PureOS not able to connect to internet, accept through Tor Browser


#1

Hello,

This may sound unusual.

Currently, PureOS on my Librem15v4 will not connect to the internet, accept through the Tor Browser. Somehow this issue arose today.

Network connection is ok, as I can ssh to my router, which can ping the internet.

Does anyone have a clue what can be causing this?

Thanks.


#2

So welcome to the linux community :slight_smile: I would be happy to help you, many of us here would. But we need more information. What happened before this problem arose? Did you update the machine, did you mess with any settings you may have forgotten?

Also a great way to see what may be wrong with linux under the hood is to run these 2 commands

sudo systemctl --failed
sudo journalctl --p 3

paste the output here and lets see if that helps.


#3

Could be your default route is broken on the laptop.

route

to check. Expect output like

Destination Gateway Genmask Flags Metric Ref Use Iface
default <gateway> 0.0.0.0 UG 100 0 0 <interface>

where <gateway> will be the hostname or IP address of the router and <interface> will be the interface name of the appropriate interface on the laptop (I assume some kind of wireless interface).

I assume that you have other computers on your LAN so that you know the router itself is routing.

You would need to tell us whether you are in a dual-stack environment (IPv4 and IPv6) or just IPv4 (or just IPv6 but that is very unlikely).

I assume that you have restarted both the router and the laptop, in case some setting was temporarily broken.


#4

Thank you for the responses.

@mstdnuser: I did update PureOS before this occurred, but I have been experiencing some strange router/network behavior lately (such as router rebooting upon trying to establish wi-fi connection), so I didn’t immediately believe it was due to the PureOS update. Here is a chunk of the journalctl --priority 3 output:

-- Logs begin at Sun 2019-12-01 16:35:14 EST, end at Sun 2019-12-01 19:50:47 EST. --
Dec 01 16:35:14 librem kernel: DMAR: DRHD: handling fault status reg 3
Dec 01 16:35:14 librem kernel: DMAR: [DMA Read] Request device [00:02.0] fault addr fdb40000 [fault reason 06] PTE Read access is not set
Dec 01 16:35:14 librem kernel: DMAR: DRHD: handling fault status reg 3
Dec 01 16:35:14 librem kernel: DMAR: [DMA Read] Request device [00:02.0] fault addr fdb72000 [fault reason 07] Next page table ptr is invalid
Dec 01 16:35:14 librem kernel: DMAR: DRHD: handling fault status reg 3
Dec 01 16:35:14 librem kernel: DMAR: [DMA Read] Request device [00:02.0] fault addr fdbed000 [fault reason 07] Next page table ptr is invalid
Dec 01 16:35:14 librem kernel: DMAR: DRHD: handling fault status reg 3
Dec 01 16:35:14 librem kernel: i915 0000:00:02.0: firmware: failed to load i915/kbl_dmc_ver1_04.bin (-2)
Dec 01 16:35:14 librem kernel: firmware_class: See https://wiki.debian.org/Firmware for information about missing firmware
Dec 01 16:35:15 librem kernel: usb 1-6: firmware: failed to load ar3k/AthrBT_0x11020100.dfu (-2)
Dec 01 16:35:15 librem kernel: Bluetooth: Loading patch file failed
Dec 01 16:35:16 librem kernel: module: x86/modules: Skipping invalid relocation target, existing value is nonzero for type 1, loc 00000000787b40ca, val ffffffffc1137a89
Dec 01 16:35:17 librem ntpd[775]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:35:18 librem ntpd[775]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:35:19 librem ntpd[775]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:35:20 librem spice-vdagent[1080]: Cannot access vdagent virtio channel /dev/virtio-ports/com.redhat.spice.0
Dec 01 16:35:24 librem ntpd[775]: bind(24) AF_INET6 fd29:4cb:b19e::f9c#123 flags 0x11 failed: Cannot assign requested address
Dec 01 16:35:24 librem ntpd[775]: unable to create socket on enxa0cec8cd534e (5) for fd29:4cb:b19e::f9c#123
Dec 01 16:35:40 librem ntpd[775]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:35:52 librem ntpd[775]: bind(28) AF_INET6 fe80::dbdf:e95d:a19f:38da%3#123 flags 0x11 failed: Cannot assign requested address
Dec 01 16:35:52 librem ntpd[775]: unable to create socket on wlp1s0 (10) for fe80::dbdf:e95d:a19f:38da%3#123
Dec 01 16:35:55 librem ntpd[775]: bind(28) AF_INET6 fd29:4cb:b19e::b51#123 flags 0x11 failed: Cannot assign requested address
Dec 01 16:35:55 librem ntpd[775]: unable to create socket on wlp1s0 (11) for fd29:4cb:b19e::b51#123
Dec 01 16:36:02 librem spice-vdagent[1796]: Cannot access vdagent virtio channel /dev/virtio-ports/com.redhat.spice.0
Dec 01 16:36:11 librem gnome-session-binary[946]: Unrecoverable failure in required component org.gnome.Shell.desktop
Dec 01 16:36:12 librem brltty[590]: console control error 5: fd=8 vt=1 op=0X5603: Input/output error
Dec 01 16:36:43 librem ntpd[775]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:37:03 librem ntpd[775]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:37:23 librem ntpd[775]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:37:43 librem ntpd[775]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:38:03 librem ntpd[775]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:38:23 librem ntpd[775]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:38:43 librem ntpd[775]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:38:58 librem ntpd[775]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:39:18 librem ntpd[775]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:39:38 librem ntpd[775]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:39:58 librem ntpd[775]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:40:18 librem ntpd[775]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:40:38 librem ntpd[775]: error resolving pool 1.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:40:58 librem ntpd[775]: error resolving pool 0.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:41:18 librem ntpd[775]: error resolving pool 2.debian.pool.ntp.org: Name or service not known (-2)
Dec 01 16:41:38 librem ntpd[775]: error resolving pool 3.debian.pool.ntp.org: Name or service not known (-2)

@kieran: Here is the output of the route command:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    600    0        0 wlp1s0
133.52.63.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp1s0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlp1s0

I’m using IPv4, and I have restarted the router and laptop.


#5

@kieran: I have also connected another device to the router, via LAN, and it is able to ping the internet. This issue seems to only be affecting my laptop at the moment.

Thanks.


#6

@mstdnuser: the output of the systemctl --failed command:

0 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

#7

Looks like an issue with the kernel they updated. Do you have a wired ethernet dongle? We are gonna have to fetch a new kernel.


#8

@nlx6 said that laptop has access to the router.

In that case it may be possible to update via a web proxy, if there is one running somewhere on the LAN or there could be one set up.


#9

yeah but maybe the wired connection will go through to the internet and give them the ability to download packages.


#10

can you provide output of
ping -ql3 -c3 -w1 t.co
curl -v t.co

from the provided log it’s clear there’s name resolution problem however it’s not clear whether the resolution problem was before connecting the wireless or after.


#11

That’s a rather unusual IP address for a private LAN. Does that match the LAN that “_gateway” is on? What is the IP address corresponding to “_gateway”? e.g. post output from route -n (which I probably should have asked for in the first place).


#12

I had this problem on a different OS when I was in college, I believe the solution was changing the DNS server in network manager to the one provided by my school, the OS was trying to use a different one and the network had blocked it. Your issue seems a little more complicated than that, but manually changing the DNS settings might at least provide a workaround. You can try 9.9.9.9 or 1.1.1.1.


#13

I for one am always using my own recursive resolver (unbound) with secure settings on my laptops. But I know what am I doing and why and how to deal with it when working from corporate environment (when recursive DNS is blocked more often than not). So if Pure OS is using similar approach obscurely it should at least bump a pop-up asking to fallback to DHCP DNS settings due to unavailable recursion/unreachable roots.


#14

@mstdnuser: I do have a usb-c to ethernet dongle that I can use, but even with that connected directly to the router, I get no internet connection.

@kieran: I have assigned the 133.52.63.0 ip address via my router interface, purposefully.


#15

@ruff: see output:

$ ping -ql3 -c3 -w1 t.co
ping: t.co: Name or service not known

$ curl -v t.co
* Expire in 0 ms for 6 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)

....

* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 250 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 250 ms for 1 (transfer 0x556fbe07ff50)
* Could not resolve host: t.co
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Closing connection 0
curl: (6) Could not resolve host: t.co

#16

@kieran My router is running a version of openwrt (Turris Omnia), so maybe I could ssh into that to start a web proxy somehow? Or from the LuCi interface. This is something I have not done before, but am willing to try.


#17

right, so dns then. you can try to edit /etc/resolv.conf and set it manually to your dns name and resolver from dhcp, eg.

# echo "domain $(hostname -d)" > /etc/resolv.conf && dhcpcd -U wlp1s0|awk -F= '/domain_name_servers=/{print$2}'|tr " \047" "\012"|xargs -n1 echo nameserver >> /etc/resolv.conf

of course it may overwrite it on next nm event. Note # prompt - so as root. the command above extracts nameservers option from dhcp, but that could be disabled by dhcpcd config so you might need just to set nameservers manually with the editor to the right ip.


#18

The output of the above command:

$ sudo echo "domain $(hostname -d)" > /etc/resolv.conf && dhcpcd -U wlp1s0|awk -F= '/domain_name_servers=/{print$2}'|tr " \047" "\012"|xargs -n1 echo nameserver >> /etc/resolv.conf
bash: /etc/resolv.conf: Operation not permitted

I have the NordVPN Linux app installed, and here are the contents of /etc/resolv.conf:

# Generated by NordVPN
nameserver 103.86.99.99
nameserver 103.86.96.96

According to the NordVPN website, their DNS servers are listed as

103.86.99.100
103.86.96.100

I’m not able to edit the resolv.conf file, even as root. I wonder if I can rm the file, and recreate it using the correct DNS ip addresses.


#19

uhm… well, the resolv.conf is set by nordvpn according to comments in the file itself. so if they say on the website it should be different - something is wrong with their client/server. Does your internet work without nordvpn connected though?


#20

also something just doesn’t match, if you have nordvpn connected - your gateway should be vpn tunnel, not turris gw. if it is not connected - your dns should be turris, not nordvpn