You are not logged in.
With a fresh install of arch and the only changes being that I am trying systemd and lvm. My last install did not leak but I didn't use systemd.
I run mullvad vpn on a openwrt router with arch wire connected. (wireguard on router)
It appears to leak sporadically, or maybe periodically - haven't observed it enough yet.
It is just the arch desktop, no other device on the network leaks.
I did notice that upon installing kde plasma, it installed network-manager also. Does plasma require networkmanager? can both be used at the same time?
No parameters are active in the /etc/systemd/resolved.conf file.
The /etc/resolv.conf file is empty.
I also installed iwd incase I require my mobo boards' wifi one day - not sure if that is pertinent.
Any ideas?
Offline
With a fresh install of arch and the only changes being that I am trying systemd and lvm. My last install did not leak but I didn't use systemd.
Do you mean systemd-networkd for network setup and systemd-resolved for DNS?
I run mullvad vpn on a openwrt router with arch wire connected. (wireguard on router)
I'm sorry - what? That doesn't make any sense to me.
I did notice that upon installing kde plasma, it installed network-manager also. Does plasma require networkmanager? can both be used at the same time?
No - they will cause trouble. AKAIK only the "plasma-nm" applet requires NetworkManager.
No parameters are active in the /etc/systemd/resolved.conf file.
O.K. (see first reply)
The /etc/resolv.conf file is empty.
That is not as it should be.
I also installed iwd incase I require my mobo boards' wifi one day - not sure if that is pertinent.
Make sure iwd is inactive and disabled.
Last edited by -thc (2024-11-26 17:46:08)
Offline
First of all, props for the half life avatar!
Do you mean systemd-networkd for network setup and systemd-resolved for DNS?
Yes, exactly.
I'm sorry - what? That doesn't make any sense to me.
I'll clarify: I thought it pertinent to mention that my VPN isn't on my desktop but rather running on my router - so that my entire home goes through mullvad VPN, using the wireguard protocol.
Does that make sense?
No - they will cause trouble. AKAIK only the "plasma-nm" applet requires NetworkManager.
Ah rats I chose the wrong desktop environment then. It wasn't evident to me since plasma works fine with systemd boot.
Is there anything I can do?
Make sure iwd is inactive and disabled.
Done.
Thanks for the super fast reply.
Offline
First of all, props for the half life avatar!
I'll clarify: I thought it pertinent to mention that my VPN isn't on my desktop but rather running on my router - so that my entire home goes through mullvad VPN, using the wireguard protocol.
Does that make sense?
Yes. But you just connect your Arch box via wire to the router? And the configuration is done via DHCP?
Ah rats I chose the wrong desktop environment then. It wasn't evident to me since plasma works fine with systemd boot.
Is there anything I can do?
You could switch to a combination of NetworkManager and systemd-resolved for a more consistent GUI experience or uninstall plasma-nm and NetworkManager to rely on systemd only but without GUI representation.
Offline
No - they will cause trouble. AKAIK only the "plasma-nm" applet requires NetworkManager.
Ah rats I chose the wrong desktop environment then. It wasn't evident to me since plasma works fine with systemd boot.
Is there anything I can do?
To be clear here, they were saying that you can't use NetworkManager alongside systemd-networkd. Using Plasma with systemd-networkd is fine.
Online
Yes. But you just connect your Arch box via wire to the router? And the configuration is done via DHCP?
Yes, exactly, here's my config file:
cat /etc/systemd/network/20-wired.network
[Match]
Name=enp14s0
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
Ok thanks guys, I've removed plasma-nm and networkmanager using pacman -Rs flags. So far so good for DNS leaks...but still testing.
EDIT: still leaking
Last edited by badgerbanger (Yesterday 07:33:34)
Offline
The /etc/resolv.conf file is empty.
That is not as it should be.
For future search purposes of this thread.
I've figured out that this file was meant to have symlink to /run/systemd/resolv/resolv.conf /etcresolv.conf
cat /etc/resolv.conf
# Resolver configuration file.
# See resolv.conf(5) for details.
[remgee@archangel ~]$ sudo rm /etc/resolv.conf
[remgee@archangel ~]$ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
[remgee@archangel ~]$ cat /etc/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.nameserver 8.8.8.8
nameserver fdc9:fcdb:2690::1
search .
I also switched to a static IP address but no change.
Offline
No - the preferred way to configure systemd-resolved is this stub symlink:
lrwxrwxrwx 1 root root 37 Oct 30 2023 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
This linked file should reference "127.0.0.53" (which means your local systemd-resolved process).
systemd-resolved in turn should set the DNS servers on your network link according to the DHCP answer:
resolvectl
Last edited by -thc (Today 13:56:08)
Offline
No - the preferred way to configure systemd-resolved is this stub symlink:
lrwxrwxrwx 1 root root 37 Oct 30 2023 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
This linked file should reference "127.0.0.53" (which means your local systemd-resolved process).
systemd-resolved in turn should set the DNS servers on your network link according to the DHCP answer:
resolvectl
I actually found my error earlier today while trolling around the arch wiki and corrected
I am greeted with the following now:
[remgee@archangel ~]$ cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.nameserver 127.0.0.53
options edns0 trust-ad
search .
I also figured out by the wiki that I needed to add my loop back device its own config file also so I did that.
However, my problem of DNS leakage pesisted.
This is the results from resolvectl so far:
[remgee@archangel ~]$ resolvectl
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 10.64.0.1
DNS Servers: 10.64.0.1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google
2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
DNS Domain: ~.Link 2 (enp14s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.64.0.1
DNS Servers: 10.64.0.1 fdc9:fcdb:2690::1Link 3 (wlan0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
I changed DNS globally and in my wired eth0 file to the ip given by my vpn as it was something else. Just testing now.
One question; under the link 2 device, for 'DNS servers'; where is it obtaining -what looks like a ipv6 address from? 'fdc9:fcdb:2690::1'?
Offline
I also figured out by the wiki that I needed to add my loop back device its own config file also so I did that.
With systemd-networkd? What?
I changed DNS globally and in my wired eth0 file to the ip given by my vpn as it was something else. Just testing now.
Why? To what? Is 10.64.0.x your routers home network?
If your router acts as a Mullvad VPN client and does everything correct - your machine should work with the IP addresses of your router as DNS servers. If there is a leak then something on your router isn't right.
One question; under the link 2 device, for 'DNS servers'; where is it obtaining -what looks like a ipv6 address from? 'fdc9:fcdb:2690::1'?
There is a very long answer and a shorter one: This is an IPv6 ULA address (functionally comparable to non-routeable IPv4 addresses like 10.x.y.z) and probably that of your router.
Offline