Hello, into my 2nd week on Manjaro KDE Plasma, and my windows migration is going very well.
Let me first provide my issue, and then provide some details that hopefully help figure this out.
Somehow the network systray icon thinks I have “limited connectivity”… little yellow symbol on the connection icon, and message if I mouse over it…
… but if I expand it, it shows I am connected…
… and I have no issues browsing the web or accessing my local NAS.
So why tell me I have limited connectivity, when it appears my connection is fine? Of all the network problems, this seems like a fairly good one to have… but I’d like to be able to trust the systray network status. And quite frankly, that little yellow symbol to indicate the “limited connectivity” is real easy to miss… so who knows how long its been there.
So here is what I know changed this week… but it wasn’t until I installed/used the VPN client that I noticed the “limited connectivity”
- There were lots of Manjaro updates applied this week
- I installed a new firmware on my Asus router this week… I rebooted it, cycled it by pulling it’s power, reconnected my LAN cables, and even rebooted my PC
- I installed the
eddie-ui
VPN client from AUR as it’s generally what’s used by AirVPN (well, what I used on windows anyway).
I’m pretty sure the first two changes above were done while I was focused on finalizing my mdadm RAID-1 array… and I feel I should mention I also installed and uninstalled webmin
from AUR when I thought it was going to help me get GUI access to my RAID array and hopefully scrubbing crons… but I uninstalled it after I found I couldn’t access it via the browser… and noticed I have some lingering “Web” entries in KSysGuard that I don’t recall seeing prior… (but that doesn’t mean they were not there)
So assuming all the above is good, the first time I noticed the “limited connectivity” popup was after my second launch of eddie-ui
(but the two were fairly back-to-back). I generally have a habit of enabling “network lock” before I connect to a VPN server… which is basically meant to trap all network traffic other than through the VPN. And when eddie-ui
enables the “network lock”, it gives you the following message/warning…
and afterwards you will also see these notifications based on activating/disabling the network lock…
My first connection went well, and then I started walking through the eddie-ui
options, and thought I would try enable the options for “Connect at startup” and “Activate Network Lock at startup”… and when I closed/reopened eddie-ui
it auto network locked and connected to a VPN server.
However, after I disconnected and disabled the network lock for the second time, I noticed a notification that I had “limited connectivity”… which was weird because I was still able to browse the internet, so I wasn’t assigned a “169.x.x.x” address.
I went back into eddie-ui
, disabled the two “at startup” settings, confirmed I could network lock and connect manually, and disconnected and disabled the network lock… and still had “limited connectivity”.
I’m not 100% certain if the systray thought it had a limited connectivity issue before hand or not… I just know i noticed the notification after my eddie-ui
sessions… and there were no other older notifications like it in the notification list.
Is it possible eddie-ui
wrote a setting somewhere that wasn’t reversed that may explain my symptoms? That’s likely no less possible than my router firmware update or Manjaro updates playing a role… and I’ve posted to their forums as well just to be sure.
Troubleshooting I have done so far…
- Recalling
eddie-ui
mentionediptables
with the network lock activation… and currently for me right now (eddie not running, and network lock disabled at end of last session) I get the following when I query iptables…
$ sudo systemctl status iptables
○ iptables.service - IPv4 Packet Filtering Framework
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
- My firewall activated in Manjaro is ufw… currently set to block incoming and allow outgoing (more or less defaults) [I’m using Gufw, the GUI interface]
- Beyond (what I am guessing are) the core 3 Chain INPUT/FORWARD/OUTPUT policy sections, there is a lot of ufw chain entries, but nothing that looks labeled by AirVPN or eddie when I run
sudo iptables -L
(not that I really understand what I am looking at)
$ sudo iptables -L
[sudo] password for disfeld:
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ufw-user-forward all -- anywhere anywhere
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- anywhere anywhere ctstate INVALID
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:ssdp
ufw-user-input all -- anywhere anywhere
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-user-output all -- anywhere anywhere
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-track-forward (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere ctstate NEW
ACCEPT udp -- anywhere anywhere ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
- And as mentioned before I have rebooted the router (soft and hard) and my PC… neither resolving the “limited connectivity” status in the systray.
I also have no idea how the systray icon determines/checks the network.internet status… perhaps it pings a server that is down/unreachable at the moment? Or is it possible there I some data cached/written somewhere that is not getting updated? It’s these thoughts that have me wondering if the this is an update symptom… but there is lots I do not know.