[Solved] NetworkManager+OpenVPN odd behavior

Crunchbang · 2024-05-22 04:14:05

When connected to my private VPN, some websites "resolve" to the web server on the VPN host.

Pasted into a web browser loads the VPN host local webserver. However ping shows that the host does NOT point to the VPN host gateway..?? traceroute shows normal hops directly to the remote host and NOT to the gateway. As soon as the VPN is toggled off everything returns to normal. tbh im stumped and not even sure where to start lol

Last edited by Crunchbang (2024-05-25 08:42:55)

-thc · 2024-05-22 05:21:58

That sounds like a hiccup in the DNS management.

Which one (see https://wiki.archlinux.org/title/Networ … management) do you use?

Crunchbang · 2024-05-23 01:05:59

-thc wrote:

That sounds like a hiccup in the DNS management.
Which one (see https://wiki.archlinux.org/title/Networ … management) do you use?

ipv4 Network using default dns. Local DNS provided by the wifi gateway and VPN DNS provided by OpenDNS. dnsmasq not installed

/etc/resolv.conf (while VPN is connected)

# Generated by NetworkManager
nameserver 208.67.222.222  
nameserver 208.67.220.220
nameserver 192.168.1.1

Last edited by Crunchbang (2024-05-23 01:14:43)

-thc · 2024-05-23 04:16:32

That looks O.K.

Can you exclude an "IPv6 bypass"? Is IPv6 either disabled or fully enabled (local/VPN)?

Does your browser use DNS over TLS (DoT) or DNS over HTTPS (DoH)? If yes, can you switch it off?

Crunchbang · 2024-05-25 01:29:41

turned off secure DNS in chrome with no change. Turned back on a set DNS provider to Google public DNS. No change. Also no change when using curl

Checked if ipv6 enabled at all:
sysctl -a 2>/dev/null | grep disable_ipv6.

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.enp2s0.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.tun0.disable_ipv6 = 0
net.ipv6.conf.wlan0.disable_ipv6 = 0

Disable

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.tun0.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1

Recheck
sysctl -a 2>/dev/null | grep disable_ipv6

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.enp2s0.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
net.ipv6.conf.wlan0.disable_ipv6 = 1

No change when tested.

Last edited by Crunchbang (2024-05-25 01:32:18)

-thc · 2024-05-25 04:55:47

Is this a split tunnel or full tunnel VPN - is the default gateway switched to the VPN endpoint on connection?

And is that your desired use of your VPN?

Crunchbang · 2024-05-25 05:01:07

Its a full tunnel. Just used for privacy that I toggle on/off as needed. Eventually it will provide some private services on the VPN subnet but for now just tunneling. It works well for my purposes tbh. Just noticed this that I cant explain lol.

Crunchbang · 2024-05-25 05:04:44

-thc wrote:

Is this a split tunnel or full tunnel VPN - is the default gateway switched to the VPN endpoint on connection?
And is that your desired use of your VPN?

ip route

default via 10.8.0.1 dev tun0 proto static metric 50 
default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.230 metric 600 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.3 metric 50 
***.1**.20.14* via 192.168.1.1 dev wlan0 proto static metric 50 
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.230 metric 600 
192.168.1.1 dev wlan0 proto static scope link metric 50

Last edited by Crunchbang (2024-05-25 05:09:48)

-thc · 2024-05-25 06:15:39

Please post the output of

drill checkip.dyndns.org @208.67.222.222

with and without active VPN

Crunchbang · 2024-05-25 06:31:26

VPN OFF

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59992
;; flags: qr rd ra ; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; checkip.dyndns.org.	IN	A

;; ANSWER SECTION:
checkip.dyndns.org.	409	IN	CNAME	checkip.dyndns.com.
checkip.dyndns.com.	409	IN	A	158.101.44.242
checkip.dyndns.com.	409	IN	A	193.122.6.168
checkip.dyndns.com.	409	IN	A	193.122.130.0
checkip.dyndns.com.	409	IN	A	132.226.8.169
checkip.dyndns.com.	409	IN	A	132.226.247.73

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 24 msec
;; SERVER: 208.67.222.222
;; WHEN: Sat May 25 01:28:33 2024
;; MSG SIZE  rcvd: 148

VPN ON

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 46126
;; flags: qr rd ra ; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; checkip.dyndns.org.	IN	A

;; ANSWER SECTION:
checkip.dyndns.org.	527	IN	CNAME	checkip.dyndns.com.
checkip.dyndns.com.	525	IN	A	193.122.6.168
checkip.dyndns.com.	525	IN	A	193.122.130.0
checkip.dyndns.com.	525	IN	A	132.226.8.169
checkip.dyndns.com.	525	IN	A	132.226.247.73
checkip.dyndns.com.	525	IN	A	158.101.44.242

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 223 msec
;; SERVER: 208.67.222.222
;; WHEN: Sat May 25 01:30:51 2024
;; MSG SIZE  rcvd: 148

-thc · 2024-05-25 06:35:29

And finally

curl http://193.122.6.168

with and without active VPN.

Crunchbang · 2024-05-25 06:41:26

VPN OFF

<html><head><title>Current IP Check</title></head><body>Current IP Address: 47.211.126.***</body></html>

With VPN the output is blank. The request went to the VPN host local webserver lol

Last edited by Crunchbang (2024-05-25 06:43:42)

Crunchbang · 2024-05-25 06:45:48

VPN OFF

*   Trying 193.122.6.168:80...
* Connected to 193.122.6.168 (193.122.6.168) port 80
> GET / HTTP/1.1
> Host: 193.122.6.168
> User-Agent: curl/8.8.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Date: Sat, 25 May 2024 06:44:03 GMT
< Content-Type: text/html
< Content-Length: 106
< Connection: keep-alive
< Cache-Control: no-cache
< Pragma: no-cache
< X-Request-ID: d85245a852794c7a9748d58925b734e2
< 
<html><head><title>Current IP Check</title></head><body>Current IP Address: 47.211.126.***</body></html>
* Connection #0 to host 193.122.6.168 left intact

VPN ON

*   Trying 193.122.6.168:80...
* Connected to 193.122.6.168 (193.122.6.168) port 80
> GET / HTTP/1.1
> Host: 193.122.6.168
> User-Agent: curl/8.8.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 302 Found
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: JSESSIONID=1ljjdvrnn4f9i;Path=/
< Location: http://193.122.6.168/login.view;jsessionid=1ljjdvrnn4f9i?
< Content-Length: 0
< Server: Jetty(6.1.x)
< 
* Connection #0 to host 193.122.6.168 left intact

2 completely different servers. So not a DNS issue. Maybe something weird about routing tables on the host ?

Last edited by Crunchbang (2024-05-25 06:49:05)

-thc · 2024-05-25 07:05:37

That's definitely weird.

Looks like port redirection (80,443) on the VPN host to me.

Crunchbang · 2024-05-25 08:35:01

-thc wrote:

That's definitely weird.
Looks like port redirection (80,443) on the VPN host to me.

Nailed it!!

2    15995  898K REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 4040

Host is forwarding 80 to a Jetty container on 4040. Fixed by setting the rule to eth0. Thanks! Marking as solved

Last edited by Crunchbang (2024-05-25 08:42:18)

Arch Linux

#1 2024-05-22 04:14:05

[Solved] NetworkManager+OpenVPN odd behavior

#2 2024-05-22 05:21:58

Re: [Solved] NetworkManager+OpenVPN odd behavior

#3 2024-05-23 01:05:59

Re: [Solved] NetworkManager+OpenVPN odd behavior

#4 2024-05-23 04:16:32

Re: [Solved] NetworkManager+OpenVPN odd behavior

#5 2024-05-25 01:29:41

Re: [Solved] NetworkManager+OpenVPN odd behavior

#6 2024-05-25 04:55:47

Re: [Solved] NetworkManager+OpenVPN odd behavior

#7 2024-05-25 05:01:07

Re: [Solved] NetworkManager+OpenVPN odd behavior

#8 2024-05-25 05:04:44

Re: [Solved] NetworkManager+OpenVPN odd behavior

#9 2024-05-25 06:15:39

Re: [Solved] NetworkManager+OpenVPN odd behavior

#10 2024-05-25 06:31:26

Re: [Solved] NetworkManager+OpenVPN odd behavior

#11 2024-05-25 06:35:29

Re: [Solved] NetworkManager+OpenVPN odd behavior

#12 2024-05-25 06:41:26

Re: [Solved] NetworkManager+OpenVPN odd behavior

#13 2024-05-25 06:45:48

Re: [Solved] NetworkManager+OpenVPN odd behavior

#14 2024-05-25 07:05:37

Re: [Solved] NetworkManager+OpenVPN odd behavior

#15 2024-05-25 08:35:01

Re: [Solved] NetworkManager+OpenVPN odd behavior

Board footer