lex.luthor 0 Posted ... I installed AirVPN Suite and I got it working the first time but then I stop and start the service and now I can't connect: ● bluetit.service - AirVPN Bluetit Daemon Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-11-23 22:29:29 GMT; 20s ago Process: 25627 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS) Main PID: 25637 (bluetit) Tasks: 4 (limit: 4483) Memory: 5.0M CGroup: /system.slice/bluetit.service └─25637 /sbin/bluetit Nov 23 22:29:48 betelgeuse bluetit[25637]: EVENT: RECONNECTING Nov 23 22:29:48 betelgeuse bluetit[25637]: ERROR: N_RECONNECT Nov 23 22:29:48 betelgeuse bluetit[25637]: EVENT: RESOLVE Nov 23 22:29:48 betelgeuse bluetit[25637]: Setting up network filter and lock Nov 23 22:29:48 betelgeuse bluetit[25637]: Allowing system DNS 127.0.0.53 to pass through the network filter Nov 23 22:29:49 betelgeuse bluetit[25637]: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution) Nov 23 22:29:49 betelgeuse bluetit[25637]: Network filter and lock successfully activated Nov 23 22:29:49 betelgeuse bluetit[25637]: ERROR: RESOLVE_ERROR Nov 23 22:29:49 betelgeuse bluetit[25637]: Transport Error: DNS resolve error on 'nl3.ipv6.vpn.airdns.org' for UDP session: Host not > Nov 23 22:29:49 betelgeuse bluetit[25637]: Client terminated, restarting in 2000 ms... I had the same issue with hummingbird (that's the reason I switched to AirVPN suite by the way). Everything started after a blackout, I solved the problem with --recover-network (apparently), then the day after I decided to switch from hummingbird 1.1.0 to hummingbird 1.1.2 and there is where this issue started. Running Linux Lite (Ubuntu 20.4.3) Thanks in advance for any help. log.txt Quote Share this post Link to post
OpenSourcerer 1435 Posted ... Well, it's clear the DNS servers are not reset. Don't run the suite on boot (systemctl disable bluetit.service) and try a reboot. Is it still like that? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lex.luthor 0 Posted ... I disabled bluetit service and reboot the box: ● bluetit.service - AirVPN Bluetit Daemon Loaded: loaded (/etc/systemd/system/bluetit.service; disabled; vendor pres> Active: inactive (dead) I got back internet connectivity but, of course, airvpn is not active. Then I re-enable it and reboot the box. Same issue 😞 I update the log (attached) with more details but I'm still puzzled. An extract: Nov 24 11:12:43 betelgeuse systemd[1]: Starting AirVPN Bluetit Daemon... Nov 24 11:12:43 betelgeuse bluetit: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 - 4 June 2021 Nov 24 11:12:43 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit Nov 24 11:12:43 betelgeuse bluetit: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. Nov 24 11:12:43 betelgeuse bluetit: Bluetit daemon started with PID 4203 Nov 24 11:12:43 betelgeuse bluetit: External network is reachable via gateway 192.168.1.1 through interface enp1s0 Nov 24 11:12:43 betelgeuse systemd[1]: Started AirVPN Bluetit Daemon. Nov 24 11:12:43 betelgeuse bluetit: Successfully connected to D-Bus Nov 24 11:12:43 betelgeuse bluetit: Reading run control directives from file /etc/airvpn/bluetit.rc Nov 24 11:12:43 betelgeuse bluetit: IPv6 is available in this system Nov 24 11:12:43 betelgeuse bluetit: Bluetit successfully initialized and ready Nov 24 11:12:43 betelgeuse systemd-resolved[3629]: Flushed all caches. Nov 24 11:12:43 betelgeuse bluetit: Requesting network IP and country to AirVPN ipleak.net via secure connection Nov 24 11:12:43 betelgeuse bluetit: ERROR: Cannot detect system location: Cannot resolve ipleak.net Nov 24 11:12:43 betelgeuse bluetit: Starting AirVPN boot connection Nov 24 11:12:43 betelgeuse bluetit: IPv6 is enabled Nov 24 11:12:43 betelgeuse bluetit: AirVPN Manifest updater thread started Nov 24 11:12:43 betelgeuse bluetit: AirVPN Manifest update interval is 15 minutes Nov 24 11:12:43 betelgeuse bluetit: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress Nov 24 11:12:43 betelgeuse bluetit: Updating AirVPN Manifest Nov 24 11:12:43 betelgeuse bluetit: Network filter and lock are using iptables-legacy Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_filter Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_nat Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_mangle Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_security Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module iptable_raw Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_filter Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_nat Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_mangle Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_security Nov 24 11:12:43 betelgeuse bluetit: Successfully loaded kernel module ip6table_raw Nov 24 11:12:43 betelgeuse bluetit: Network filter successfully initialized Nov 24 11:12:43 betelgeuse bluetit: Session network filter and lock successfully enabled Nov 24 11:12:43 betelgeuse bluetit: AirVPN bootstrap servers are now allowed to pass through the network filter Nov 24 11:12:43 betelgeuse bluetit: Waiting for a valid AirVPN Manifest to be available Nov 24 11:12:44 betelgeuse bluetit: AirVPN Manifest successfully retrieved from server Nov 24 11:12:44 betelgeuse bluetit: Logging in AirVPN user lex.luthor Nov 24 11:12:45 betelgeuse bluetit: ERROR: Cannot detect user location: Please use "country" directive in /etc/airvpn/bluetit.rc Nov 24 11:12:45 betelgeuse bluetit: AirVPN user lex.luthor successfully logged in Nov 24 11:12:45 betelgeuse bluetit: Selected user key: Default Nov 24 11:12:45 betelgeuse bluetit: Starting connection to currently best AirVPN server in Netherlands Nov 24 11:12:45 betelgeuse bluetit: Starting VPN Connection Nov 24 11:12:45 betelgeuse systemd-resolved[3629]: Flushed all caches. Nov 24 11:12:45 betelgeuse bluetit: OpenVPN3 client successfully created and initialized. Nov 24 11:12:45 betelgeuse bluetit: TUN persistence is enabled. Nov 24 11:12:45 betelgeuse bluetit: Successfully set OpenVPN3 client configuration Nov 24 11:12:45 betelgeuse bluetit: Starting OpenVPN3 connection thread Nov 24 11:12:45 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit Nov 24 11:12:45 betelgeuse bluetit: Frame=512/2048/512 mssfix-ctrl=1250 Nov 24 11:12:45 betelgeuse bluetit: UNUSED OPTIONS#0126 [resolv-retry] [infinite]#0127 [nobind]#0128 [persist-key]#0129 [persist-tun]#01210 [auth-nocache]#01211 [verb] [3]#01212 [explicit-exit-notify] [5] Nov 24 11:12:45 betelgeuse bluetit: EVENT: RESOLVE Nov 24 11:12:45 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks Nov 24 11:12:45 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks Nov 24 11:12:45 betelgeuse bluetit: Local IPv4 address 192.168.1.3 Nov 24 11:12:45 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6 Nov 24 11:12:45 betelgeuse bluetit: Local interface enp1s0 Nov 24 11:12:45 betelgeuse bluetit: Local interface enp2s0 Nov 24 11:12:45 betelgeuse bluetit: Local interface wlp3s0 Nov 24 11:12:45 betelgeuse bluetit: Setting up network filter and lock Nov 24 11:12:45 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter Nov 24 11:12:45 betelgeuse bluetit: Connection statistics updater thread started Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution) Nov 24 11:12:45 betelgeuse bluetit: Network filter and lock successfully activated Nov 24 11:12:45 betelgeuse bluetit: DNS pre-resolve error on nl3.ipv6.vpn.airdns.org: Host not found (non-authoritative), try again later Nov 24 11:12:45 betelgeuse bluetit: ERROR: RESOLVE_ERROR Nov 24 11:12:45 betelgeuse bluetit: EVENT: RESOLVE Nov 24 11:12:45 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks Nov 24 11:12:45 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks Nov 24 11:12:45 betelgeuse bluetit: Local IPv4 address 192.168.1.3 Nov 24 11:12:45 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6 Nov 24 11:12:45 betelgeuse bluetit: Local interface enp1s0 Nov 24 11:12:45 betelgeuse bluetit: Local interface enp2s0 Nov 24 11:12:45 betelgeuse bluetit: Local interface wlp3s0 Nov 24 11:12:45 betelgeuse bluetit: Setting up network filter and lock Nov 24 11:12:45 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution) Nov 24 11:12:45 betelgeuse bluetit: Network filter and lock successfully activated Nov 24 11:12:45 betelgeuse bluetit: ERROR: RESOLVE_ERROR Nov 24 11:12:45 betelgeuse bluetit: Transport Error: DNS resolve error on 'nl3.ipv6.vpn.airdns.org' for UDP session: Host not found (non-authoritative), try again later . log2.txt Quote Share this post Link to post
OpenSourcerer 1435 Posted ... Why don't you post your Bluetit/Goldcrest configuration instead? /etc/airvpn/bluetit.rc ~/.config/goldcrest.rc OR /root/.config/goldcrest.rc You should redact the password and key name before posting it. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lex.luthor 0 Posted ... Sure. Here is the /etc/airvpn/bluetit.rc: # # bluetit runcontrol file # # AirVPN bootstrap servers bootserver http://63.33.78.166 bootserver http://52.48.66.85 bootserver http://54.93.175.114 bootserver http://63.33.116.50 # RSA Parameters rsaexponent AQAB rsamodulus <Key> # bootserver <ip|url> # rsaexponent <value> # rsamodulus <value> airconnectatboot country # networklockpersist <on|iptables|nftables|pf|off> airusername lex.luthor airpassword <my-password> # airkey <airvpn_user_key> # airserver <airvpn_server_name> aircountry netherlands # airproto <udp|tcp> # airport <port> # aircipher <cipher_name> airipv6 on # air6to4 <on|off> # manifestupdateinterval <minutes> # airwhiteserverlist <server list> # airblackserverlist <server list> # airwhitecountrylist <server list> # airblackcountrylist <server list> # country <ISO code> # remote <ip|url list> # proto <udp|tcp> # port <port> # tunpersist <yes|no> # cipher <cipher_names> # maxconnretries <number> # tcpqueuelimit <value> # ncpdisable <yes|no> # networklock <on|iptables|nftables|pf|off> # ignorednspush <yes|no> # timeout <seconds> # compress <yes|no|asym> # tlsversionmin <disabled|default|tls_1_x> # proxyhost <ip|url> # proxyport <port> # proxyusername <username> # proxypassword <password> # proxybasic <yes|no> I didn't configure goldcrest (from what I understood is not necessary... at least at this stage) so settings are the default: # # goldcrest runcontrol file # # air-server <server_name> # air-tls-mode <auto|auth|crypt> # air-ipv6 <on|off> # air-6to4 <on|off> # air-user <username> # air-password <password> # air-key <name> # cipher <cipher_name> # proto <udp|tcp> # server <server_ip|server_url> # port <port> # tcp-queue-limit <n> # ncp-disable <yes|no> # network-lock <on|iptables|nftables|pf|off> # ignore-dns-push <yes|no> # ipv6 <yes|no|default> # timeout <seconds> # compress <yes|no|asym> # proxy-host <host_ip|host_url> # proxy-port <port> # proxy-username <proxy_username> # proxy-password <proxy_password> # proxy-basic <yes|no> # alt-proxy <yes|no> # persist-tun <on|off> # conn-stat-interval <seconds> Quote Share this post Link to post
Staff 9973 Posted ... @lex.luthor Hello! Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution) Apparently your local DNS has problems with AAAA. Try to connect in IPv4 by re-setting "airipv6" to off (default value) in bluetit.rc. If your ISP does not support IPv6, you can anyway tunnel IPv6 over IPv4 (set "air6to4" to on). Kind regards Quote Share this post Link to post
lex.luthor 0 Posted ... Unfortunately that didn't help. Even with airipv6 set to "off" the error message is the same. 😞 Quote Share this post Link to post
Staff 9973 Posted ... @lex.luthor Hello! Do you mean that AAAA resolution is attempted even when IPv6 is off? Please publish the log generated with the new settings. Kind regards Quote Share this post Link to post
lex.luthor 0 Posted ... Sure... here it is: Nov 25 10:38:17 betelgeuse systemd[1]: Starting AirVPN Bluetit Daemon... Nov 25 10:38:17 betelgeuse bluetit: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 - 4 June 2021 Nov 25 10:38:17 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit Nov 25 10:38:17 betelgeuse bluetit: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. Nov 25 10:38:17 betelgeuse systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: Operation not permitted Nov 25 10:38:17 betelgeuse bluetit: Bluetit daemon started with PID 364053 Nov 25 10:38:17 betelgeuse bluetit: External network is reachable via gateway 192.168.1.1 through interface enp1s0 Nov 25 10:38:17 betelgeuse bluetit: Successfully connected to D-Bus Nov 25 10:38:17 betelgeuse bluetit: Reading run control directives from file /etc/airvpn/bluetit.rc Nov 25 10:38:17 betelgeuse bluetit: IPv6 is available in this system Nov 25 10:38:17 betelgeuse bluetit: Bluetit successfully initialized and ready Nov 25 10:38:17 betelgeuse systemd[1]: Started AirVPN Bluetit Daemon. Nov 25 10:38:17 betelgeuse systemd-resolved[178941]: Flushed all caches. Nov 25 10:38:17 betelgeuse bluetit: Requesting network IP and country to AirVPN ipleak.net via secure connection Nov 25 10:38:17 betelgeuse bluetit: ERROR: Cannot detect system location: Cannot resolve ipleak.net Nov 25 10:38:17 betelgeuse bluetit: Starting AirVPN boot connection Nov 25 10:38:17 betelgeuse bluetit: AirVPN Manifest updater thread started Nov 25 10:38:17 betelgeuse bluetit: AirVPN Manifest update interval is 15 minutes Nov 25 10:38:17 betelgeuse bluetit: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress Nov 25 10:38:18 betelgeuse bluetit: Network filter and lock are using iptables-legacy Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_filter Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_nat Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_mangle Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_security Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module iptable_raw Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_filter Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_nat Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_mangle Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_security Nov 25 10:38:18 betelgeuse bluetit: Successfully loaded kernel module ip6table_raw Nov 25 10:38:18 betelgeuse bluetit: Network filter successfully initialized Nov 25 10:38:18 betelgeuse bluetit: Session network filter and lock successfully enabled Nov 25 10:38:18 betelgeuse bluetit: AirVPN bootstrap servers are now allowed to pass through the network filter Nov 25 10:38:18 betelgeuse bluetit: Waiting for a valid AirVPN Manifest to be available Nov 25 10:38:18 betelgeuse bluetit: Updating AirVPN Manifest Nov 25 10:38:18 betelgeuse bluetit: AirVPN Manifest successfully retrieved from server Nov 25 10:38:19 betelgeuse bluetit: Logging in AirVPN user lex.luthor Nov 25 10:38:19 betelgeuse bluetit: ERROR: Cannot detect user location: Please use "country" directive in /etc/airvpn/bluetit.rc Nov 25 10:38:19 betelgeuse bluetit: AirVPN user lex.luthor successfully logged in Nov 25 10:38:19 betelgeuse bluetit: Selected user key: Default Nov 25 10:38:19 betelgeuse bluetit: Starting connection to currently best AirVPN server in Netherlands Nov 25 10:38:19 betelgeuse bluetit: Starting VPN Connection Nov 25 10:38:19 betelgeuse systemd-resolved[178941]: Flushed all caches. Nov 25 10:38:19 betelgeuse bluetit: OpenVPN3 client successfully created and initialized. Nov 25 10:38:19 betelgeuse bluetit: TUN persistence is enabled. Nov 25 10:38:19 betelgeuse bluetit: Successfully set OpenVPN3 client configuration Nov 25 10:38:19 betelgeuse bluetit: Starting OpenVPN3 connection thread Nov 25 10:38:19 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit Nov 25 10:38:19 betelgeuse bluetit: Frame=512/2048/512 mssfix-ctrl=1250 Nov 25 10:38:19 betelgeuse bluetit: UNUSED OPTIONS#0126 [resolv-retry] [infinite]#0127 [nobind]#0128 [persist-key]#0129 [persist-tun]#01210 [auth-nocache]#01211 [verb] [3]#01212 [explicit-exit-notify] [5] Nov 25 10:38:19 betelgeuse bluetit: EVENT: RESOLVE Nov 25 10:38:19 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks Nov 25 10:38:19 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks Nov 25 10:38:19 betelgeuse bluetit: Local IPv4 address 192.168.1.3 Nov 25 10:38:19 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6 Nov 25 10:38:19 betelgeuse bluetit: Local interface enp1s0 Nov 25 10:38:19 betelgeuse bluetit: Local interface enp2s0 Nov 25 10:38:19 betelgeuse bluetit: Local interface wlp3s0 Nov 25 10:38:19 betelgeuse bluetit: Setting up network filter and lock Nov 25 10:38:19 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter Nov 25 10:38:19 betelgeuse bluetit: Connection statistics updater thread started Nov 25 10:38:19 betelgeuse bluetit: WARNING: Cannot resolve nl3.vpn.airdns.org (Temporary failure in name resolution) Nov 25 10:38:19 betelgeuse bluetit: Network filter and lock successfully activated Nov 25 10:38:19 betelgeuse bluetit: DNS pre-resolve error on nl3.vpn.airdns.org: Host not found (non-authoritative), try again later Nov 25 10:38:19 betelgeuse bluetit: ERROR: RESOLVE_ERROR Nov 25 10:38:19 betelgeuse bluetit: EVENT: RESOLVE Nov 25 10:38:19 betelgeuse bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks Nov 25 10:38:19 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks Nov 25 10:38:19 betelgeuse bluetit: Local IPv4 address 192.168.1.3 Nov 25 10:38:19 betelgeuse bluetit: Local IPv6 address fe80::2ee7:36c0:98d7:64a6 Nov 25 10:38:19 betelgeuse bluetit: Local interface enp1s0 Nov 25 10:38:19 betelgeuse bluetit: Local interface enp2s0 Nov 25 10:38:19 betelgeuse bluetit: Local interface wlp3s0 Nov 25 10:38:19 betelgeuse bluetit: Setting up network filter and lock Nov 25 10:38:19 betelgeuse bluetit: Allowing system DNS 127.0.0.53 to pass through the network filter Nov 25 10:38:19 betelgeuse bluetit: WARNING: Cannot resolve nl3.vpn.airdns.org (Temporary failure in name resolution) Nov 25 10:38:19 betelgeuse bluetit: Network filter and lock successfully activated Nov 25 10:38:19 betelgeuse bluetit: ERROR: RESOLVE_ERROR Nov 25 10:38:19 betelgeuse bluetit: Transport Error: DNS resolve error on 'nl3.vpn.airdns.org' for UDP session: Host not found (non-authoritative), try again later Quote Share this post Link to post
Staff 9973 Posted ... @lex.luthor Hello! Thanks. As you can see the error is different now, AAAA is no more into the game. The problem now is that your DNS doesn't work, not even in IPv4. Fix it or, as a workaround, have Bluetit connect to specific servers, so that it will not rely on names resolutions. Kind regards Quote Share this post Link to post
lex.luthor 0 Posted ... Thanks for your help. Can you please point me in the right direction to resolve the issue with my DNS? Quote Share this post Link to post
Staff 9973 Posted ... 4 hours ago, lex.luthor said: Thanks for your help. Can you please point me in the right direction to resolve the issue with my DNS? Hello! Sure. From your descriptions we assume that it's systemd-resolved the daemon handling DNS setting in your Ubuntu 20 system, so we suggest you check here:https://unix.stackexchange.com/questions/588658/override-ubuntu-20-04-dns-using-systemd-resolved Do not miss this bug, just in case it's relevant in your case: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1774632 The bug is pointed out in the above linked thread but in a minor comment and it could be missed. When you know it, patch is straightforward. If you need a recommendation on DNS servers, we suggest Quad9 (9.9.9.9) and OpenNIC, also see https://www.quad9.net/ and https://www.opennic.org If we're wrong about our first assumption, please tell us how your system handles DNS settings and we will point you in the (hopefully ) right direction. Kind regards Quote Share this post Link to post
lex.luthor 0 Posted ... Thanks. That was indeed really helpful. I use systemd-networkd and systemd-resolved. I followed the instructions above (including the bug). Internet works when bluetit is down but as soon as I start the bluetit service a can't reach any website. From the log I can se some progress. It looks like the DNS issue has been resolved? Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module iptable_raw Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_filter Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_nat Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_mangle Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_security Nov 25 21:39:10 betelgeuse bluetit: Successfully loaded kernel module ip6table_raw Nov 25 21:39:10 betelgeuse bluetit: Network filter successfully initialized Nov 25 21:39:10 betelgeuse bluetit: Session network filter and lock successfully enabled Nov 25 21:39:10 betelgeuse bluetit: AirVPN bootstrap servers are now allowed to pass through the network filter Nov 25 21:39:10 betelgeuse bluetit: Waiting for a valid AirVPN Manifest to be available Nov 25 21:39:10 betelgeuse bluetit: AirVPN Manifest successfully retrieved from server Nov 25 21:39:11 betelgeuse bluetit: Logging in AirVPN user lex.luthor Nov 25 21:39:11 betelgeuse bluetit: AirVPN user lex.luthor successfully logged in Nov 25 21:39:11 betelgeuse bluetit: Selected user key: Default Nov 25 21:39:11 betelgeuse bluetit: Starting connection to currently best AirVPN server in Netherlands Nov 25 21:39:11 betelgeuse bluetit: Starting VPN Connection Nov 25 21:39:11 betelgeuse systemd-resolved[780]: Flushed all caches. Nov 25 21:39:11 betelgeuse bluetit: OpenVPN3 client successfully created and initialized. Nov 25 21:39:11 betelgeuse bluetit: TUN persistence is enabled. Nov 25 21:39:11 betelgeuse bluetit: Successfully set OpenVPN3 client configuration Nov 25 21:39:11 betelgeuse bluetit: Starting OpenVPN3 connection thread Nov 25 21:39:11 betelgeuse bluetit: OpenVPN core 3.7 AirVPN linux x86_64 64-bit Nov 25 21:39:11 betelgeuse bluetit: Connection statistics updater thread started Nov 25 21:39:11 betelgeuse bluetit: Frame=512/2048/512 mssfix-ctrl=1250 Nov 25 21:39:11 betelgeuse bluetit: UNUSED OPTIONS#0126 [resolv-retry] [infinite]#0127 [nobind]#0128 [persist-key]#0129 [persist-tun]#01210 [auth-nocache]#01211 [verb] [3]#01212 [explicit-exit-notify] [5] Nov 25 21:39:11 betelgeuse bluetit: EVENT: RESOLVE Nov 25 21:39:11 betelgeuse bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks Nov 25 21:39:11 betelgeuse bluetit: Local IPv4 address 192.168.1.3 Nov 25 21:39:11 betelgeuse bluetit: Local IPv6 address fe80::2e8:4cff:fe68:3909 Nov 25 21:39:11 betelgeuse bluetit: Local interface enp1s0 Nov 25 21:39:11 betelgeuse bluetit: Local interface enp2s0 Nov 25 21:39:11 betelgeuse bluetit: Local interface wlp3s0 Nov 25 21:39:11 betelgeuse bluetit: Setting up network filter and lock Nov 25 21:39:11 betelgeuse bluetit: Allowing system DNS 9.9.9.9 to pass through the network filter Nov 25 21:39:21 betelgeuse bluetit: WARNING: Cannot resolve nl3.vpn.airdns.org (Temporary failure in name resolution) Nov 25 21:39:21 betelgeuse bluetit: Network filter and lock successfully activated Nov 25 21:39:23 betelgeuse bluetit: Contacting 213.152.162.7:443 via UDP Nov 25 21:39:23 betelgeuse bluetit: EVENT: WAIT Nov 25 21:39:23 betelgeuse bluetit: net_route_best_gw query IPv4: 213.152.162.7/32 Nov 25 21:39:23 betelgeuse bluetit: sitnl_route_best_gw result: via 192.168.1.1 dev enp1s0 Nov 25 21:39:23 betelgeuse bluetit: net_route_add: 213.152.162.7/32 via 192.168.1.1 dev enp1s0 table 0 metric 0 Nov 25 21:39:23 betelgeuse bluetit: Connecting to [nl3.vpn.airdns.org]:443 (213.152.162.7) via UDPv4 Nov 25 21:39:23 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:23 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:24 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:24 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:25 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:25 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:26 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:26 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:27 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:27 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:28 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:28 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:29 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:29 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:30 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:30 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:31 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:31 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:32 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:32 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:33 betelgeuse bluetit: Server poll timeout, trying next remote entry... Nov 25 21:39:33 betelgeuse bluetit: EVENT: RECONNECTING Nov 25 21:39:33 betelgeuse bluetit: ERROR: N_RECONNECT Nov 25 21:39:33 betelgeuse bluetit: Contacting 213.152.162.7:443 via UDP Nov 25 21:39:33 betelgeuse bluetit: EVENT: WAIT Nov 25 21:39:33 betelgeuse bluetit: net_route_del: 213.152.162.7/32 via 192.168.1.1 dev enp1s0 table 0 metric 0 Nov 25 21:39:33 betelgeuse bluetit: net_route_best_gw query IPv4: 213.152.162.7/32 Nov 25 21:39:33 betelgeuse bluetit: sitnl_route_best_gw result: via 192.168.1.1 dev enp1s0 Nov 25 21:39:33 betelgeuse bluetit: net_route_add: 213.152.162.7/32 via 192.168.1.1 dev enp1s0 table 0 metric 0 Nov 25 21:39:33 betelgeuse bluetit: Connecting to [nl3.vpn.airdns.org]:443 (213.152.162.7) via UDPv4 Nov 25 21:39:33 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:33 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:34 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:34 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:35 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:35 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:36 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:36 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:37 betelgeuse bluetit: UDP send exception: send: Operation not permitted Nov 25 21:39:37 betelgeuse bluetit: ERROR: NETWORK_SEND_ERROR Nov 25 21:39:38 betelgeuse bluetit: UDP send exception: send: Operation not permitted Quote Share this post Link to post
Staff 9973 Posted ... @lex.luthor Hello! Yes, some progress in names resolution which is now successful (even though we still see an initial failure, then the resolution is successful and correct). Unfortunately now a new problem has come out: UDP appears as a blocked protocol. Might it be that you're running some other firewall frontend such as ufw that's creating some interfering rules? We remember (but we could be wrong) that some default ufw configurations create custom chains and that UDP to some ports get blocked. If that's the case can you please try again with ufw (or any other custom fw frontend) completely disabled? The error message: Nov 25 21:39:38 betelgeuse bluetit: UDP send exception: send: Operation not permitted is a typical error hinting to a local, and not external, system UDP block. Kind regards Quote Share this post Link to post
lex.luthor 0 Posted ... I'll give it a try but I think it's worth to recollect how the problem start in the first place. After a blackout (so ... my Ubuntu box didn't shutdown gracefully). I couldn't restart it. Problem was hummingbird 1.1.0 registered as service an forcing the entire OS to reboot (hummingbird seems to have similar errors related to DNS resolution from what I remember but can't be 100% sure). I managed somehow to sort the mess out with `--network recover` option but at the next reboot same issue. Then I tried to install bluetit to see if things were different (they weren't). I'll take a look at ufw but could it be that because of the blackout, hummingbird messed up some firewall rules. I think the lock is achieved via iptables no? Just and idea anyway. Quote Share this post Link to post
lex.luthor 0 Posted ... So... uwt is not installed. There is firewalld on Linux Lite (Ubunto based distro) but is disabled by default (I indeed verify this). Then there is iptables but I can't see anything wrong in it. With bluetit runing I see this rules: sudo iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- 255.255.255.255 anywhere ACCEPT all -- 192.168.0.0/16 192.168.0.0/16 ACCEPT all -- 10.0.0.0/8 10.0.0.0/8 ACCEPT all -- 172.16.0.0/12 172.16.0.0/12 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere 255.255.255.255 ACCEPT all -- 192.168.0.0/16 192.168.0.0/16 ACCEPT all -- 10.0.0.0/8 10.0.0.0/8 ACCEPT all -- 172.16.0.0/12 172.16.0.0/12 ACCEPT all -- 192.168.0.0/16 base-address.mcast.net/24 ACCEPT all -- 10.0.0.0/8 base-address.mcast.net/24 ACCEPT all -- 172.16.0.0/12 base-address.mcast.net/24 ACCEPT all -- 192.168.0.0/16 239.255.255.250 ACCEPT all -- 10.0.0.0/8 239.255.255.250 ACCEPT all -- 172.16.0.0/12 239.255.255.250 ACCEPT all -- 192.168.0.0/16 239.255.255.253 ACCEPT all -- 10.0.0.0/8 239.255.255.253 ACCEPT all -- 172.16.0.0/12 239.255.255.253 ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT all -- anywhere ec2-63-33-78-166.eu-west-1.compute.amazonaws.com ACCEPT all -- anywhere ec2-52-48-66-85.eu-west-1.compute.amazonaws.com ACCEPT all -- anywhere ec2-54-93-175-114.eu-central-1.compute.amazonaws.com ACCEPT all -- anywhere ec2-63-33-116-50.eu-west-1.compute.amazonaws.com ACCEPT all -- anywhere dns9.quad9.net DROP all -- anywhere anywhere Quote Share this post Link to post
Staff 9973 Posted ... @lex.luthor Hello! Please check rules with Bluetit not running as well. Make sure that INPUT and OUTPUT chains policy is, for both chains, set to ACCEPT when Bluetit is not running. If it's not, make sure to flush all rules and set the proper policy before you start Bluetit again. Registering a root process like Hummingbird as a "service" is another Window-ish abomination made easy by systemd which incredibly discourages true daemons even in the documentation! In general it is a bad idea. Use real daemons like Bluetit instead as you are correctly doing now, please do not follow the Windows-ish logic of systemd, at least in this case. Feel free to keep us posted! Kind regards Quote Share this post Link to post