Limited connectivity systray notification, yet connected to the network/internet

Hello, into my 2nd week on Manjaro KDE Plasma, and my windows migration is going very well.

Let me first provide my issue, and then provide some details that hopefully help figure this out.

Somehow the network systray icon thinks I have “limited connectivity”… little yellow symbol on the connection icon, and message if I mouse over it…
Screenshot_20210729_170528
… but if I expand it, it shows I am connected…
1caf7fe1482f6ddbd94646e2e598358fa5ff3deb
… and I have no issues browsing the web or accessing my local NAS.

So why tell me I have limited connectivity, when it appears my connection is fine? Of all the network problems, this seems like a fairly good one to have… but I’d like to be able to trust the systray network status. And quite frankly, that little yellow symbol to indicate the “limited connectivity” is real easy to miss… so who knows how long its been there.

So here is what I know changed this week… but it wasn’t until I installed/used the VPN client that I noticed the “limited connectivity”

  1. There were lots of Manjaro updates applied this week
    Screenshot_20210729_180514
  2. I installed a new firmware on my Asus router this week… I rebooted it, cycled it by pulling it’s power, reconnected my LAN cables, and even rebooted my PC
  3. I installed the eddie-ui VPN client from AUR as it’s generally what’s used by AirVPN (well, what I used on windows anyway).

I’m pretty sure the first two changes above were done while I was focused on finalizing my mdadm RAID-1 array… and I feel I should mention I also installed and uninstalled webmin from AUR when I thought it was going to help me get GUI access to my RAID array and hopefully scrubbing crons… but I uninstalled it after I found I couldn’t access it via the browser… and noticed I have some lingering “Web” entries in KSysGuard that I don’t recall seeing prior… (but that doesn’t mean they were not there)
Screenshot_20210729_172814

So assuming all the above is good, the first time I noticed the “limited connectivity” popup was after my second launch of eddie-ui (but the two were fairly back-to-back). I generally have a habit of enabling “network lock” before I connect to a VPN server… which is basically meant to trap all network traffic other than through the VPN. And when eddie-ui enables the “network lock”, it gives you the following message/warning…


and afterwards you will also see these notifications based on activating/disabling the network lock…
Screenshot_20210729_174342

My first connection went well, and then I started walking through the eddie-ui options, and thought I would try enable the options for “Connect at startup” and “Activate Network Lock at startup”… and when I closed/reopened eddie-ui it auto network locked and connected to a VPN server.

However, after I disconnected and disabled the network lock for the second time, I noticed a notification that I had “limited connectivity”… which was weird because I was still able to browse the internet, so I wasn’t assigned a “169.x.x.x” address.

I went back into eddie-ui, disabled the two “at startup” settings, confirmed I could network lock and connect manually, and disconnected and disabled the network lock… and still had “limited connectivity”.

I’m not 100% certain if the systray thought it had a limited connectivity issue before hand or not… I just know i noticed the notification after my eddie-ui sessions… and there were no other older notifications like it in the notification list.

Is it possible eddie-ui wrote a setting somewhere that wasn’t reversed that may explain my symptoms? That’s likely no less possible than my router firmware update or Manjaro updates playing a role… and I’ve posted to their forums as well just to be sure.

Troubleshooting I have done so far…

  1. Recalling eddie-ui mentioned iptables with the network lock activation… and currently for me right now (eddie not running, and network lock disabled at end of last session) I get the following when I query iptables…
    $ sudo systemctl status iptables
    ○ iptables.service - IPv4 Packet Filtering Framework
        Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
        Active: inactive (dead)
  1. My firewall activated in Manjaro is ufw… currently set to block incoming and allow outgoing (more or less defaults) [I’m using Gufw, the GUI interface]
    Screenshot_20210729_175228
  2. Beyond (what I am guessing are) the core 3 Chain INPUT/FORWARD/OUTPUT policy sections, there is a lot of ufw chain entries, but nothing that looks labeled by AirVPN or eddie when I run sudo iptables -L (not that I really understand what I am looking at)
$ sudo iptables -L
[sudo] password for disfeld: 
Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere            

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:ssdp
ufw-user-input  all  --  anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere            

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere            

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination 
  1. And as mentioned before I have rebooted the router (soft and hard) and my PC… neither resolving the “limited connectivity” status in the systray.

I also have no idea how the systray icon determines/checks the network.internet status… perhaps it pings a server that is down/unreachable at the moment? Or is it possible there I some data cached/written somewhere that is not getting updated? It’s these thoughts that have me wondering if the this is an update symptom… but there is lots I do not know.

Just wait.

2 Likes

Why would this cause “limited connectivity” message on my network adapter?
Is this distro “Calling Home” periodically?

… because the connectivity check is currently set up to ping http://ping.manjaro.org/check_network_status.txt

You can change it if you wish, see here:

3 Likes

woke up this morning to normal (not limited) network checks and access to manjaro.org … life is good!

For my own future reference, where should I go in the future, or what should I subscribe to, in order to see planned outages that would impact the website and network manager connectivity assessments?

This looks like a good candidate… Announcements - Manjaro Linux Forum

Yes, that is the correct page. In this instance, however, it was not a “planned outage” as I recall, so it wouldn’t appear in the News section before it happens.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.