PureOS not able to connect to internet, accept through Tor Browser

can you provide output of
ping -ql3 -c3 -w1 t.co
curl -v t.co

from the provided log it’s clear there’s name resolution problem however it’s not clear whether the resolution problem was before connecting the wireless or after.

That’s a rather unusual IP address for a private LAN. Does that match the LAN that “_gateway” is on? What is the IP address corresponding to “_gateway”? e.g. post output from route -n (which I probably should have asked for in the first place).

1 Like

I had this problem on a different OS when I was in college, I believe the solution was changing the DNS server in network manager to the one provided by my school, the OS was trying to use a different one and the network had blocked it. Your issue seems a little more complicated than that, but manually changing the DNS settings might at least provide a workaround. You can try 9.9.9.9 or 1.1.1.1.

I for one am always using my own recursive resolver (unbound) with secure settings on my laptops. But I know what am I doing and why and how to deal with it when working from corporate environment (when recursive DNS is blocked more often than not). So if Pure OS is using similar approach obscurely it should at least bump a pop-up asking to fallback to DHCP DNS settings due to unavailable recursion/unreachable roots.

@mstdnuser: I do have a usb-c to ethernet dongle that I can use, but even with that connected directly to the router, I get no internet connection.

@kieran: I have assigned the 133.52.63.0 ip address via my router interface, purposefully.

@ruff: see output:

$ ping -ql3 -c3 -w1 t.co
ping: t.co: Name or service not known

$ curl -v t.co
* Expire in 0 ms for 6 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)

....

* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 250 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 250 ms for 1 (transfer 0x556fbe07ff50)
* Could not resolve host: t.co
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Closing connection 0
curl: (6) Could not resolve host: t.co

@kieran My router is running a version of openwrt (Turris Omnia), so maybe I could ssh into that to start a web proxy somehow? Or from the LuCi interface. This is something I have not done before, but am willing to try.

right, so dns then. you can try to edit /etc/resolv.conf and set it manually to your dns name and resolver from dhcp, eg.

# echo "domain $(hostname -d)" > /etc/resolv.conf && dhcpcd -U wlp1s0|awk -F= '/domain_name_servers=/{print$2}'|tr " \047" "\012"|xargs -n1 echo nameserver >> /etc/resolv.conf

of course it may overwrite it on next nm event. Note # prompt - so as root. the command above extracts nameservers option from dhcp, but that could be disabled by dhcpcd config so you might need just to set nameservers manually with the editor to the right ip.

The output of the above command:

$ sudo echo "domain $(hostname -d)" > /etc/resolv.conf && dhcpcd -U wlp1s0|awk -F= '/domain_name_servers=/{print$2}'|tr " \047" "\012"|xargs -n1 echo nameserver >> /etc/resolv.conf
bash: /etc/resolv.conf: Operation not permitted

I have the NordVPN Linux app installed, and here are the contents of /etc/resolv.conf:

# Generated by NordVPN
nameserver 103.86.99.99
nameserver 103.86.96.96

According to the NordVPN website, their DNS servers are listed as

103.86.99.100
103.86.96.100

I’m not able to edit the resolv.conf file, even as root. I wonder if I can rm the file, and recreate it using the correct DNS ip addresses.

uhm… well, the resolv.conf is set by nordvpn according to comments in the file itself. so if they say on the website it should be different - something is wrong with their client/server. Does your internet work without nordvpn connected though?

also something just doesn’t match, if you have nordvpn connected - your gateway should be vpn tunnel, not turris gw. if it is not connected - your dns should be turris, not nordvpn

NordVPN is not connected. I have it configured to auto-connect, but it is not able to connect currently upon reboot, as it normally would.

I’ve logged out of the NordVPN app, and rebooted, but still no connection.

Ok, perhaps it screwed your resolver.
regarding editing resolv.conf as root - are you sure you cannot edit it? vim may complain it’s readonly but you still should be able to save it with :w!
If not - can you give output if
ls -la /etc/resolv.conf
lsattr /etc/resolv.conf

OK, so is the router NATting this?

Is everything else on your LAN in the same subnet, the router’s LAN side included?

It isn’t really valid to use a public IP address on the LAN side. However given that you are using openwrt, I assume you have checked that out and are satisfied that openwrt handles that correctly.

As DNS is not working - which doesn’t mean that DNS is at fault or misconfigured - I would look up the IP address of t.co on another computer and replace t.co in those two commands with its IP address.

Maybe.

Given that you can SSH in to the router, can you communicate from the problematic laptop to another computer on your LAN?

It may be easier to put a web proxy on another computer on your LAN (than on the router).

proxy is a nasty thing but omnia has tinyproxy out of the box iirc so you can try to play with it.

1 Like

Output of above commands:

ls -la /etc/resolv.conf
-rw-r--r-- 1 root root 70 Nov 29 13:42 /etc/resolv.conf

$ lsattr /etc/resolv.conf
----i---------e---- /etc/resolv.conf

Upon trying to edit /etc/resolv.conf (:w!) I get:

"/etc/resolv.conf"
"/etc/resolv.conf" E212: Can't open file for writing
Press ENTER or type command to continue

ow, wow, so indeed immutable. you can unlock it by
chattr -i /etc/resolv.conf

2 Likes

@ruff: Thank you, so much.

This solves the problem. How this file got changed? No idea. But clearly, this was the issue. I can now ping the internet.

Thanks everyone who helped me with this!

1 Like

must be nordvpn locking the file from local update, and perhaps it crashed or system was shut down without it being able to unlock it back.

2 Likes