PureOS not able to connect to internet, accept through Tor Browser

ruff · December 2, 2019, 8:59am

can you provide output of
ping -ql3 -c3 -w1 t.co
curl -v t.co

from the provided log it’s clear there’s name resolution problem however it’s not clear whether the resolution problem was before connecting the wireless or after.

kieran · December 2, 2019, 9:44am

That’s a rather unusual IP address for a private LAN. Does that match the LAN that “_gateway” is on? What is the IP address corresponding to “_gateway”? e.g. post output from route -n (which I probably should have asked for in the first place).

Gavaudan · December 2, 2019, 11:57am

I had this problem on a different OS when I was in college, I believe the solution was changing the DNS server in network manager to the one provided by my school, the OS was trying to use a different one and the network had blocked it. Your issue seems a little more complicated than that, but manually changing the DNS settings might at least provide a workaround. You can try 9.9.9.9 or 1.1.1.1.

ruff · December 2, 2019, 1:28pm

I for one am always using my own recursive resolver (unbound) with secure settings on my laptops. But I know what am I doing and why and how to deal with it when working from corporate environment (when recursive DNS is blocked more often than not). So if Pure OS is using similar approach obscurely it should at least bump a pop-up asking to fallback to DHCP DNS settings due to unavailable recursion/unreachable roots.

nlx6 · December 2, 2019, 10:16pm

@mstdnuser: I do have a usb-c to ethernet dongle that I can use, but even with that connected directly to the router, I get no internet connection.

@kieran: I have assigned the 133.52.63.0 ip address via my router interface, purposefully.

nlx6 · December 2, 2019, 10:18pm

@ruff: see output:

$ ping -ql3 -c3 -w1 t.co
ping: t.co: Name or service not known

$ curl -v t.co
* Expire in 0 ms for 6 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 0 ms for 1 (transfer 0x5588ab0dbf50)
* Expire in 1 ms for 1 (transfer 0x5588ab0dbf50)

....

* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 250 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Expire in 250 ms for 1 (transfer 0x556fbe07ff50)
* Could not resolve host: t.co
* Expire in 200 ms for 1 (transfer 0x556fbe07ff50)
* Closing connection 0
curl: (6) Could not resolve host: t.co

nlx6 · December 2, 2019, 10:29pm

@kieran My router is running a version of openwrt (Turris Omnia), so maybe I could ssh into that to start a web proxy somehow? Or from the LuCi interface. This is something I have not done before, but am willing to try.

ruff · December 2, 2019, 10:45pm

right, so dns then. you can try to edit /etc/resolv.conf and set it manually to your dns name and resolver from dhcp, eg.

# echo "domain $(hostname -d)" > /etc/resolv.conf && dhcpcd -U wlp1s0|awk -F= '/domain_name_servers=/{print$2}'|tr " \047" "\012"|xargs -n1 echo nameserver >> /etc/resolv.conf

of course it may overwrite it on next nm event. Note # prompt - so as root. the command above extracts nameservers option from dhcp, but that could be disabled by dhcpcd config so you might need just to set nameservers manually with the editor to the right ip.

nlx6 · December 2, 2019, 10:59pm

The output of the above command:

$ sudo echo "domain $(hostname -d)" > /etc/resolv.conf && dhcpcd -U wlp1s0|awk -F= '/domain_name_servers=/{print$2}'|tr " \047" "\012"|xargs -n1 echo nameserver >> /etc/resolv.conf
bash: /etc/resolv.conf: Operation not permitted

I have the NordVPN Linux app installed, and here are the contents of /etc/resolv.conf:

# Generated by NordVPN
nameserver 103.86.99.99
nameserver 103.86.96.96

According to the NordVPN website, their DNS servers are listed as

103.86.99.100
103.86.96.100

I’m not able to edit the resolv.conf file, even as root. I wonder if I can rm the file, and recreate it using the correct DNS ip addresses.

ruff · December 2, 2019, 11:04pm

uhm… well, the resolv.conf is set by nordvpn according to comments in the file itself. so if they say on the website it should be different - something is wrong with their client/server. Does your internet work without nordvpn connected though?

ruff · December 2, 2019, 11:07pm

also something just doesn’t match, if you have nordvpn connected - your gateway should be vpn tunnel, not turris gw. if it is not connected - your dns should be turris, not nordvpn

nlx6 · December 2, 2019, 11:10pm

NordVPN is not connected. I have it configured to auto-connect, but it is not able to connect currently upon reboot, as it normally would.

I’ve logged out of the NordVPN app, and rebooted, but still no connection.

ruff · December 2, 2019, 11:12pm

Ok, perhaps it screwed your resolver.
regarding editing resolv.conf as root - are you sure you cannot edit it? vim may complain it’s readonly but you still should be able to save it with :w!
If not - can you give output if
ls -la /etc/resolv.conf
lsattr /etc/resolv.conf

kieran · December 2, 2019, 11:15pm

OK, so is the router NATting this?

Is everything else on your LAN in the same subnet, the router’s LAN side included?

It isn’t really valid to use a public IP address on the LAN side. However given that you are using openwrt, I assume you have checked that out and are satisfied that openwrt handles that correctly.

As DNS is not working - which doesn’t mean that DNS is at fault or misconfigured - I would look up the IP address of t.co on another computer and replace t.co in those two commands with its IP address.

Maybe.

Given that you can SSH in to the router, can you communicate from the problematic laptop to another computer on your LAN?

It may be easier to put a web proxy on another computer on your LAN (than on the router).

ruff · December 2, 2019, 11:18pm

proxy is a nasty thing but omnia has tinyproxy out of the box iirc so you can try to play with it.

nlx6 · December 2, 2019, 11:28pm

Output of above commands:

ls -la /etc/resolv.conf
-rw-r--r-- 1 root root 70 Nov 29 13:42 /etc/resolv.conf

$ lsattr /etc/resolv.conf
----i---------e---- /etc/resolv.conf

nlx6 · December 2, 2019, 11:37pm

Upon trying to edit /etc/resolv.conf (:w!) I get:

"/etc/resolv.conf"
"/etc/resolv.conf" E212: Can't open file for writing
Press ENTER or type command to continue

ruff · December 2, 2019, 11:38pm

ow, wow, so indeed immutable. you can unlock it by
chattr -i /etc/resolv.conf

nlx6 · December 2, 2019, 11:41pm

@ruff: Thank you, so much.

This solves the problem. How this file got changed? No idea. But clearly, this was the issue. I can now ping the internet.

Thanks everyone who helped me with this!

ruff · December 2, 2019, 11:42pm

must be nordvpn locking the file from local update, and perhaps it crashed or system was shut down without it being able to unlock it back.