[strongSwan] Newest Linux distributions ignore provided DNS settings and provide "garbage" IP addresses instead

Marian Kechlibar marian.kechlibar at circletech.net
Fri May 4 09:47:56 CEST 2018


Hi all,

recent versions of NetworkManager-strongswan plugin cannot parse DNS
settings correctly.

----------------------------------------------------------------------

Detailed description of the bug

I upgraded two of my work computers:

from Ubuntu 17.10 to Ubuntu 18.04
and
from Fedora 27 to Fedora 28

Both of them started to ignore the DNS provided by the strongswan VPN
server. No addresses in the private net can be resolved now. Meanwhile,
the other workstations which remained nonupgraded (Ubuntu 17.10 and
Fedora 27) still work fine. There were no changes on the VPN server,
which is under my control.

I limited my further search for the cause of the bug to the Fedora
computers.

The functioning Fedora 27 uses NetworkManager 1.8.6 and
NetworkManager-strongswan plugin 1.4.0.

The nonfunctioning Fedora 28 uses NetworkManager 1.10.6 and  and
NetworkManager-strongswan plugin 1.4.3.

Looking at the output of the journalctl on the functioning computers
with Fedora 27, the DNS seems to be parsed correctly:

Data: VPN Gateway: 82.100.29.182
Data: Tunnel Device: (null)
14[IKE] peer supports MOBIKE
Data: IPv4 configuration:
Data:   Internal Address: 10.105.106.77
Data:   Internal Prefix: 32
Data:   Internal Point-to-Point Address: 10.105.106.77
Data:   Maximum Segment Size (MSS): 0
Data:   Forbid Default Route: yes
Data:   Internal DNS: 172.17.1.2
Data:   DNS Domain: '(none)'
Data: No IPv6 configuration
VPN connection: (IP Config Get) complete
VPN plugin: state changed: started (4)

Looking at the output of the journalctl on the failing computers with
Fedora 28, the DNS seems to be a totally random address, each time a
different one.

Data: VPN Gateway: 82.100.29.182
Data: Tunnel Device: (null)
Data: IPv4 configuration:
Data:   Internal Address: 10.105.106.10
Data:   Internal Prefix: 32
Data:   Internal Point-to-Point Address: 10.105.106.10
Data:   Static Route: 10.105.106.10/32   Next Hop: 0.0.0.0
Data:   Internal DNS: 144.117.1.140
Data:   DNS Domain: '(none)'
Data: No IPv6 configuration
VPN connection: (IP Config Get) complete
VPN plugin: state changed: started (4)

Also, no mention of MOBIKE, interesting.

Also, in the journalctl of the failing computes, I see the following
error, which may be a cause of the problem. This error is not seen on
the functioning computers.

May 04 09:33:50 localhost.localdomain gnome-shell[1257]: JS ERROR:
TypeError: item is undefined

setActiveConnections/<@resource:///org/gnome/shell/ui/status/network.js:1518:17

setActiveConnections at resource:///org/gnome/shell/ui/status/network.js:1515:9

wrapper at resource:///org/gnome/gjs/modules/_legacy.js:82:22

_syncVpnConnections at resource:///org/gnome/shell/ui/status/network.js:1853:9

wrapper at resource:///org/gnome/gjs/modules/_legacy.js:82:22

In my opinion, the parsing of the DNS record fails for some reason and
the displayed DNS is just memory garbage found in an unitialized C variable.

Best regards

Marian Kechlibar

---
Tato zpráva byla zkontrolována na viry programem Avast Antivirus.
https://www.avast.com/antivirus



More information about the Users mailing list