GNOME Bugzilla – Bug 695914
Issues with IPv6 and DNS
Last modified: 2017-07-17 19:09:36 UTC
Using OpenConnect 4.0.6-1ubuntu1 and NetworkManager OpenConnect 0.9.6.0-0ubuntu1 from the Ubuntu repo and the vpnc-script that was included with the "apt-get" installation. Connecting to a dual stack Cisco ASA running 9.1.1 from an IPv4 only external network. When using the command "sudo openconnect -vvv https://asa.domain.com", the connection is established and the client receives an IPv4 private address and an IPv6 address. but the IPv6 default route is not set correctly. ----------------------------- sudo openconnect -vvv https://asa.domain.com Attempting to connect to 1.2.3.4:443 SSL negotiation with asa.domain.com Connected to HTTPS on asa.domain.com GET https://asa.domain.com/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Sat, 02 Feb 2013 12:21:40 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with asa.domain.com Connected to HTTPS on asa.domain.com GET https://asa.domain.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. Username:user Password: POST https://asa.domain.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:<deleted>:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2Fasa.domain.com.xml&fh:<deleted>; path=/; secure Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1448, snd mss 1448, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 192.168.54.5 X-CSTP-Netmask: 255.255.255.0 X-CSTP-Address: 2001:1:2:3::1 X-CSTP-Netmask: 2001:1:2:3::1/64 X-CSTP-DNS: 192.168.53.42 X-CSTP-DNS: 10.201.253.41 X-CSTP-NBNS: 192.168.53.42 X-CSTP-NBNS: 10.201.253.41 X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Idle-Timeout: 1800 X-CSTP-Disconnected-Timeout: 1800 X-CSTP-Default-Domain: domain.com X-CSTP-Split-Include: 192.168.53.0/255.255.255.0 X-CSTP-Split-Include: 10.201.253.0/255.255.255.0 X-CSTP-Split-DNS: domain.com X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: true X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: <deleted> X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-CSTP-MTU: 1415 X-DTLS-MTU: 1418 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20 ^C ----------------------------- the IPv6 default route is not set ----------------------------- netstat -6 -r Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:1:2:3::/64 :: U 256 0 0 vpn0 fe80::/64 :: U 256 0 0 eth1 fe80::/64 :: U 256 0 0 vpn0 ::/0 :: !n -1 1 511 lo ::1/128 :: Un 0 1 84 lo 2001:1:2:3::2/128 :: Un 0 1 0 lo fe80::aed:b9ff:fef8:fc21/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 eth1 ff00::/8 :: U 256 0 0 vpn0 ::/0 :: !n -1 1 511 lo ----------------------------- Using the NetworkManager plugin to initiate the VPN resulted in the same routing table. As a comparison, using the Cisco client with the same credentials ----------------------------- netstat -6 -r Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:1:2:3::2/128 :: U 256 0 0 cscotun0 fe80::/64 :: U 256 0 0 cscotun0 ::/0 :: U 1 0 0 cscotun0 ::/0 :: !n -1 1 341 lo ::1/128 :: Un 0 1 83 lo 2001:1:2:3::2/128 :: Un 0 1 528 lo fe80::aed:b9ff:fef8:fc21/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 eth1 ff00::/8 :: U 256 0 0 cscotun0 ::/0 :: !n -1 1 341 lo ----------------------------- After posting on the openconnect-devel mailing list, David Woodhouse suggested replacing the version of the vpnc-script with the one at http://www.infradead.org/openconnect/vpnc-script.html Using the updated vpnc-script, the comnmand now connects as expected ----------------------------- sudo openconnect -vvv asa.domain.com Attempting to connect to 1.2.3.4:443 SSL negotiation with asa.domain.com Server certificate verify failed: signer not found Certificate from VPN server "asa.domain.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on asa.domain.com GET https://asa.domain.com/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Thu, 14 Mar 2013 19:25:39 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with asa.domain.com Server certificate verify failed: signer not found Connected to HTTPS on asa.domain.com GET https://asa.domain.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. Username:testuser Password: POST https://asa.domain.com/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:<deleted>:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2Fasa.domain.com.xml&fh:<deleted>; path=/; secure Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1406, snd mss 1406, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 192.168.54.4 X-CSTP-Netmask: 255.255.255.0 X-CSTP-Address: 2001:1:2:3::1 X-CSTP-Netmask: 2001:1:2:3::1/64 X-CSTP-DNS: 192.168.53.42 X-CSTP-DNS: 10.201.253.41 X-CSTP-NBNS: 192.168.53.42 X-CSTP-NBNS: 10.201.253.41 X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Idle-Timeout: 1800 X-CSTP-Disconnected-Timeout: 1800 X-CSTP-Default-Domain: domain.com X-CSTP-Split-Include: 192.168.53.0/255.255.255.0 X-CSTP-Split-Include: 10.201.253.0/255.255.255.0 X-CSTP-Split-DNS: domain.com X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: true X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: <deleted> X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-CSTP-MTU: 1373 X-DTLS-MTU: 1418 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20 DTLS option X-DTLS-Session-ID : <deleted> DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 20 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-MTU : 1418 DTLS option X-DTLS-CipherSuite : AES128-SHA DTLS connected. DPD 30, Keepalive 20 Connected tun0 as 192.168.54.4 + 2001:470:9652:3::1, using SSL Sending uncompressed data packet of 51 bytes Sending uncompressed data packet of 62 bytes Sending uncompressed data packet of 51 bytes Sending uncompressed data packet of 62 bytes Sending uncompressed data packet of 51 bytes Sending uncompressed data packet of 51 bytes Sending uncompressed data packet of 62 bytes Sending uncompressed data packet of 62 bytes No work to do; sleeping for 6000 ms... No work to do; sleeping for 16000 ms... Received uncompressed data packet of 126 bytes Sending uncompressed data packet of 154 bytes No work to do; sleeping for 20000 ms... Established DTLS connection (using OpenSSL) ----------------------------- the default route is correctly set ----------------------------- netstat -6 -r Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:470:9652:3::/64 :: U 256 0 0 tun0 fe80::/64 :: U 256 0 0 eth1 fe80::/64 :: U 256 0 0 tun0 ::/0 :: U 1 0 0 tun0 ::/0 :: !n -1 1 15 lo ::1/128 :: Un 0 1 1 lo 2001:470:9652:3::1/128 :: Un 0 1 0 lo fe80::aed:b9ff:fef8:fc21/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 eth1 ff00::/8 :: U 256 0 0 tun0 ::/0 :: !n -1 1 15 lo ----------------------------- and DNS resolution works ----------------------------- nslookup www.infradead.org Server: 192.168.53.42 Address: 192.168.53.42#53 Non-authoritative answer: www.infradead.org canonical name = casper.infradead.org. Name: casper.infradead.org Address: 85.118.1.10 ----------------------------- If however I use the NetworkManager plugin the IPv6 default route is not set ----------------------------- netstat -6 -r Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:470:9652:3::/64 :: U 256 0 0 vpn0 fe80::/64 :: U 256 0 0 eth1 fe80::/64 :: U 256 0 0 vpn0 ::/0 :: !n -1 1 9 lo ::1/128 :: Un 0 1 1 lo 2001:470:9652:3::1/128 :: Un 0 1 0 lo fe80::aed:b9ff:fef8:fc21/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 eth1 ff00::/8 :: U 256 0 0 vpn0 ::/0 :: !n -1 1 9 lo ----------------------------- and the DNS servers are not set ----------------------------- nslookup www.infradead.org Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find www.infradead.org: NXDOMAIN ----------------------------- David Woodhouse requested that I opened a bug here http://lists.infradead.org/pipermail/openconnect-devel/2013-March/000971.html
When you use NetworkManager, you don't use the 'real' vpnc-script. Instead, you use a small version provided by NetworkManager itself, which passes all the information back to NetworkManager. Can you show the output from NetworkManager when you connect? It'll be in the syslog. Or you can kill NM and run it from a terminal with --no-daemon --log-devel=DEBUG arguments.
If I kill NetworkManager, my WiFi goes down.... sylog output as below ----------------------------- Mar 19 20:41:37 v5-171-u NetworkManager[2871]: <info> Starting VPN service 'openconnect'... Mar 19 20:41:37 v5-171-u NetworkManager[2871]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 2969 Mar 19 20:41:37 v5-171-u NetworkManager[2871]: <info> VPN service 'openconnect' appeared; activating connections Mar 19 20:41:37 v5-171-u NetworkManager[2871]: <info> VPN plugin state changed: init (1) Mar 19 20:41:46 v5-171-u NetworkManager[2871]: <info> VPN plugin state changed: starting (3) Mar 19 20:41:46 v5-171-u NetworkManager[2871]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/vpn0, iface: vpn0) Mar 19 20:41:46 v5-171-u NetworkManager[2871]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/vpn0, iface: vpn0): no ifupdown configuration found. Mar 19 20:41:46 v5-171-u NetworkManager[2871]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring... Mar 19 20:41:46 v5-171-u NetworkManager[2871]: <info> VPN connection 'asa' (Connect) reply received. Mar 19 20:41:46 v5-171-u openconnect[2979]: Attempting to connect to 1.2.3.4:443 Mar 19 20:41:46 v5-171-u openconnect[2979]: SSL negotiation with asa.domain.com Mar 19 20:41:47 v5-171-u openconnect[2979]: Connected to HTTPS on asa.domain.com Mar 19 20:41:47 v5-171-u openconnect[2979]: Got CONNECT response: HTTP/1.1 200 OK Mar 19 20:41:47 v5-171-u openconnect[2979]: CSTP connected. DPD 30, Keepalive 20 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> VPN connection 'asa' (IP Config Get) reply received. Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> VPN connection 'asa' (IP4 Config Get) reply received. Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> VPN connection 'asa' (IP6 Config Get) reply received. Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> VPN Gateway: 1.2.3.4 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Tunnel Device: vpn0 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> IPv4 configuration: Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal Address: 192.168.54.9 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal Prefix: 24 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal Point-to-Point Address: 192.168.54.9 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Maximum Segment Size (MSS): 0 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Static Route: 10.201.253.0/24 Next Hop: 10.201.253.0 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Static Route: 192.168.53.0/24 Next Hop: 192.168.53.0 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Forbid Default Route: yes Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal DNS: 192.168.53.42 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal DNS: 10.201.253.41 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> DNS Domain: 'domain.com' Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> IPv6 configuration: Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal Address: 2001:1:1:3::1 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal Prefix: 64 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Internal Point-to-Point Address: 2001:1:1:3::1 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Maximum Segment Size (MSS): 0 Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> Forbid Default Route: no Mar 19 20:41:47 v5-171-u NetworkManager[2871]: <info> DNS Domain: 'domain.com' Mar 19 20:41:47 v5-171-u openconnect[2979]: Connected vpn0 as 192.168.54.9 + 2001:1:1:3::1, using SSL Mar 19 20:41:47 v5-171-u openconnect[2979]: Established DTLS connection (using OpenSSL) Mar 19 20:41:48 v5-171-u acvpnagent[1161]: A new network interface has been detected. Mar 19 20:41:48 v5-171-u acvpnagent[1161]: Function: logInterfaces File: ../../vpn/AgentUtilities/Routing/InterfaceRouteMonitorCommon.cpp Line: 477 IP Address Interface List: 192.168.10.155 192.168.54.9 FE80:0:0:0:AED:B9FF:FEF8:FC21 2001:1:1:3:0:0:0:1 Mar 19 20:41:49 v5-171-u NetworkManager[2871]: <info> VPN connection 'asa' (IP Config Get) complete. Mar 19 20:41:49 v5-171-u NetworkManager[2871]: <info> Policy set 'BTHomeHub-098B' (eth1) as default for IPv4 routing and DNS. Mar 19 20:41:49 v5-171-u NetworkManager[2871]: replace_default_ip6_route: assertion `gw != NULL' failed Mar 19 20:41:49 v5-171-u NetworkManager[2871]: <info> Policy set 'asa' (vpn0) as default for IPv6 routing and DNS. Mar 19 20:41:49 v5-171-u NetworkManager[2871]: <info> ((null)): writing resolv.conf to /sbin/resolvconf Mar 19 20:41:49 v5-171-u dnsmasq[1480]: setting upstream servers from DBus Mar 19 20:41:49 v5-171-u dnsmasq[1480]: using nameserver 192.168.53.42#53 for domain 53.168.192.in-addr.arpa Mar 19 20:41:49 v5-171-u dnsmasq[1480]: using nameserver 192.168.53.42#53 for domain 10.in-addr.arpa Mar 19 20:41:49 v5-171-u dnsmasq[1480]: using nameserver 192.168.53.42#53 for domain 54.168.192.in-addr.arpa Mar 19 20:41:49 v5-171-u dnsmasq[1480]: using nameserver 192.168.53.42#53 for domain domain.com Mar 19 20:41:49 v5-171-u dbus[847]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper) Mar 19 20:41:49 v5-171-u NetworkManager[2871]: <info> VPN plugin state changed: started (4) Mar 19 20:41:49 v5-171-u NetworkManager[2871]: keyfile: updating /etc/NetworkManager/system-connections/asa Mar 19 20:41:49 v5-171-u dbus[847]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Mar 19 20:41:49 v5-171-u ntpdate[3069]: Can't find host ntp.ubuntu.com: Name or service not known (-2) Mar 19 20:41:49 v5-171-u ntpdate[3069]: no servers can be used, exiting Mar 19 20:41:55 v5-171-u avahi-daemon[934]: Withdrawing address record for 192.168.10.155 on eth1. Mar 19 20:41:55 v5-171-u avahi-daemon[934]: Leaving mDNS multicast group on interface eth1.IPv4 with address 192.168.10.155. Mar 19 20:41:55 v5-171-u avahi-daemon[934]: Interface eth1.IPv4 no longer relevant for mDNS. Mar 19 20:41:55 v5-171-u avahi-daemon[934]: Joining mDNS multicast group on interface eth1.IPv4 with address 192.168.10.155. Mar 19 20:41:55 v5-171-u avahi-daemon[934]: New relevant interface eth1.IPv4 for mDNS. Mar 19 20:41:55 v5-171-u avahi-daemon[934]: Registering new address record for 192.168.10.155 on eth1.IPv4. Mar 19 20:41:55 v5-171-u openconnect[2979]: DTLS got write error 5. Falling back to SSL Mar 19 20:41:56 v5-171-u NetworkManager[2871]: <info> Policy set 'BTHomeHub-098B' (eth1) as default for IPv4 routing and DNS. Mar 19 20:41:56 v5-171-u NetworkManager[2871]: <info> ((null)): writing resolv.conf to /sbin/resolvconf Mar 19 20:41:56 v5-171-u dnsmasq[1480]: setting upstream servers from DBus Mar 19 20:41:56 v5-171-u dnsmasq[1480]: using nameserver 8.8.4.4#53 Mar 19 20:41:56 v5-171-u dnsmasq[1480]: using nameserver 8.8.8.8#53 Mar 19 20:41:56 v5-171-u dnsmasq[1480]: using nameserver 192.168.10.1#53 Mar 19 20:41:56 v5-171-u openconnect[2979]: Send BYE packet: Client killed Mar 19 20:41:56 v5-171-u acvpnagent[1161]: A network interface has gone down. Mar 19 20:41:56 v5-171-u acvpnagent[1161]: Function: logInterfaces File: ../../vpn/AgentUtilities/Routing/InterfaceRouteMonitorCommon.cpp Line: 477 IP Address Interface List: 192.168.10.155 FE80:0:0:0:AED:B9FF:FEF8:FC21 Mar 19 20:41:56 v5-171-u avahi-daemon[934]: Withdrawing workstation service for vpn0. Mar 19 20:41:56 v5-171-u NetworkManager[2871]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vpn0, iface: vpn0) Mar 19 20:42:00 v5-171-u NetworkManager[2871]: <info> VPN service 'openconnect' disappeared -----------------------------
Yes, it's expected that your network will go down when you kill NetworkManager. You ought to be able to reconnect it though. If you're using GNOME shell you may need to restart it after you restart NetworkManager. (Alt-F2 r Enter)
Created attachment 239339 [details] NetworkManager --no-daemon output "sudo service network-manager stop" "sudo NetworkManager --no-daemon output" connected to the ASA using NetworkManager confirmed that DNS was trying to use 127.0.0.1 disconnected from the ASA killed the process with crtl+c
I'm guessing that http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=89b08a0243e3f6a6fd556e1a99ffe0ebf86c9710 is the cause of the IPv6 route problem. not got a clue what I'm looking for on the DNS side of things
er, cause/reason...
(In reply to comment #5) > I'm guessing that > > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=89b08a0243e3f6a6fd556e1a99ffe0ebf86c9710 > > is the cause of the IPv6 route problem. > > not got a clue what I'm looking for on the DNS side of things If anything, that should *fix* the problem you're seeing here: Mar 19 20:41:49 v5-171-u NetworkManager[2871]: replace_default_ip6_route: assertion `gw != NULL' failed that "assertion `gw != NULL' failed" comes directly from the line: g_return_val_if_fail (gw != NULL, FALSE); that was removed by that patch. What version of NetworkManager are you running? That patch is part of NM 0.9.8 which was released about a month ago.
hence my comment "er, cause/reason" As per the first line of the report NetworkManager OpenConnect 0.9.6.0-0ubuntu1 from the Ubuntu 12.10 repo That addresses the IPv6 part, but not the DNS. I suppose I should have opened two bug reports, this is my first... I'll install 13.04 (which now has 0.9.8) in a VM and see if it fixes both the IPv6 and DNS issues.
I ran some tests with Ubuntu 13.04 I can do "sudo openconnect f.q.d.n" and connect with the vpnc-script from the repo, DNS and IPv6 appear to work correctly If I use the NetworkManager plugin there is some improvement as IPv4 still works and IPv6 works as expected, DNS however is still broken versions Ubuntu 13.04 X64 network-manager 0.9.8.0-1ubuntu2 network-manager-openconnect 0.9.6.0ubuntu1 network-manager-openconnect-gnome dnsmasq-base 2.65-1ubuntu1 openconnect 4.07-1 arne@V5-171u:~$ sudo NetworkManager --no-daemon output NetworkManager[2596]: <info> NetworkManager (version 0.9.8.0) is starting... NetworkManager[2596]: <info> Read config file /etc/NetworkManager/NetworkManager.conf NetworkManager[2596]: <info> WEXT support is enabled NetworkManager[2596]: <info> VPN: loaded org.freedesktop.NetworkManager.pptp NetworkManager[2596]: <info> VPN: loaded org.freedesktop.NetworkManager.openconnect NetworkManager[2596]: <info> DNS: loaded plugin dnsmasq NetworkManager[2596]: SCPlugin-Ifupdown: init! NetworkManager[2596]: SCPlugin-Ifupdown: update_system_hostname NetworkManager[2596]: SCPluginIfupdown: management mode: unmanaged NetworkManager[2596]: SCPlugin-Ifupdown: devices added (path: /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/net/eth1, iface: eth1) NetworkManager[2596]: SCPlugin-Ifupdown: device added (path: /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/net/eth1, iface: eth1): no ifupdown configuration found. NetworkManager[2596]: SCPlugin-Ifupdown: devices added (path: /sys/devices/pci0000:00/0000:00:1c.2/0000:04:00.0/net/eth0, iface: eth0) NetworkManager[2596]: SCPlugin-Ifupdown: device added (path: /sys/devices/pci0000:00/0000:00:1c.2/0000:04:00.0/net/eth0, iface: eth0): no ifupdown configuration found. NetworkManager[2596]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/lo, iface: lo) NetworkManager[2596]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/lo, iface: lo): no ifupdown configuration found. NetworkManager[2596]: SCPlugin-Ifupdown: end _init. NetworkManager[2596]: <info> Loaded plugin ifupdown: (C) 2008 Canonical Ltd. To report bugs please use the NetworkManager mailing list. NetworkManager[2596]: <info> Loaded plugin keyfile: (c) 2007 - 2010 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. NetworkManager[2596]: Ifupdown: get unmanaged devices count: 0 NetworkManager[2596]: SCPlugin-Ifupdown: (26062000) ... get_connections. NetworkManager[2596]: SCPlugin-Ifupdown: (26062000) ... get_connections (managed=false): return empty list. NetworkManager[2596]: keyfile: parsing BTHomeHub-098B ... NetworkManager[2596]: keyfile: read connection 'BTHomeHub-098B' NetworkManager[2596]: Ifupdown: get unmanaged devices count: 0 NetworkManager[2596]: <info> modem-manager is now available NetworkManager[2596]: <info> monitoring kernel firmware directory '/lib/firmware'. NetworkManager[2596]: <info> rfkill2: found WiFi radio killswitch (at /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/ieee80211/phy0/rfkill2) (driver wl) NetworkManager[2596]: <info> rfkill3: found WiFi radio killswitch (at /sys/devices/pci0000:00/0000:00:1c.1/0000:03:00.0/net/eth1/rfkill3) (driver wl) NetworkManager[2596]: <info> rfkill0: found WiFi radio killswitch (at /sys/devices/platform/acer-wmi/rfkill/rfkill0) (platform driver acer-wmi) NetworkManager[2596]: <info> WiFi hardware radio set enabled NetworkManager[2596]: <info> WiFi enabled by radio killswitch; enabled by state file NetworkManager[2596]: <info> WWAN enabled by radio killswitch; enabled by state file NetworkManager[2596]: <info> WiMAX enabled by radio killswitch; enabled by state file NetworkManager[2596]: <info> Networking is enabled by state file NetworkManager[2596]: <info> (eth1): using nl80211 for WiFi device control NetworkManager[2596]: <error> [1364070308.888804] [nm-device-wifi.c:2841] update_permanent_hw_address(): (eth1): unable to read permanent MAC address (error 0) NetworkManager[2596]: <info> (eth1): new 802.11 WiFi device (driver: 'wl' ifindex: 3) NetworkManager[2596]: <info> (eth1): exported as /org/freedesktop/NetworkManager/Devices/0 NetworkManager[2596]: <info> (eth1): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2] NetworkManager[2596]: <info> (eth1): bringing up device. NetworkManager[2596]: <info> (eth1): preparing device. NetworkManager[2596]: <info> (eth1): deactivating device (reason 'managed') [2] NetworkManager[2596]: <warn> failed to allocate link cache: (-10) Operation not supported NetworkManager[2596]: <info> (eth0): carrier is OFF NetworkManager[2596]: <info> (eth0): new Ethernet device (driver: 'tg3' ifindex: 2) NetworkManager[2596]: <info> (eth0): exported as /org/freedesktop/NetworkManager/Devices/1 NetworkManager[2596]: <info> (eth0): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2] NetworkManager[2596]: <info> (eth0): bringing up device. NetworkManager[2596]: <info> (eth0): preparing device. NetworkManager[2596]: <info> (eth0): deactivating device (reason 'managed') [2] NetworkManager[2596]: <info> Added default wired connection 'Wired connection 1' for /sys/devices/pci0000:00/0000:00:1c.2/0000:04:00.0/net/eth0 NetworkManager[2596]: <warn> /sys/devices/virtual/net/lo: couldn't determine device driver; ignoring... NetworkManager[2596]: <warn> /sys/devices/virtual/net/lo: couldn't determine device driver; ignoring... NetworkManager[2596]: <info> (eth1) supports 1 scan SSIDs NetworkManager[2596]: <warn> Trying to remove a non-existant call id. NetworkManager[2596]: <info> (eth1): supplicant interface state: starting -> ready NetworkManager[2596]: <info> (eth1): device state change: unavailable -> disconnected (reason 'supplicant-available') [20 30 42] NetworkManager[2596]: <info> (eth1): supplicant interface state: ready -> inactive NetworkManager[2596]: <info> (eth1) supports 1 scan SSIDs NetworkManager[2596]: <info> Auto-activating connection 'BTHomeHub-098B'. NetworkManager[2596]: <info> Activation (eth1) starting connection 'BTHomeHub-098B' NetworkManager[2596]: <info> (eth1): device state change: disconnected -> prepare (reason 'none') [30 40 0] NetworkManager[2596]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) scheduled... NetworkManager[2596]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) started... NetworkManager[2596]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) scheduled... NetworkManager[2596]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) complete. NetworkManager[2596]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) starting... NetworkManager[2596]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0] NetworkManager[2596]: <info> Activation (eth1/wireless): connection 'BTHomeHub-098B' has security, and secrets exist. No new secrets needed. NetworkManager[2596]: <info> Config: added 'ssid' value 'BTHomeHub-098B' NetworkManager[2596]: <info> Config: added 'scan_ssid' value '1' NetworkManager[2596]: <info> Config: added 'key_mgmt' value 'WPA-PSK' NetworkManager[2596]: <info> Config: added 'auth_alg' value 'OPEN' NetworkManager[2596]: <info> Config: added 'psk' value '<omitted>' NetworkManager[2596]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete. NetworkManager[2596]: <info> Config: set interface ap_scan to 1 NetworkManager[2596]: <info> (eth1): supplicant interface state: inactive -> scanning NetworkManager[2596]: <info> (eth1): supplicant interface state: scanning -> associating NetworkManager[2596]: <info> (eth1): supplicant interface state: associating -> 4-way handshake NetworkManager[2596]: <info> (eth1): supplicant interface state: 4-way handshake -> completed NetworkManager[2596]: <info> Activation (eth1/wireless) Stage 2 of 5 (Device Configure) successful. Connected to wireless network 'BTHomeHub-098B'. NetworkManager[2596]: <info> Activation (eth1) Stage 3 of 5 (IP Configure Start) scheduled. NetworkManager[2596]: <info> Activation (eth1) Stage 3 of 5 (IP Configure Start) started... NetworkManager[2596]: <info> (eth1): device state change: config -> ip-config (reason 'none') [50 70 0] NetworkManager[2596]: <info> Activation (eth1) Beginning DHCPv4 transaction (timeout in 45 seconds) NetworkManager[2596]: <info> dhclient started with pid 2599 NetworkManager[2596]: <info> Activation (eth1) Beginning IP6 addrconf. NetworkManager[2596]: <info> Activation (eth1) Stage 3 of 5 (IP Configure Start) complete. Internet Systems Consortium DHCP Client 4.2.4 Copyright 2004-2012 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ NetworkManager[2596]: <info> (eth1): DHCPv4 state changed nbi -> preinit Listening on LPF/eth1/08:ed:b9:f8:fc:21 Sending on LPF/eth1/08:ed:b9:f8:fc:21 Sending on Socket/fallback DHCPREQUEST of 192.168.10.159 on eth1 to 255.255.255.255 port 67 (xid=0x5bfc6d28) DHCPACK of 192.168.10.159 from 192.168.10.1 bound to 192.168.10.159 -- renewal in 33501 seconds. NetworkManager[2596]: <info> (eth1): DHCPv4 state changed preinit -> reboot NetworkManager[2596]: <info> address 192.168.10.159 NetworkManager[2596]: <info> prefix 24 (255.255.255.0) NetworkManager[2596]: <info> gateway 192.168.10.1 NetworkManager[2596]: <info> nameserver '192.168.10.1' NetworkManager[2596]: <info> nameserver '8.8.8.8' NetworkManager[2596]: <info> nameserver '8.8.4.4' NetworkManager[2596]: <info> domain name 'lan' NetworkManager[2596]: <info> Activation (eth1) Stage 5 of 5 (IPv4 Configure Commit) scheduled... NetworkManager[2596]: <info> Activation (eth1) Stage 5 of 5 (IPv4 Commit) started... NetworkManager[2596]: <info> (eth1): device state change: ip-config -> secondaries (reason 'none') [70 90 0] NetworkManager[2596]: <info> Activation (eth1) Stage 5 of 5 (IPv4 Commit) complete. NetworkManager[2596]: <info> (eth1): device state change: secondaries -> activated (reason 'none') [90 100 0] NetworkManager[2596]: <info> Policy set 'BTHomeHub-098B' (eth1) as default for IPv4 routing and DNS. NetworkManager[2596]: <info> DNS: starting dnsmasq... NetworkManager[2596]: <warn> dnsmasq not available on the bus, can't update servers. NetworkManager[2596]: <error> [1364070316.263458] [nm-dns-dnsmasq.c:402] update(): dnsmasq owner not found on bus: Could not get owner of name 'org.freedesktop.NetworkManager.dnsmasq': no such name NetworkManager[2596]: <warn> DNS: plugin dnsmasq update failed NetworkManager[2596]: <info> Writing DNS information to /sbin/resolvconf NetworkManager[2596]: <info> Activation (eth1) successful, device activated. NetworkManager[2596]: <warn> dnsmasq appeared on DBus: :1.77 NetworkManager[2596]: <info> Writing DNS information to /sbin/resolvconf NetworkManager[2596]: <info> (eth1): IP6 addrconf timed out or failed. NetworkManager[2596]: <info> Activation (eth1) Stage 4 of 5 (IPv6 Configure Timeout) scheduled... NetworkManager[2596]: <info> Activation (eth1) Stage 4 of 5 (IPv6 Configure Timeout) started... NetworkManager[2596]: <info> Activation (eth1) Stage 4 of 5 (IPv6 Configure Timeout) complete. (NetworkManager:2596): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed NetworkManager[2596]: <info> Starting VPN service 'openconnect'... NetworkManager[2596]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 2775 NetworkManager[2596]: <info> VPN service 'openconnect' appeared; activating connections ** (process:2775): WARNING **: property 'cookie-flags' unknown ** (process:2775): WARNING **: property 'certsigs-flags' unknown ** (process:2775): WARNING **: property 'autoconnect-flags' unknown ** (process:2775): WARNING **: property 'gateway-flags' unknown ** (process:2775): WARNING **: property 'gwcert-flags' unknown ** (process:2775): WARNING **: property 'xmlconfig-flags' unknown ** (process:2775): WARNING **: property 'lasthost-flags' unknown ** (process:2775): WARNING **: property 'certsigs' unknown ** (process:2775): WARNING **: property 'xmlconfig' unknown ** (process:2775): WARNING **: property 'lasthost' unknown ** (process:2775): WARNING **: Created tundev vpn0 NetworkManager[2596]: <info> VPN plugin state changed: starting (3) NetworkManager[2596]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/vpn0, iface: vpn0) NetworkManager[2596]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/vpn0, iface: vpn0): no ifupdown configuration found. NetworkManager[2596]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring... ** Message: openconnect started with pid 2786 NetworkManager[2596]: <info> VPN connection 'asa' (Connect) reply received. NetworkManager[2596]: <info> VPN connection 'asa' (IP Config Get) reply received. NetworkManager[2596]: <info> VPN connection 'asa' (IP4 Config Get) reply received. NetworkManager[2596]: <info> VPN connection 'asa' (IP6 Config Get) reply received. NetworkManager[2596]: <info> VPN Gateway: 1.2.3.4 NetworkManager[2596]: <info> Tunnel Device: vpn0 NetworkManager[2596]: <info> IPv4 configuration: NetworkManager[2596]: <info> Internal Address: 192.168.54.9 NetworkManager[2596]: <info> Internal Prefix: 24 NetworkManager[2596]: <info> Internal Point-to-Point Address: 192.168.54.9 NetworkManager[2596]: <info> Maximum Segment Size (MSS): 0 NetworkManager[2596]: <info> Static Route: 10.201.253.0/24 Next Hop: 10.201.253.0 NetworkManager[2596]: <info> Static Route: 192.168.53.0/24 Next Hop: 192.168.53.0 NetworkManager[2596]: <info> Forbid Default Route: yes NetworkManager[2596]: <info> Internal DNS: 192.168.53.42 NetworkManager[2596]: <info> Internal DNS: 10.201.253.41 NetworkManager[2596]: <info> DNS Domain: 'domain.com' NetworkManager[2596]: <info> IPv6 configuration: NetworkManager[2596]: <info> Internal Address: 2001:1:1:3::1 NetworkManager[2596]: <info> Internal Prefix: 64 NetworkManager[2596]: <info> Internal Point-to-Point Address: 2001:1:1:3::1 NetworkManager[2596]: <info> Maximum Segment Size (MSS): 0 NetworkManager[2596]: <info> Forbid Default Route: no NetworkManager[2596]: <info> DNS Domain: 'domain.com' SIOCSIFMTU: Operation not permitted NetworkManager[2596]: <info> VPN connection 'asa' (IP Config Get) complete. NetworkManager[2596]: <info> Policy set 'BTHomeHub-098B' (eth1) as default for IPv4 routing and DNS. NetworkManager[2596]: <info> Policy set 'asa' (vpn0) as default for IPv6 routing and DNS. NetworkManager[2596]: <info> Writing DNS information to /sbin/resolvconf NetworkManager[2596]: <info> VPN plugin state changed: started (4) NetworkManager[2596]: keyfile: updating /etc/NetworkManager/system-connections/asa UDP (DTLS) connect: : Network is unreachable NetworkManager[2596]: <info> Policy set 'BTHomeHub-098B' (eth1) as default for IPv4 routing and DNS. NetworkManager[2596]: <info> Writing DNS information to /sbin/resolvconf ** Message: Terminated openconnect daemon with PID 2786. ** (process:2775): WARNING **: openconnect exited with error code 1 ** (process:2775): WARNING **: Destroyed tundev vpn0 NetworkManager[2596]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vpn0, iface: vpn0) NetworkManager[2596]: <info> VPN service 'openconnect' disappeared ^CNetworkManager[2596]: <info> caught signal 2, shutting down normally. NetworkManager[2596]: <info> (eth1): device state change: activated -> unmanaged (reason 'removed') [100 10 36] NetworkManager[2596]: <info> (eth1): deactivating device (reason 'removed') [36] NetworkManager[2596]: <info> (eth1): canceled DHCP transaction, DHCP client pid 2599 NetworkManager[2596]: <info> (eth1): cleaning up... NetworkManager[2596]: <info> (eth1): taking down device. NetworkManager[2596]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889) NetworkManager[2596]: <info> (eth0): device state change: unavailable -> unmanaged (reason 'removed') [20 10 36] NetworkManager[2596]: <info> (eth0): cleaning up... NetworkManager[2596]: <info> (eth0): taking down device. NetworkManager[2596]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889) NetworkManager[2596]: <info> exiting (success) arne@V5-171u:~$ in a different terminal while connected. arne@V5-171u:~$ nslookup www.infradead.org Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find www.infradead.org.lan: REFUSED
Adding an IPv4 DNS server to the OpenConnect NetworkManager plugin has no effect, but adding an IPv6 DNS sever to the openConnect NetworkManager plugin is successful. For anyone else that has the same issue, when connected do dig @<ipv4 address of dns server> <dns server f.q.d.n> AAAA Then add the IPv6 address as an "Additional DNS Server:" on the IPv6 Settings tab in the OpenConnect NetworkManager plugin for the connection, when you reconnect, you should have working DNS
(In reply to comment #9) > NetworkManager[2596]: <info> Internal Point-to-Point Address: 192.168.54.9 > NetworkManager[2596]: <info> Maximum Segment Size (MSS): 0 > NetworkManager[2596]: <info> Static Route: 10.201.253.0/24 Next Hop: > 10.201.253.0 > NetworkManager[2596]: <info> Static Route: 192.168.53.0/24 Next Hop: > 192.168.53.0 > NetworkManager[2596]: <info> Forbid Default Route: yes > NetworkManager[2596]: <info> Internal DNS: 192.168.53.42 > NetworkManager[2596]: <info> Internal DNS: 10.201.253.41 ... > in a different terminal while connected. > > arne@V5-171u:~$ nslookup www.infradead.org > Server: 127.0.1.1 > Address: 127.0.1.1#53 > > ** server can't find www.infradead.org.lan: REFUSED Hm, why is it asking 127.0.1.1? Can you show the contents of /etc/resolv.conf? Sounds like NetworkManager is failing to update the DNS configuration. Under the IPv4/IPv6 configuration, do you have either configuration method set to 'Automatic (VPN) addresses only'? I think that affects whether it uses the DNS servers configured by the VPN or not. Although I have no idea why you'd be able to set it differently for IPv6 and Legacy IP.
arne@Satellite-Pro-A200:~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.1.1 search domain.com it doesn't change when connected, but I wouldn't expect it to. When not connected it still uses 127.0.0.1 for resolving. arne@Satellite-Pro-A200:~$ nslookup www.infradead.org Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: www.infradead.org canonical name = casper.infradead.org. Name: casper.infradead.org Address: 85.118.1.10 Both the IPv4 tab and the IPv6 tab are set to "Automatic (VPN)" The IPv4 tab only accepts IPv4 addresses, the IPv6 tab only accepts IPv6 addresses.
Just re-reading your previous, I wondered if you were aware of some of the changes that were made for Ubuntu 12.04 http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
Still valid?
Closing this bug report as no further information has been provided. Please feel free to reopen this bug report if you can provide the information that was asked for in a previous comment. Thanks!