[SOLVED] Ubuntu running VPN messed up my internet connection

dat789

Distinguished
Feb 1, 2013
35
5
18,545
4
I have been running Ubuntu 18.04 (64-bit) for a while now without any problems as far as network + broadband connectivity is concerned. Last week, I purchased ExpressVPN and installed and configured it. The setup was, honestly, very straight-forward. I connected to my first VPN region and browsed as normal.

Then, I installed the Tor browser. Everything that needed to be set up was done and soon I was browsing anonymously. VPN was still connected.
The next day, after booting up and logged back onto Ubuntu, I connect to ExpressVPN. At this point, I realised I could not browse any websites at all as the pages will return:
" Server Not Found -- We can’t connect to the server at www.bing.com"
I tried:
Code:
$ ping 1.1.1.1
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=5.31 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=5.50 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=5.42 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=58 time=5.17 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=58 time=5.40 ms
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 5.174/5.364/5.501/0.129 ms

$ ping 8.8.8.8
...
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 5.174/5.364/5.501/0.129 ms

$ ping 8.8.4.4
...
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 5.174/5.364/5.501/0.129 ms
The pings shows me that it does have internet connectivity and is able to reach other hosts (pls correct me if I'm wrong). But somehow Chrome and Firefox are unable to resolve any hosts / websites at all.

However, the strange thing is that even when I cannot access to any websites on Chrome and Firefox while connected to VPN, I can browse any surface web (clear net) and onion sites on the Tor browser! The VPN connectivity was not lost at all. I have a feeling that ExpressVPN has changed something somewhere that has altered how Chrome and Firefox (or standard browsers) access web pages?

Does anyone know what might have gone wrong? Happy to provide more details for diagnostics and analysis upon request.

BTW, I don't have a proxy server nor do I use one. Don't even know how to in the first place..

- Make and model of switches and how many ports are on each switch
> I don't use switches nor hubs
- How many PCs and laptops are connected to the network
> Only one direct connection to the PC.
- Whether or not a NAS (Network Attached Storage) or regular server is connected to the network
> The connection to the PC is direct from the router, provided by ISP.
- Whether or not a Wifi router is connected to the network and/or switch
> The Wi-Fi router is connected to the network, but the PC is a direct connection.
- If you are using the internal LAN connection on your motherboard, a USB dongle, or external PCI card
> Internal LAN connection to the motherboard
 
In the first case it is using your machine as the DNS server. Hard to say what the actual dns server is.

The second case it is use express vpn dns server....this is generally how it is suppose to work since you want the DNS requests to go via the vpn.

The DNS actually works in both cases. My guess is that the ping and other commands are still attempting to use the loopback ip as the dns rather than the express vpn and are being blocked. Not sure why I have been lazy lately and do not use unix much anymore. Then again I have had similar issues with windows and only run vpn on routers after the software clients messed up the machine.

My guess would be it is related to how express vpn intercepts the dns. It likely is changing the routing but does not work when you have a actual dns server process running on the server.
 
Looks like the DNS is messed up. You can obviously actually get to the dns servers since you can ping them.

Can you ping sites like www.bing.com by name.

What happens if you use a nslookup command and try to look that name up. What dns server does the nslookup command use by default, what happens if you over ride it on the command line to use say 8.8.8.8

Does it resolve or is the dns itself blocked.....ie it will allow ping but not port 53.

Maybe it is simple and the DNS is wrong i the network settings.
 
Reactions: Alabalcho

dat789

Distinguished
Feb 1, 2013
35
5
18,545
4
Thanks for the response. Following up with that, here's what I did

Code:
$ nslookup www.bing.com
Server:        127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
www.bing.com    canonical name = a-0001.a-afdentry.net.trafficmanager.net.
a-0001.a-afdentry.net.trafficmanager.net    canonical name = dual-a-0001.a-msedge.net.
Name:    dual-a-0001.a-msedge.net
Address: 204.79.197.200
Name:    dual-a-0001.a-msedge.net
Address: 13.107.21.200
Name:    dual-a-0001.a-msedge.net
Address: 2620:1ec:c11::200

$ expressvpn connect japan
Connecting to Japan...     100%
Connected to Japan

$ ping www.bing.com
ping: www.bing.com: Name or service not known

$ ping www.google.com
ping: www.google.com: Name or service not known

$ nslookup www.bing.com
Server:        10.92.0.1
Address:    10.92.0.1#53

Non-authoritative answer:
www.bing.com    canonical name = a-0001.a-afdentry.net.trafficmanager.net.
a-0001.a-afdentry.net.trafficmanager.net    canonical name = dual-a-0001.a-msedge.net.
Name:    dual-a-0001.a-msedge.net
Address: 204.79.197.200
Name:    dual-a-0001.a-msedge.net
Address: 13.107.21.200

$ expressvpn disconnect
Disconnecting...
Disconnected

$ ping www.bing.com
64 bytes from ... icmp_seq=1 ttl=118 time=6.45 ms
...
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
 
In the first case it is using your machine as the DNS server. Hard to say what the actual dns server is.

The second case it is use express vpn dns server....this is generally how it is suppose to work since you want the DNS requests to go via the vpn.

The DNS actually works in both cases. My guess is that the ping and other commands are still attempting to use the loopback ip as the dns rather than the express vpn and are being blocked. Not sure why I have been lazy lately and do not use unix much anymore. Then again I have had similar issues with windows and only run vpn on routers after the software clients messed up the machine.

My guess would be it is related to how express vpn intercepts the dns. It likely is changing the routing but does not work when you have a actual dns server process running on the server.
 

ASK THE COMMUNITY