ANSWERED Debian + Eddie 2.24.2 : Disable network lock, still no network

[BettyIsBoop 3]

I have Eddie UI 2.24.2, and sometime i need to disable VPN and access to network.

But since some week : even after disable network lock : no network access.

Here is the log of Eddi-ui

. 2024.06.11 09:38:50 - Eddie version: 2.24.2 / linux_x64, System: Linux, Name: Debian GNU/Linux 12 (bookworm), Version: 12 (bookworm), Framework: 6.8.0.96 (tarball Wed Jan 15 10:20:48 UTC 2020); Framework: v4.0.30319
. 2024.06.11 09:38:50 - Command line arguments (1): path.resources="/usr/share/eddie-ui"
. 2024.06.11 09:38:51 - Collect network information
. 2024.06.11 09:38:51 - Reading options from /home/shnoulle/.config/eddie/default.profile
. 2024.06.11 09:38:52 - OpenVPN - Version: 2.6.3 - OpenSSL 3.0.11 19 Sep 2023, LZO 2.10 (/sbin/openvpn)
. 2024.06.11 09:38:52 - SSH - Version: OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 (/usr/bin/ssh)
. 2024.06.11 09:38:52 - SSL - Version: 5.68 (/usr/bin/stunnel4)
. 2024.06.11 09:38:52 - Activation of Network Lock - Linux nftables
I 2024.06.11 09:38:53 - Ready
. 2024.06.11 09:38:53 - Collect information about AirVPN completed
I 2024.06.11 09:38:54 - Session starting.
. 2024.06.11 09:38:54 - Waiting for latency tests (152 to go)
. 2024.06.11 09:38:54 - Collect information about AirVPN completed
. 2024.06.11 09:38:55 - Waiting for latency tests (1 to go)
I 2024.06.11 09:38:57 - Checking authorization ...
! 2024.06.11 09:38:57 - Connecting to Menkent (Netherlands, Alblasserdam)
. 2024.06.11 09:38:57 - Routes, add 213.152.176.140/32 for interface "enp14s0".
…
. 2024.06.11 09:39:03 - WireGuard > Setup start
. 2024.06.11 09:39:03 - WireGuard > Setup complete
. 2024.06.11 09:39:03 - WireGuard > Setup interface
. 2024.06.11 09:39:03 - WireGuard > Received first handshake
. 2024.06.11 09:39:03 - DNS of the system switched to VPN DNS - via /etc/resolv.conf)
. 2024.06.11 09:39:04 - Routes, add 0.0.0.0/1 for interface "Eddie".
. 2024.06.11 09:39:04 - Routes, add 128.0.0.0/1 for interface "Eddie".
. 2024.06.11 09:39:04 - Routes, add ::/1 for interface "Eddie".
. 2024.06.11 09:39:04 - Routes, add 8000::/1 for interface "Eddie".
. 2024.06.11 09:39:04 - Routes, add 213.152.176.135/32 for interface "Eddie".
. 2024.06.11 09:39:04 - Routes, add 2a00:1678:2470:88:9b1b:27b2:6949:928c/128 for interface "Eddie".
. 2024.06.11 09:39:04 - Flushing DNS
I 2024.06.11 09:39:04 - Checking route IPv4
I 2024.06.11 09:39:04 - Checking route IPv6
I 2024.06.11 09:39:05 - Checking DNS
! 2024.06.11 09:39:05 - Connected.
. 2024.06.11 09:40:24 - DNS of the system switched to VPN DNS - via /etc/resolv.conf)
. 2024.06.11 09:40:34 - DNS of the system switched to VPN DNS - via /etc/resolv.conf)
! 2024.06.11 09:48:31 - Disconnecting
. 2024.06.11 09:48:32 - WireGuard > Stop request received
. 2024.06.11 09:48:32 - WireGuard > Stopping
. 2024.06.11 09:48:32 - WireGuard > Completed
. 2024.06.11 09:48:32 - Routes, delete 0.0.0.0/1 for interface "Eddie", not exists.
. 2024.06.11 09:48:32 - Routes, delete 128.0.0.0/1 for interface "Eddie", not exists.
. 2024.06.11 09:48:32 - Routes, delete ::/1 for interface "Eddie", not exists.
. 2024.06.11 09:48:32 - Routes, delete 8000::/1 for interface "Eddie", not exists.
. 2024.06.11 09:48:32 - Routes, delete 213.152.176.140/32 for interface "enp14s0".
. 2024.06.11 09:48:32 - Routes, delete 213.152.176.135/32 for interface "Eddie", not exists.
…
. 2024.06.11 09:48:38 - DNS of the system restored - via /etc/resolv.conf)
. 2024.06.11 09:48:38 - Connection terminated.
. 2024.06.11 09:48:38 - Flushing DNS
! 2024.06.11 09:48:38 - Session terminated.
! 2024.06.11 09:48:45 - Deactivation of Network Lock

After deactivate network log :

# nft list table filter
Error: No such file or directory
list table filter
           ^^^^^^

Local network seems to work, but no external …

With eddie-ui launched nft lits table filter give

table ip filter {
	chain INPUT {
		type filter hook input priority filter; policy drop;
		iifname "lo" counter packets 21 bytes 1124 accept
		ip saddr 255.255.255.255 counter packets 0 bytes 0 accept
		ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16 counter packets 50 bytes 26680 accept
		ip saddr 10.0.0.0/8 ip daddr 10.0.0.0/8 counter packets 0 bytes 0 accept
		ip saddr 172.16.0.0/12 ip daddr 172.16.0.0/12 counter packets 0 bytes 0 accept
		icmp type echo-request counter packets 0 bytes 0 accept
		ct state established,related counter packets 29 bytes 24107 accept
		counter packets 0 bytes 0 drop comment "eddie_ip_filter_INPUT_latest_rule"
	}

	chain FORWARD {
		type filter hook forward priority filter; policy drop;
		counter packets 0 bytes 0 drop comment "eddie_ip_filter_FORWARD_latest_rule"
	}

	chain OUTPUT {
		type filter hook output priority filter; policy drop;
		oifname "lo" counter packets 21 bytes 1124 accept
		ip daddr 255.255.255.255 counter packets 0 bytes 0 accept
		ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16 counter packets 42 bytes 16702 accept
		ip saddr 10.0.0.0/8 ip daddr 10.0.0.0/8 counter packets 0 bytes 0 accept
		ip saddr 172.16.0.0/12 ip daddr 172.16.0.0/12 counter packets 0 bytes 0 accept
		ip saddr 192.168.0.0/16 ip daddr 224.0.0.0/24 counter packets 0 bytes 0 accept
		ip saddr 10.0.0.0/8 ip daddr 224.0.0.0/24 counter packets 0 bytes 0 accept
		ip saddr 172.16.0.0/12 ip daddr 224.0.0.0/24 counter packets 0 bytes 0 accept
		ip saddr 192.168.0.0/16 ip daddr 239.255.255.250 counter packets 0 bytes 0 accept
		ip saddr 10.0.0.0/8 ip daddr 239.255.255.250 counter packets 0 bytes 0 accept
		ip saddr 172.16.0.0/12 ip daddr 239.255.255.250 counter packets 0 bytes 0 accept
		ip saddr 192.168.0.0/16 ip daddr 239.255.255.253 counter packets 0 bytes 0 accept
		ip saddr 10.0.0.0/8 ip daddr 239.255.255.253 counter packets 0 bytes 0 accept
		ip saddr 172.16.0.0/12 ip daddr 239.255.255.253 counter packets 0 bytes 0 accept
		icmp type echo-reply counter packets 0 bytes 0 accept
		ip daddr 185.27.134.206 counter packets 0 bytes 0 accept comment "eddie_ip_f4343a97404dd6e84e72d1a2fb32b69a7ca5d663e3104e78dd63622dc4dd738b"
[…]
		counter packets 215 bytes 15477 drop comment "eddie_ip_filter_OUTPUT_latest_rule"
	}
}

 

[Staff 9819]

Hello!

While Eddie is not running can you please flush all the nft rules and check the DNS settings? To flush the rules:

sudo nft flush ruleset

Also check the remaining policy of INPUT and OUTPUT chains of the filter table (if existing) if the problem persists, just in case they are still set to 'drop'.

Kind regards
 

[BettyIsBoop 3]

sudo nft flush ruleset

Same things
 

Quote

Also check the remaining policy of INPUT and OUTPUT chains of the filter table (if existing)

# nft list table filter
Error: No such file or directory
list table filter
           ^^^^^^

I set https://www.fdn.fr/actions/dns/ for DNS


But there are something strange
 

~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=40.4 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=38.8 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=57 time=76.7 ms
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 38.807/51.976/76.700/17.494 ms
~$ wget 1.1.1.1
--2024-06-11 12:27:46--  http://1.1.1.1/
Connexion à 1.1.1.1:80… connecté.
requête HTTP transmise, en attente de la réponse… 301 Moved Permanently
Emplacement : https://1.1.1.1/ [suivant]
--2024-06-11 12:27:46--  https://1.1.1.1/
Connexion à 1.1.1.1:443… connecté.
requête HTTP transmise, en attente de la réponse… 302 Moved Temporarily
Emplacement : https://one.one.one.one/ [suivant]
--2024-06-11 12:27:46--  https://one.one.one.one/
Résolution de one.one.one.one (one.one.one.one)… ^C

I look to resolv.conf : it stay eddie after deactivate it.
 

# cat /etc/resolv.conf 
#
# Created by Eddie. Do not edit.
#
# Your resolv.conf file is temporarily backed up in /etc/resolv.conf.eddievpn
# To restore your resolv.conf file you need to log in as root
# and execute the below command from the shell:
#
# mv /etc/resolv.conf.eddievpn /etc/resolv.conf
#
nameserver 10.128.0.1
nameserver fd7d:76ee:e68f:a993::1

the n i force to

# cat /etc/resolv.conf 
nameserver 80.67.169.12 
nameserver 2001:910:800::12

Deactivate/reactivate network : seems OK.

 

[BettyIsBoop 3]

Question : why  my content will need to be approved by a moderator

After updating manually /etc/resolv.conf
Launch eddied and start VPN:

# cat /etc/resolv.conf
#
# Created by Eddie. Do not edit.
#
# Your resolv.conf file is temporarily backed up in /etc/resolv.conf.eddievpn
# To restore your resolv.conf file you need to log in as root
# and execute the below command from the shell:
#
# mv /etc/resolv.conf.eddievpn /etc/resolv.conf
#
nameserver 10.128.0.1
nameserver fd7d:76ee:e68f:a993::1

But, before i don't have /etc/resolv.conf.eddievpn
And now have it again …

Seems related to resolv.conf

[Staff 9819]

@BettyIsBoop

Hello!

Yes, it looks like Eddie does not manage DNS properly. This thread is being sent to Eddie's developer.

Kind regards
 

[BettyIsBoop 3]

4 hours ago, Staff said:

@BettyIsBoop

Yes, it looks like Eddie does not manage DNS properly. This thread is being sent to Eddie's developer.
 

Something that work :
1. Deactivate eddie and network lock
2. Create/fix your own  /etc/resolv.conf
3. test web : it's OK
4 activate eddie, check resolv : replaced
5. deactivate eddie : resolv.conf are replaced

I don't know when i loose my resolv.conf + it's not related to my network manager settings here …