[Bug 1886809] Re: Pulse connect VPN exists because unwanted avahi network starts

Helio Loureiro 1886809 at bugs.launchpad.net
Thu Jul 9 08:31:35 UTC 2020 

This is a ubuntu desktop.  A corporate laptop.

> cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

> cat /etc/network/interfaces.d/*
fish: No matches for wildcard “/etc/network/interfaces.d/*”. See `help expand`.
cat /etc/network/interfaces.d/*
    ^

> cat /etc/netplan/*
# Let NetworkManager manage all devices on this system
network:
  version: 2
  renderer: NetworkManager

As you can see this is network-manager based settings.

Pulsesecure is a sort of java browser based application.  Since it is a
proprietary application, I'm not sure how it runs internally, but it
does some basic checkings into your system to allow the connection, and
establishes it.  It changes all routes to use the VPN as default.  Any
attempt to change is detect and it considers an attempt to tamper with
system, which results in connection drop.  That's where the avahi causes
the problem.

One extra info: I set the avahi to disable on /etc/default/avahi-daemon.

> cat /etc/default/avahi-daemon 
# 1 = Try to detect unicast dns servers that serve .local and disable avahi in
# that case, 0 = Don't try to detect .local unicast dns servers, can cause
# troubles on misconfigured networks
AVAHI_DAEMON_DETECT_LOCAL=0

So even a patch o top of avahi-autoipd that reads this parameter can be
enough to avoid this unwanted route to pop up.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1886809

Title:
  Pulse connect VPN exists because unwanted avahi network starts

Status in avahi package in Ubuntu:
  New

Bug description:
  Pulse VPNs exists very often because avahi enforces network
  192.250.0.0/0 over tun0 interface.  The message error is:

  rmon.error Unauthorized new route to 169.254.0.0/0.0.0.0 has been
  added (conflicts with our route to 0.0.0.0), disconnecting
  (routemon.cpp:598)

  No matter the options to skip avahi on /etc/default/avahi-daemon, it
  always calls /etc/network/if-up.d/avahi-autoipd and raises this
  discovery network.

  A fix can be done patching /etc/network/if-up.d/avahi-autoipd to skip
  any tunnel interface.

  --- /etc/network/if-up.d/avahi-autoipd.dpkg-old 2020-07-08 13:25:41.834569800 +0200
  +++ /etc/network/if-up.d/avahi-autoipd  2020-07-07 10:07:37.611118581 +0200
  @@ -11,6 +11,10 @@
   
   [ -x /usr/sbin/avahi-autoipd ] || exit 0
   
  +case "$IFACE" in
  +       tun*) exit 0 ;;
  +esac
  +
   [ "$IFACE" != "lo" ] || exit 0
   case "$ADDRFAM" in
          inet) ;;

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1886809/+subscriptions

More information about the Ubuntu-sponsors mailing list