ubuntu-phone team mailing list archive

Thread
Date

Re: OpenVPN

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
From: Skyflyer <skyflyer@xxxxxxxxxxxx>
Date: Mon, 6 Jun 2016 11:21:38 -0400
In-reply-to: <ab596d7c-5feb-8e73-5c24-c3672d04baf5@engineer.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1


On 06/06/2016 11:07 AM, Skyflyer wrote:
> With the new OTA-11 and Username/Password working (1567389
> <https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1567389>)my
> vpn tunnel is operational.  I was surprised to find the config file
> writable (/etc/NetworkManager/system-connections/) and I had to edit
> it with auth=SHA512 to get it working.  Now I'm having some side
> affects.  I've also enabled ufw with :
>
> phablet@ubuntu-phablet:/etc/NetworkManager/system-connections$ sudo
> ufw status verbose
> Status: active
> Logging: on (medium)
> Default: deny (incoming), deny (outgoing), disabled (routed)
> New profiles: skip
> To                         Action      From
> --                         ------      ----
> 22                         ALLOW IN    192.168.XX.XX
> XXX.XXX.XXX.XXX            ALLOW OUT   Anywhere #To VPN
> Anywhere                   ALLOW OUT   10.33.0.0/16
>
> I can turn the vpn on/off with the toggle in Settings tab and all
> connections are blocked except those that travel the tunnel.  I'm
> getting this in the ufw.log file:
> UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:b69d:0bff:fe4f:ffb9
> DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255
> FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0
>
> 1> Is there anyway to disable IPv6?  I would expect to see an option
> in WiFi settings... but surprisingly there are no WiFi options at all.
>
> 2> I'm seeing unusually long times checking for Updates (on vpn).  I
> get a Software Up to Date confirmation, but I suspect it is just a
> time-out default message.  I'm currently at about 5 minutes Checking
> for updates. Off the vpn (ufw disable) it takes 5 - 10 seconds. 
>

Jun  6 11:12:16 ubuntu-phablet kernel: [ 7214.928646] (0)[11677:Qt HTTP
thread][UFW AUDIT] IN= OUT=tun0 SRC=10.33.XX.XX DST=162.213.33.200
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49715 DF PROTO=TCP SPT=57250 DPT=443
WINDOW=29200 RES=0x00 SYN URGP=0

Jun  6 11:12:37 ubuntu-phablet kernel: [ 7235.466507]
(0)[3089:QSGRenderThread][UFW BLOCK] IN= OUT=tun0 SRC=192.168.XX.XX
DST=91.189.88.157 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=50999 DF PROTO=TCP
SPT=41575 DPT=443 WINDOW=289 RES=0x00 ACK PSH FIN URGP=0

Think I found something... on the UFW BLOCK, SRC=192.168.XX.XX and
OUT=tun0 ; that can't happen?  It should be SRC=10.33.XX.XX (vpn ip) and
OUT=tun0.  DST=91.189.88.157 is Canonical server, which should explain
why I can't check for Updates on vpn.   

> 3> The vpn may have caused the app store purchase failure that I
> already posted about earlier today.
>
> Otherwise things seem to be working well.  
> ~Will Atwood
>
>
>
>
>
>

References

OpenVPN
From: Skyflyer, 2016-06-06