1

I cannot access many websites including our own office web portals without using VPN. I tried using sudo /etc/init.d/network-manager restart, and I also attempted to to edit /etc/network/interfaces to add: source /etc/network/interfaces.d/*

Furthermore, interfaces(5) file used by ifup(8) and ifdown(8):

auto lo
iface lo inet loopback

The primary network interface on the device:

auto enp0s31f6
iface enp0s31f6 inet dhcp

Still I cannot access websites, web portals etc.

The output of ip a returns to me the following:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 68:f7:28:d3:d4:47 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5c:e0:c5:3a:7d:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.107/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 85831sec preferred_lft 85831sec
    inet6 fe80::f9d:3b03:c8d4:43e3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:2e:cd:a6:65 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
5: br-818882f39971: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:da:11:16:13 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-818882f39971
       valid_lft forever preferred_lft forever
6: br-f69c46d593ea: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:b9:fa:61:b9 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-f69c46d593ea
       valid_lft forever preferred_lft forever

nameserver 127.0.0.53

nslookup google.com:

Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:   google.com
Address: 216.58.203.174
Name:   google.com
Address: 2404:6800:4009:803::200e
Eliah Kagan
  • 117,780
Vinay Sawant
  • 111
  • 3
  • What OS version are you using, browser, and what is your network information. ip a and more /etc/resolv.conf are a good start. – DankyNanky May 19 '20 at 09:54
  • Also, what are example websites, and can you locate them by using nslookup google.com - you might need to install inettools or some alternate package. – DankyNanky May 19 '20 at 09:56
  • Vinay, I have edited your question to include the output of your ip a command - once approved, we can cleanup your comments. Please edit your question to include the nameserver you have in your /etc/resolv.conf file as well. Out of curiosity, if you perform nslookup google.com what is the returned IP address, and can you successfully ping the IP address? – DankyNanky May 19 '20 at 10:02
  • Lastly - and sorry for the spam - can you output an image of your Wireless NIC via the GUI? You can edit the settings via the GUI. I'm curious to see if "Auto-Connect to VPN" of if your DNS servers are hard-set. – DankyNanky May 19 '20 at 10:04
  • nslookup google.com results added to post, i can ping google.com but i cannot access few websites and portal – Vinay Sawant May 19 '20 at 10:14
  • Extended comment thread, I'll go ahead and add "an answer" to this comment, and we can work from there. – DankyNanky May 19 '20 at 10:15
  • @DankyNanky Waiting for your response,Thank you in advance. – Vinay Sawant May 19 '20 at 10:18
  • I have posted some steps I would take in diagnosing this - of course, ignoring the "have you restarted your PC and router" - which is a valid step! Comment on the answer if you need to discuss. – DankyNanky May 19 '20 at 10:36
  • Vinay - any traction on this? – DankyNanky May 21 '20 at 10:12

1 Answers1

0

Edit: "I cannot access few websites and portal"

If you are not able to access some websites, there may be an ACL on these networks (such as a public IP limitation), or you could have routing issues to the subnets in which they resolve.

For example, if you can't reach mytest.portal.business.com and it resolves as 10.1.1.3, then this would stipulate it's an internally hosted service that you've got a static record for. If a large portion of websites work (such as YouTube, Google, AskUbuntu) but a subset don't, this would indicate more of an issue with networking/routing than the system in itself.

If you're able to successfully resolve (via nslookup) and test an ICMP connection (ping) then this denotes you have network connectivity; if you perform sudo apt upgrade -y and it functions, you have networking connectivity and this brings the issue down to an application fault.

In this instance, it appears that you're in fact using WiFi as your connection medium, as denoted by your ip a which resulted in:

wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5c:e0:c5:3a:7d:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.107/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 85831sec preferred_lft 85831sec
    inet6 fe80::f9d:3b03:c8d4:43e3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

DHCP

First and foremost, I would confirm that you're getting DHCP on the same logical subnet as other clients that are working - this is simple, compare ip a on hosts to ensure you're in the same range. For example, this could be 192.168.0.1 or 172.20.20.1 but (usually) neither together.

To view your DHCP configuration (if you're using netplan) you can run ls -l /var/lib/NetworkManager, and what is most important is cat your lease file - for me: 

cat /var/lib/NetworkManager/internal-16fa33b0-caa7-3219-a480-331e166fd77c-eno2.lease 
# This is private data. Do not parse.
ADDRESS=192.168.0.116
NETMASK=255.255.255.0
ROUTER=192.168.0.1
SERVER_ADDRESS=192.168.0.1
T1=42600
T2=74550
LIFETIME=85200
DNS=208.67.222.222 208.67.220.220
DOMAINNAME=loopback.local
CLIENTID=01b42e9933fa61

Make sure in the DHCP lease, your router IP address is your local router - and not another IP address you cannot route to without a VPN connection (additional adapter).

DNS

The first test is to ensure your DNS is not the fault, run resolvectl status | grep "DNS Servers" to list the current server you're using; you can update this to be something such as 1.1.1.1 as a test:

# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 1.1.1.1

Proxy Server

At this point in time, if you're not able to resolve websites (well, load), move on to diagnosing if your system is using a proxy: env | grep proxy - if you're using a proxy, it'll return an answer. You can find more answers on diagnosing proxies here.

Firewalls

On Ubuntu, you can disable the Firewall temporarily to see if this is contributing. For firewalld the command is:

systemctl stop firewalld   # Disables the Firewall
systemctl status firewalld # Gets the firewall's status

For ufw, perform the following:

sudo ufw status verbose # Gets the firewall's status
sudo ufw disable        # Disables the Firewall

You could further diagnose this by performing a netstat or a Wireshark capture, if you believed this a networking issue.

Application Diagnostics

From this point, if your browser still doesn't want to load, load an additional browser such as Vivaldi, and see if the same issue occurs. You can run the application via the terminal to get output - or using inbuilt console.

Lastly - as I had this happen to me once - I had a strange "profile" issue with my wireless network. I had to remove the network and reconnect/establish to get it working.

DankyNanky
  • 554