You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2023-12-19 08:40:42
- Akim
- Member
- Registered: 2021-08-04
- Posts: 42
Expressvpn DNS issues
Hi, I can't make Expressvpn work on my system.
Every time I connect it, the internet just stops working - the browser says something like "can't recognize this site's dns" and `ping` gives temporary name resolution error after hanging for a while.
I assume it has something to do with NetworkManager and possibly /etc/resolve.conf? I'm not sure it it's suppose to change from the default one generated by NetworkManager (`nameserver ::1`), but it does (to expressvpn's specific server). I'm positive it's a configuration issue, not the vpn's issue, since it works on every other device.
Offline
#2 2023-12-19 09:23:59
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 68,411
Re: Expressvpn DNS issues
says something like … and `ping` gives temporary name resolution error
Is this a new christmas trend?
Do not paraphrase, https://bbs.archlinux.org/viewtopic.php?id=57855
Then compare
ip a; ip r; ping -c1 8.8.8.8; resolvectl status; nslookup google.comw/ and w/o VPN
Last edited by seth (2023-12-19 09:24:08)
Offline
#3 2023-12-19 09:49:04
- Akim
- Member
- Registered: 2021-08-04
- Posts: 42
Re: Expressvpn DNS issues
Sorry for paraphrasing Seth, I didn't have my programming socks on. It says in the browser:
This site can’t be reached
wiki.archlinux.org’s DNS address could not be found. Diagnosing the problem.
DNS_PROBE_POSSIBLEHere's the output w/o vpn:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 68:54:5a:97:5b:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.109.99/24 brd 192.168.109.255 scope global dynamic noprefixroute wlan0
valid_lft 41608sec preferred_lft 41608sec
inet6 fe80::e1b8:2365:1cbb:e32/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: ham0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1404 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 7a:79:19:25:50:d3 brd ff:ff:ff:ff:ff:ff
14: ipv6leakintrf0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 9a:d1:56:6b:7d:f9 brd ff:ff:ff:ff:ff:ff
inet6 fdeb:446c:912d:8da::/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::a511:8044:9d3d:f21a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
default via 192.168.109.1 dev wlan0 proto dhcp src 192.168.109.99 metric 600
192.168.109.0/24 dev wlan0 proto kernel scope link src 192.168.109.99 metric 600
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=109 time=18.2 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.223/18.223/18.223/0.000 ms
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 1.1.1.1#cloudflare-dns.com
DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.10#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::10#dns.quad9.net 2001:4860:4860::8888#dns.google ::1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
DNS Domain: ~.
Link 2 (wlan0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 4 (ham0)
Current Scopes: LLMNR/IPv4 mDNS/IPv4
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 14 (ipv6leakintrf0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: ::1
DNS Servers: ::1
DNS Domain: ~.
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; no servers could be reachedAnd with vpn on:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 68:54:5a:97:5b:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.109.99/24 brd 192.168.109.255 scope global dynamic noprefixroute wlan0
valid_lft 41421sec preferred_lft 41421sec
4: ham0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1404 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 7a:79:19:25:50:d3 brd ff:ff:ff:ff:ff:ff
16: ipv6leakintrf0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 9a:d1:56:6b:7d:f9 brd ff:ff:ff:ff:ff:ff
inet6 fdeb:446c:912d:8da::/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::a511:8044:9d3d:f21a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
22: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.183.0.34 peer 10.183.0.33/32 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.183.0.33 dev tun0
default via 192.168.109.1 dev wlan0 proto dhcp src 192.168.109.99 metric 600
10.0.0.0/8 via 192.168.109.1 dev wlan0
10.183.0.1 via 10.183.0.33 dev tun0
10.183.0.33 dev tun0 proto kernel scope link src 10.183.0.34
128.0.0.0/1 via 10.183.0.33 dev tun0
172.16.0.0/12 via 192.168.109.1 dev wlan0
192.168.0.0/16 via 192.168.109.1 dev wlan0
192.168.109.0/24 dev wlan0 proto kernel scope link src 192.168.109.99 metric 600
193.68.92.11 via 192.168.109.1 dev wlan0
193.68.92.45 via 192.168.109.1 dev wlan0
193.68.92.121 via 192.168.109.1 dev wlan0
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 1.1.1.1#cloudflare-dns.com
DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.10#dns.quad9.net
8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com
2620:fe::10#dns.quad9.net 2001:4860:4860::8888#dns.google ::1
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google
2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net
2001:4860:4860::8888#dns.google
DNS Domain: ~.
Link 2 (wlan0)
Current Scopes: LLMNR/IPv4 mDNS/IPv4
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 4 (ham0)
Current Scopes: LLMNR/IPv4 mDNS/IPv4
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 16 (ipv6leakintrf0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: ::1
DNS Servers: ::1
DNS Domain: ~.
Link 22 (tun0)
Current Scopes: LLMNR/IPv4 mDNS/IPv4
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
;; communications error to 10.183.0.1#53: timed out
;; communications error to 10.183.0.1#53: timed out
;; communications error to 10.183.0.1#53: timed out
;; no servers could be reachedI sure do hope I did not just doxx myself with these IP commands haha..
Last edited by Akim (2023-12-19 09:49:46)
Offline
#4 2023-12-19 13:24:59
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 68,411
Re: Expressvpn DNS issues
fe80 ls a link local address and fdeb:446c seems specific to some ipv6 leak prevention proxy
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0msit's not a DNS issue.
That being said:
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; no servers could be reachedEven w/o the VPN resolved seems to malfunction, it seems to be configured as mere consumer and uses cloudflares DNS regardless of the VPN. You might want to look into that.
Sanity check: Please post the output of
find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -fand
dig google.com # w/ and w/o VPNBack to EVPN
0.0.0.0/1 via 10.183.0.33 dev tun0
10.183.0.1 via 10.183.0.33 dev tun0
128.0.0.0/1 via 10.183.0.33 dev tun0tun0 certainly takes precedence in routing, can you
ping -c 1 10.183.0.33
ping -c1 10.183.0.34Did you install the expressvpn aur package or the arch package distributed by ExpressVPN itself?
Offline
#5 2023-12-19 19:55:02
- Akim
- Member
- Registered: 2021-08-04
- Posts: 42
Re: Expressvpn DNS issues
I installed the AUR package. Without the vpn:
$ find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
bluetooth.service | bluetooth.target.wants
dbus-org.bluez.service | system
dbus-org.freedesktop.nm-dispatcher.service | system
dbus-org.freedesktop.resolve1.service | system
dbus-org.freedesktop.timesync1.service | system
expressvpn.service | multi-user.target.wants
gcr-ssh-agent.socket | sockets.target.wants
getty@tty1.service | getty.target.wants
i8kmon.service | multi-user.target.wants
lm_sensors.service | multi-user.target.wants
logmein-hamachi.service | multi-user.target.wants
NetworkManager.service | multi-user.target.wants
NetworkManager-wait-online.service | network-online.target.wants
nextcloud-cron.timer | timers.target.wants
optimus-manager.service | graphical.target.wants
p11-kit-server.socket | sockets.target.wants
pipewire.socket | sockets.target.wants
pulseaudio.socket | sockets.target.wants
remote-fs.target | multi-user.target.wants
sshd.service | multi-user.target.wants
systemd-resolved.service | multi-user.target.wants
systemd-timesyncd.service | sysinit.target.wants
tlp.service | multi-user.target.wants
$ dig google.com
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
; <<>> DiG 9.18.20 <<>> google.com
;; global options: +cmd
;; no servers could be reached
$ ping -c 1 10.183.0.33
PING 10.183.0.33 (10.183.0.33) 56(84) bytes of data.
--- 10.183.0.33 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ ping -c1 10.183.0.34
PING 10.183.0.34 (10.183.0.34) 56(84) bytes of data.
--- 10.183.0.34 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0msWith:
$ dig google.com
; <<>> DiG 9.18.20 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37073
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 3329 IN A 216.58.212.174
;; Query time: 66 msec
;; SERVER: 100.64.100.1#53(100.64.100.1) (UDP)
;; WHEN: Tue Dec 19 22:51:36 MSK 2023
;; MSG SIZE rcvd: 55Offline
#6 2023-12-19 20:22:58
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 68,411
Re: Expressvpn DNS issues
"ping -c 1 10.183.0.*" w/o the VPN makes no sense, the question is about the behavior w/ the VPN
The VPN seems to redirect your DNS to 100.64.100.1 (which is Carrier Grade NAT)
Somehow systemd-resolved doesn't listen in localhost:53 but that's (::1) still the configured DNS w/o the VPN
=> How exactly is https://wiki.archlinux.org/title/Networ … management configured for you?
Offline
#7 2023-12-20 07:40:53
- Akim
- Member
- Registered: 2021-08-04
- Posts: 42
Re: Expressvpn DNS issues
You're right, apologies, here's ping with vpn:
$ ping -c 1 10.183.0.33
PING 10.183.0.33 (10.183.0.33) 56(84) bytes of data.
--- 10.183.0.33 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ ping -c1 10.183.0.34
PING 10.183.0.34 (10.183.0.34) 56(84) bytes of data.
--- 10.183.0.34 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0msFrankly, I don't know how NetworkManager is configured, I don't remember touching it since the initial installation and setup a couple of years ago. Also networking is one area that I know literally nothing about. I'm not entirely sure what exactly would be helpful, so here's all I can find:
$ <list recursively /etc/NetwrokManager>
drwxr-xr-x root 2 months ago 4.0 KB ./
drwx------ root 21 hours ago 4.0 KB ├── system-connections/
drwxr-xr-x root 2 years ago 4.0 KB ├── dnsmasq-shared.d/
drwxr-xr-x root 2 years ago 4.0 KB ├── dnsmasq.d/
drwxr-xr-x root a year ago 4.0 KB ├── dispatcher.d/
drwxr-xr-x root 2 years ago 4.0 KB │ ├── pre-up.d/
drwxr-xr-x root 2 years ago 4.0 KB │ ├── pre-down.d/
drwxr-xr-x root 2 years ago 4.0 KB │ ├── no-wait.d/
.rwxr-xr-x root 2 years ago 119 B │ └── 09-timezone.sh*
drwxr-xr-x root 2 years ago 4.0 KB ├── conf.d/
.rw-r--r-- root 2 months ago 88 B └── NetworkManager.conf
$ cat NetworkManager.conf
# Configuration file for NetworkManager.
# See "man 5 NetworkManager.conf" for details.
$ ls /etc/resolv.conf
.rw-r--r-- root 12 minutes ago 45 B /etc/resolv.conf # So not a symlink
$ cat /etc/resolv.conf [w/o vpn]
# Generated by NetworkManager
nameserver ::1
$ cat /etc/resolv.conf [with vpn]
# Generated by expressvpn
search expressvpn
nameserver 100.64.100.1Offline
#8 2023-12-20 11:00:52
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 68,411
Re: Expressvpn DNS issues
You're not getting to the previously VPN configured gateway, did "ip r" w/ the VPN maybe change to (now) also use 100.64.100.0/24 ?
(updated "ip a; ip r; dig google.com" w/ the VPN active?)
# Generated by NetworkManager
nameserver ::1This here seems bogus.
ping -6 -c1 ::1
nmap -p 53 localhost
ss -tulpen | grep ':53'Maybe you're https://wiki.archlinux.org/title/Networ … connection ?
Offline
#9 2023-12-20 11:30:22
- Akim
- Member
- Registered: 2021-08-04
- Posts: 42
Re: Expressvpn DNS issues
I'm not setting custom DNS servers in a connection afaik.
With vpn:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 68:54:5a:97:5b:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.109.99/24 brd 192.168.109.255 scope global dynamic noprefixroute wlan0
valid_lft 41303sec preferred_lft 41303sec
4: ham0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1404 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 7a:79:19:25:50:d3 brd ff:ff:ff:ff:ff:ff
13: ipv6leakintrf0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 9a:d1:56:6b:7d:f9 brd ff:ff:ff:ff:ff:ff
inet6 fdeb:446c:912d:8da::/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::a511:8044:9d3d:f21a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
23: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.81.0.30 peer 10.81.0.29/32 scope global tun0
valid_lft forever preferred_lft forever
$ ip r
0.0.0.0/1 via 10.81.0.29 dev tun0
default via 192.168.109.1 dev wlan0 proto dhcp src 192.168.109.99 metric 600
10.0.0.0/8 via 192.168.109.1 dev wlan0
10.81.0.1 via 10.81.0.29 dev tun0
10.81.0.29 dev tun0 proto kernel scope link src 10.81.0.30
128.0.0.0/1 via 10.81.0.29 dev tun0
172.16.0.0/12 via 192.168.109.1 dev wlan0
192.168.0.0/16 via 192.168.109.1 dev wlan0
192.168.109.0/24 dev wlan0 proto kernel scope link src 192.168.109.99 metric 600
193.68.92.76 via 192.168.109.1 dev wlan0
193.68.92.109 via 192.168.109.1 dev wlan0
193.68.92.201 via 192.168.109.1 dev wlan0
$ dig google.com
;; communications error to 10.81.0.1#53: timed out
;; communications error to 10.81.0.1#53: timed out
;; communications error to 10.81.0.1#53: timed out
; <<>> DiG 9.18.20 <<>> google.com
;; global options: +cmd
;; no servers could be reached
$ ping -6 -c1 ::1
PING ::1(::1) 56 data bytes
--- ::1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ nmap -p 53 localhost
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-20 14:23 MSK
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000047s latency).
PORT STATE SERVICE
53/tcp closed domain
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
$ \ss -tulpen | grep ':53'
udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:* uid:978 ino:3464 sk:1 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* uid:978 ino:3462 sk:2 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 224.0.0.251:5353 0.0.0.0:* users:(("brave",pid=2315,fd=239)) uid:1000 ino:668978 sk:1002 cgroup:/user.slice/user-1000.slice/session-1.scope <->
udp UNCONN 0 0 224.0.0.251:5353 0.0.0.0:* users:(("brave",pid=2315,fd=177)) uid:1000 ino:668977 sk:1003 cgroup:/user.slice/user-1000.slice/session-1.scope <->
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* uid:978 ino:9526 sk:6 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 0.0.0.0:5355 0.0.0.0:* uid:978 ino:9521 sk:7 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 [::]:5353 [::]:* uid:978 ino:9527 sk:a cgroup:/system.slice/systemd-resolved.service v6only:1 <->
udp UNCONN 0 0 [::]:5355 [::]:* uid:978 ino:9524 sk:b cgroup:/system.slice/systemd-resolved.service v6only:1 <->
tcp LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:* uid:978 ino:9522 sk:e cgroup:/system.slice/systemd-resolved.service <->
tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:* uid:978 ino:3465 sk:f cgroup:/system.slice/systemd-resolved.service <->
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* uid:978 ino:3463 sk:10 cgroup:/system.slice/systemd-resolved.service <->
tcp LISTEN 0 4096 [::]:5355 [::]:* uid:978 ino:9525 sk:14 cgroup:/system.slice/systemd-resolved.service v6only:1 <->
$ cat /etc/hosts # May be useful idk
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 localhost
::1 localhost
127.0.1.1 archie.localdomain archieFor some reason dig gives different output now? I haven't changed anything since last time, so not sure what this is about. Last time with the vpn on it was:
$ dig google.com
; <<>> DiG 9.18.20 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37073
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 3329 IN A 216.58.212.174
;; Query time: 66 msec
;; SERVER: 100.64.100.1#53(100.64.100.1) (UDP)
;; WHEN: Tue Dec 19 22:51:36 MSK 2023
;; MSG SIZE rcvd: 55Offline
#10 2023-12-20 15:16:34
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 68,411
Re: Expressvpn DNS issues
So
- ping ::1 fails, maybe you've IPv6 disabled? But NM should™ not hand you a DNS there.
- 53 is closed on 127.0.0.1, but resolved does listen on 127.0.0.53 what NM should™ add as nameserver, try to configure that in https://wiki.archlinux.org/title/Networ … NS_servers - alternatively you should™ get that if you allow /etc/resolv.conf to be a symlink to /run/systemd/resolve/stub-resolv.conf (but idk whether ExpressVPN "likes" this condition)
- The ExpressVPN situation is more sketchy
* You get a lease on 10.81.0.30 p2p to 10.81.0.29
* you should be able to ping those IPs (since they're dynamic, you'll have to look them up before your test that everytime you start EVPN)
* you (initially) also get the DNS configured to the gateway on 10.81.0.1 (you could likewise try to ping/nmap that) but it doesn't reply to DNS requests
* you then switch to a DNS in the CGN at 100.64.100.1 (I assume this is ExpressVPN trial-and-erroring its way forward)?
* w/ expressVPN enabled (and once dig works), can you
ping -c3 -I tun0 google.com?
So you're getting DNS from 100.64.100.1 (which btw. works) but a lease in
Offline
#11 2023-12-21 10:21:30
- Akim
- Member
- Registered: 2021-08-04
- Posts: 42
Re: Expressvpn DNS issues
IPv6 seems to be enabled:
$ ip -6 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::84d8:f05a:2ecd:f97a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ipv6leakintrf0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
inet6 fdeb:446c:912d:8da::/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::a511:8044:9d3d:f21a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: ham0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1404 state UNKNOWN qlen 1000
inet6 2620:9b::1925:50d3/96 scope global
valid_lft forever preferred_lft forever
inet6 fe80::7879:19ff:fe25:50d3/64 scope link proto kernel_ll
valid_lft forever preferred_lft foreverI added
[global-dns-domain-*]
servers=::1,127.0.0.1,127.0.0.53to /etc/NetworkManager/conf.d/dns-servers.conf.
After restarting NM dig seems to work w/o vpn:
dig google.com
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.18.20 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45600
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 147 IN A 173.194.221.101
google.com. 147 IN A 173.194.221.100
google.com. 147 IN A 173.194.221.139
google.com. 147 IN A 173.194.221.113
google.com. 147 IN A 173.194.221.102
google.com. 147 IN A 173.194.221.138
;; Query time: 23 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Dec 21 11:10:29 CET 2023
;; MSG SIZE rcvd: 135However,neither dig nor ping work with vpn on:
$ dig google.com
;; communications error to 10.81.0.1#53: timed out
;; communications error to 10.81.0.1#53: timed out
;; communications error to 10.81.0.1#53: timed out
; <<>> DiG 9.18.20 <<>> google.com
;; global options: +cmd
;; no servers could be reached
$ ping -c3 -I tun0 google.com
PING google.com (64.233.164.100) from 10.81.0.18 tun0: 56(84) bytes of data.
--- google.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2022msGod, why is it so complicated..
Offline
#12 2023-12-21 12:42:48
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 68,411
Re: Expressvpn DNS issues
Because god hates you 
There're three things going on here
1. your somewhat broken IPv6 stack (ping -6 ::1 should work)
2. the broken resolved (config)
3. the VPN
Does ipv6leakintrf0 exist if you disable the expressvpn.service and reboot? Did you use protonvpn before?
Then there's logmein-hamachi.service and the ham0 which seems a second (third) VPN?
Do you actively use that? Otherwise disable the service.
Because of the IPv6 situation: do you run some netfilter like firewalld or ufw or a manual netfilter/iütables config?
If you've not intentioanally shifted away from the /run/systemd/resolve/stub-resolv.conf symlink, please restore /etc/resolv.conf as a symlink to /run/systemd/resolve/stub-resolv.conf and remove the [global-dns-domain-*] again (::1 and 127.0.0.1 aren't helpful anyway, nothing's listening there)
After all of that, please reboot w/o ExpressVPN and post "ip a; ip r; dig google.com" - we need to re-establish basic sanity first before dealing w/ the VPN on top of that.
Offline
Pages: 1