the moment I am stuck.
 
Old 04-01-2020, 07:27 AM   #2
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,432

Rep: Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496
The only time I experienced symptoms like your original issue was a VPN startup that did NOT add the DNS server in the remote subnet to my the top of my nameserver list.

Check your /etc/resolv.conf both before making the VPN connection and after. If they match, you might have to manually configure NetworkManager to add the DNS server for that subnet when making the connection.

You might also have to undo any other network changes you have made to get network stability returned. I hope you kept notes.
 
Old 04-01-2020, 09:17 AM   #3
desmi
LQ Newbie
 
Registered: Apr 2020
Posts: 6

Original Poster
Rep: Reputation: Disabled
My /etc/resolv.conf does not change before and after I turn on VPN.

This is also kind of strange, before I turn on VPN:

$ traceroute example.com
traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
1 _gateway (10.0.0.1) 3.285 ms 2.887 ms 3.206 ms
2 * * *
3 213.51.196.89 (213.51.196.89) 29.461 ms 29.424 ms 29.082 ms
4 asd-rc0001-cr101-be156-10.core.as9143.net (213.51.158.0) 17.810 ms 17.812 ms 17.797 ms
5 nl-ams04a-ri3-ae50-0.aorta.net (213.51.64.66) 17.781 ms 17.765 ms 17.748 ms
6 213.46.182.162 (213.46.182.162) 17.429 ms 15.051 ms 12.165 ms
7 adm-bb3-link.telia.net (62.115.136.194) 112.807 ms 111.617 ms adm-bb4-link.telia.net (62.115.137.64) 109.089 ms
8 prs-bb3-link.telia.net (213.155.136.21) 111.606 ms 111.544 ms *
9 * * ash-bb2-link.telia.net (62.115.112.242) 114.220 ms
10 ash-b1-link.telia.net (62.115.143.121) 110.032 ms ash-b1-link.telia.net (62.115.143.79) 108.919 ms 108.854 ms
11 verizon-ic-315152-ash-b1.c.telia.net (213.248.83.119) 102.242 ms verizon-ic-342246-ash-b1.c.telia.net (62.115.175.71) 109.130 ms *
12 152.195.64.129 (152.195.64.129) 107.098 ms 152.195.65.129 (152.195.65.129) 106.146 ms 152.195.64.129 (152.195.64.129) 99.525 ms
13 93.184.216.34 (93.184.216.34) 99.469 ms 99.493 ms 98.552 ms
14 93.184.216.34 (93.184.216.34) 98.749 ms 98.319 ms 100.927 ms


After I turn on VPN:
$ traceroute example.com
traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
1 10.22.44.1 (10.22.44.1) 37.006 ms 53.276 ms 53.294 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *


Even if I set the hops maximum to 200 I reach the max hops

from my ifconfig:

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.22.44.26 netmask 255.255.255.255 destination 10.22.44.25
 
Old 04-01-2020, 10:38 AM   #4
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,432

Rep: Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496
Check your routing tables before and after connecting, and compare the results on the old laptop with the results on the new one. Something in the VPN is not responding the same for both, and that may be an issue.

Since your nameserver list does not change, name resolution is not changing when the connection is made so that your remote subnet resolves properly. Depending upon how they set up their network, that might or might not be correct. I would check that on the old laptop to make sure that it presents the same results. It does appear that resolution, if it Is a problem, is not the ONLY problem, so I am eager to see the results of your routing comparison.
 
Old 04-02-2020, 06:44 AM   #5
desmi
LQ Newbie
 
Registered: Apr 2020
Posts: 6

Original Poster
Rep: Reputation: Disabled
So this is very strange, I looked at the routing tables before and after I started the VPN, both on my old laptop and my new one.

They are the same, I checked them with a diff tool, the only difference is the name of the Wifi (wlp3s0 and wlp62s0) and the IPs both wifi connections get from my router. All the tun0 routes completely identical.
 
Old 04-02-2020, 07:06 AM   #6
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,432

Rep: Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496
Quote:
Originally Posted by desmi View Post
So this is very strange, I looked at the routing tables before and after I started the VPN, both on my old laptop and my new one.

They are the same, I checked them with a diff tool, the only difference is the name of the Wifi (wlp3s0 and wlp62s0) and the IPs both wifi connections get from my router. All the tun0 routes completely identical.
So the tun0 routes are the same on the two hosts. What about the rest of the tables?
 
Old 04-02-2020, 11:46 AM   #7
desmi
LQ Newbie
 
Registered: Apr 2020
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by wpeckham View Post
So the tun0 routes are the same on the two hosts. What about the rest of the tables?
Also the same, they are identical, with the only difference the name of the wifi and the IP adres the laptop gets from the wifi. Everything else is identical.

Is there something else I can check like a firewall or anything else?
 
Old 04-02-2020, 04:01 PM   #8
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 4,784

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Returning to your opening comments...
Quote:
On my old laptop, that runs Ubuntu 19.10 I can make the VPN connection (from the connection manager) and when its on I can only visit internal office websites. I found out I can use a checkbox "Use this connection only for resources on its network". When that is ON it works perfectly.

Now at the beginning of the year I got a new laptop and installed Linux Mint 19.3 (the latest I think).

When I add the VPN I get the same issue, I can only visit my internal office sites. But then I check the same checkbox, I cant visit any internal sites.

If I start openvpn from the commandline it connects, but I don't have DNS because I can only ping IPs from my office network but no websites are resolved.
It would be useful if you can show us the /etc/resolv.conf entries when the VPN is active vs when not. You could also compare the DNS entries with the old (working) laptop and compare with the newer one.

The traceroute results you shared back in post #3 arn't unusual. That just means all traffic is routed through the tunnel. The corporate openVPN server config ensures that. You'd need to use split tunnelling to avoid that situation...but you haven't shared the routing table for us to look for ourselves.
 
Old 04-06-2020, 12:35 PM   #9
desmi
LQ Newbie
 
Registered: Apr 2020
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ferrari View Post
Returning to your opening comments...


It would be useful if you can show us the /etc/resolv.conf entries when the VPN is active vs when not. You could also compare the DNS entries with the old (working) laptop and compare with the newer one.

The traceroute results you shared back in post #3 arn't unusual. That just means all traffic is routed through the tunnel. The corporate openVPN server config ensures that. You'd need to use split tunnelling to avoid that situation...but you haven't shared the routing table for us to look for ourselves.

Hey sorry it took some time to respond.

So without VPN I see this:
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search ziggo.nl

With VPN: I see no change. (same as above)

Now I checked on my old laptop and without VPN I see:

# Generated by NetworkManager
search ziggo.nl
nameserver 10.0.0.1
nameserver 2001:b88:1002::10
nameserver 2001:b88:1202::10
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2001:730:3e42:1000::53

With VPN is see:

# Generated by NetworkManager
search ziggo.nl
nameserver 10.22.45.1
nameserver 10.22.45.20
nameserver 10.0.0.1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2001:b88:1002::10
nameserver 2001:b88:1202::10
nameserver 2001:730:3e42:1000::53

I think I said this in the original post, but I'll just repeat because it might be important:

old laptop -> ubuntu 19.10
new laptop -> linux mint 19.3
 
Old 04-06-2020, 12:47 PM   #10
desmi
LQ Newbie
 
Registered: Apr 2020
Posts: 6

Original Poster
Rep: Reputation: Disabled
Its finally fixed!!

All your suggestions definitely helped, because it directed me to this forum post: https://forums.linuxmint.com/viewtopic.php?t=303660

So I tried this fix:
Quote:
Mint uses systemd-resolved and it seems plausible that your router is "special" or even plain buggy and that systemd-resolved refuses the reply. Clearly we have to compensate for things working for you from the other systems and the easiest test would be to disable systemd-resolved for a bit:

Code:
$ sudo systemctl disable systemd-resolved
$ sudo systemctl stop systemd-resolved
$ sudo rm /etc/resolv.conf
Then edit /etc/NetworkManager/NetworkManager.conf to insert "dns=default" in the [main] section and


Code:
sudo systemctl restart NetworkManager.service
And now the resolv.conf output is the same as it is on my old laptop and my VPN works normally !!!

I'm just so happy!!

Last edited by desmi; 04-06-2020 at 12:49 PM.
 
Old 04-06-2020, 04:57 PM   #11
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 4,784

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
Good result, and yes the 'nameserver 127.0.0.53' entry in /etc/resolv.conf was a dead giveaway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables + VPN issues (dns?) on 14.2 counterfeit Slackware 8 07-20-2016 02:14 AM
DNS issues, Downloading issues, Web issues. UbuntuHelp Linux - Networking 1 08-28-2012 07:34 AM
Having an internal DNS and an external DNS (for VPN use) DaveQB Linux - Laptop and Netbook 3 09-05-2011 12:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration