A fresh install of Mint (19 xfce 32bit), set up with auto-connect to OVPN using native NetworkManager (NM) was giving me some issues with DNS Leak. Delving into this, I got the leaking fixed by setting the DNS servers in NM, for the eth0, manually to the internal DNS of the VPN. Sweet, Fixed!
Nope. Stay with me, that’s not the problem. After I fixed the leak, I was monitoring all the traffic over the eth0 using ‘iftop -i eth0’ while OVPN was connected. Expecting to see only traffic to/from the VPN server (and regular multicasts etc.) Most all traffic was. But, I was surprised to see single intermittent short duration connections to various Google servers that come at a frequency of every few minutes or so. This occurred even when no web browser was open!
Since all traffic should be going over the VPN (tun0), no connections to anywhere, especially google, should be occurring in the clear on eth0!
Looking into this still further, I used ‘nethogs -d 1’ to identify the program responsible for the traffic. Doing nothing on the computer but monitoring nethogs after a fresh boot, showed the google traffic is being brought on by ‘/usr/sbin/NetworkManager’ under user root.
I cannot figure out why a native program, NetworkManager, calls out to google over eth0, when everything should be going over tun0.
Obviously there are some security concerns with this, since the traffic is supposed to be directed to tun0. Does anyone have any thoughts. I am willing to bet that you can replicate this without setting up the VPN. Just look for connections to “googleusercontent” domains, or something like that.
[The Question] Thoughts? How to I disable this traffic? I do not think its NTP. Nethogs reports that its http traffic. And; Even if the traffic goes over tun0, why is the OS talking to google unsolicited?
Feel free NOT to respond if your simply giving your own thoughts about paranoia or what you think should or should not be important. This is not a conspiracy, or paranoid delusion. I am only interested in helpful thoughts on fixing this issue, and not interested in what your “OK” with your computer doing over the network,in the background, and behind your back.