[SOLVED] Recent update glitched outbound network access, kind of

#1

I just recently (a few days ago) did the latest upgrade (12/1/17, Kodi 17.6) and since then have developed some outbound network issues on my RPI 3/OSMC system. Since the update, I can ping an ipaddr but if I try to ping a url (like security.debian.org) I get a not found error. In fact, if I try to do a (re) update I get a bunch of not found errors for all the urls attempting to be accessed for an update.

I have 2 other systems (Win 10 and Fedora 27) on the same subnet behind the same router and there are no problems with either of them. I also checked for any DHCP issues with other units on the subnet and I didn’t see any conflicts.

Any ideas to fix this? Thx and cheers…

Brian Hornsby's openvpn script doesn't work after stretch update
VPN stopping OSMC & plugin downloads
No internet after december update...?
Openvpn and OSMC 17.6 on Rpi3
#2

Looks like DNS is playing up.

What’s the output from cat /etc/resolv.conf?

#3

These are the same dns servers my other systems use.

# Generated by Connection Manager
nameserver 75.75.75.75
nameserver 75.75.76.76

dillthedog
2h

Looks like DNS is playing up.

What’s the output from cat /etc/resolv.conf?

#4

So that file looks ok. Let’s try a few things. What do you see when you run the following:

host -v security.debian.org
cat /etc/nsswitch.conf
route -n

#5

Here are the results:

host -v security.debian.org

Trying “security.debian.org”
Host security.debian.org not found: 5(REFUSED)
Received 48 bytes from 75.75.75.75#53 in 89 ms

cat /etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the glibc-doc-reference' andinfo’ packages installed, try:
# `info libc “Name Service Switch”’ for information about this file.

passwd: compat
group: compat
shadow: compat
gshadow: files

hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.115.46.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.101.1 0.0.0.0 UG 0 0 0 eth0
10.115.46.0 0.0.0.0 255.255.254.0 U 0 0 0 tun0
128.0.0.0 10.115.46.1 128.0.0.0 UG 0 0 0 tun0
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.101.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
207.189.25.3 192.168.101.1 255.255.255.255 UGH 0 0 0 eth0

Anything obvious stick out at you? Thx…

#6

Your DNS server (75.75.75.75) refuses to answer. Question is who distributes that DNS server? Have you set it manually or are you using DHCP and your DHCP server gives you that DNS server?

#7

I believe both dns are provided by Comcast (my isp). The ipaddr is set manually, as are the dns. My Win 10 system is also manually set for ipaddr (obviously different from the RPI 3/OSMC :slight_smile: and the same dns and I can ping urls and ipaddrs with no problems.

So, the problem is specific to the RPI 3/OSMC and doesn’t seem to be a general dns issue. As I mentioned in the original posting, it seemed to be working fine before the most recent update. Thx.

BTW - I just pinged both 75.75.75.75 and 75.75.76.76 and got reasonable responses from both.

#8

If you set them manually just use any other public ones like 8.8.8.8

Well it’s always possible that there is a relation but a DNS server refusing to answer for me sounds more like a provider issue. Try the google one and we will see.

Well as you can see above the server is reachable but he just refuses to answer your question

#9

I see your point. I browsed to http://8.8.8.8 and got the google site. When I browsed to http://75.75.75.75 (or 75.75.76.76) I get a hangup (searching…)

However, that doesn’t explain why I get a

ping: bad address…

when I ping the 1/2 dozen or so urls from the RPI 3/OSMC sys that apt-get also claims cannot be found yet I can successfully ping those same urls from Win 10 (or my Fedora 27 sys). And all 3 systems are using the same Comcast dns ipaddrs.

I also just checked and as of 1/18 (5 days ago?) Comcast website stated the 2 dns ipaddrs are still valid.

#10

Well that all might be right but for what ever reason (if you want you can try to use tcpdump to find out) the comcast DNS server refuses your request…

Ok I just saw

You are using a VPN on that Pi. Disable the VPN and I assume your DNS server will answer again. Obviously Comcast DNS refuses to answer if the request comes from outside the comcast network (which happens if your VPN is active)

#11

I meant to ask about that earlier, but got distracted. Thx for catching that and suggesting. I have been using the vpn for a number of months with nary a problem (again not until this recent update). I had noticed something going on surrounding the vpn and thought it had been disabled. I’ll go back and check that…

OK. That seemed to unlock things. Apparently the last update process glitched the openvpn and messed things up. Trying an apt-get dist-upgrade went thru the process (of course, everything’s already been downloaded/updated) and no access errors on any of the urls.

Thank you…

Interestingly, I re-enabled openvpn and lost ability to access urls. Disabled it and everything was back to normal.

Do you know if this is something recently implemented by Comcast (and maybe other isps) or did my openvpn get corrupted and I’ll just have to reinstall it?

#12

Actually what you had before was a “DNS leak” means your DNS queries were not going through the tunnel. This DNS leak seems now being fixed. So basically if you go through a VPN you either want to use a DNS server provided by your VPN Provider or any other public one.

#13

Strange. I’m not a Comcast customer, but it returns an answer for me:

osmc@osmc:~$ dig security.debian.org @75.75.75.75

; <<>> DiG 9.10.3-P4-Debian <<>> security.debian.org @75.75.75.75
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32377
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2048
;; QUESTION SECTION:
;security.debian.org.		IN	A

;; ANSWER SECTION:
security.debian.org.	300	IN	A	212.211.132.250
security.debian.org.	300	IN	A	195.20.242.89
security.debian.org.	300	IN	A	212.211.132.32
security.debian.org.	300	IN	A	217.196.149.233

;; AUTHORITY SECTION:
security.debian.org.	28800	IN	NS	geo1.debian.org.
security.debian.org.	28800	IN	NS	geo3.debian.org.
security.debian.org.	28800	IN	NS	geo2.debian.org.

;; Query time: 300 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Wed Jan 24 11:23:24 GMT 2018
;; MSG SIZE  rcvd: 169

Perhaps they blacklisted your VPN’s IP address.

#14

arrrrrrggghhh…think I messed things up.

I did not get a successful tv guide update last night so I decided to 1st stop, then disable openvpn, and then thought I needed to uninstall it (and install the dig utility to check out your results). In the uninstall process I got a msg along the lines of “software critical to the function/operation of OSMC will be removed”, and then it kind of went off and did something. Now I’ve lost any network access. I usually access thru ssh and that’s gone.

I then went directly into the MYOSMC function thru OSMC and checked network info and there was no network installed (no ipaddr, etc.) and Network Enable box was cleared. I then checked the box and OSMC said it was “Configuring” but nothing ever happened. Also did a hard reset but, again, nothing happened.

Have I messed things up really bad, or is there a somewhat orderly way back to some sense of normalcy.

Thx and cheers…

#15

Yes you have! Openvpn is now part of the OSMC network stack. With removing it you removed “armv7-connman-osmc armv7-network-osmc openvpn rbp2-device-osmc”

Reinstalling that packages without a network would be quite cumbersome my suggestion is backup the configurations from the SD Card in your PC and start with a new install.

#16

If you upgraded there’s a chance these are still in /var/cache/apt/archives and will respond to things like dpkg -i armv7-connman-osmc_1.3.5-1_armhf.deb

You will need to get to a terminal by pressing Esc on a connected keyboard when re-booting.

#17

They’d probably need to be installed in a specific order:

openvpn
armv7-connman-osmc
armv7-network-osmc
rbp2-device-osmc

1 Like
#18

Update (1/18/23.2)

Reloaded programs as suggested and network is back up (so is ssh). Whew!!!

Thank you, thank you, thank you. Lesson learned (for now :frowning:

Update (1/23/18.1)

Nevermind. I got it.

Orig (1/23/18.0)

Thanks much. Hopefully I haven’t mucked things up too much.

1 slight problem…can’t seem to get into the command line for Debian. Have pressed esc in a number of different screens but it always boots into OSMC main window. What am I missing here? Using RPI 3.

I’ve tried reboot. Also exit (which it just hangs). And also power off/down, which it seems to do(screen goes blank and acivity on the hdd stops).