Bug 2271283

Summary: Unable to connect to institution's websites via VPN when connecting to its WPA2-Enterprise network
Product: [Fedora] Fedora Reporter: gxq1f5dh
Component: NetworkManagerAssignee: Lubomir Rintel <lkundrak>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 39CC: bgalvani, dcbw, ferferna, gnome-sig, groguko36, ihuguet, liangwen12year, lkundrak, mclasen, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description gxq1f5dh 2024-03-24 14:44:29 UTC 
I have only ever experienced this with my university's eduroam network. With a VPN enabled, I can connect to any website I choose except for those containing the university's domain name (e.g. it.university.edu, med.university.edu, law.university.edu). It doesn't matter if I launch a browser in split tunneling mode - it still doesn't connect. It just gives an error that it’s unable to connect.

The VPN has to be completely disabled in order to connect to one of these university.edu websites from the eduroam network. Also, I can connect to these websites just fine using Mullvad if I'm on any other wifi network, which means it's not simple ip address blocking. I have replicated this issue on all recent versions of Pop!_OS including 21.04, 21.10, and 22.04, and fedora 38 and 39. Like I said in my previous post, I have replicated this issue with Mullvad and iVPN, though it's been some time since I have tried iVPN.

Notably, this issue is not present at all on iOS or Android. I can even use my Pixel 6a phone running GrapheneOS to connect to the eduroam network, create a hotspot extending the network to my linux laptop, have mullvad enabled on both devices, and suddenly I'm able to connect to university.edu just fine.

Apparently, according to some email correspondence I had with Mullvad support, I was able to resolve the issue a couple years ago by not using the Mullvad app and following these instructions (https://mullvad.net/it/help/linux-openvpn-installation) instead, but I think I switched back to the app because I missed some of the functionality it offered.

This issue has also been replicated by another user on Silverblue (https://discussion.fedoraproject.org/t/silverblue-38-unable-to-visit-university-websites-when-connecting-to-its-wpa2-enterprise-wifi-on-vpn/81725). There is a workaround (using the SOCKS5 proxy), but it would be very nice to have a real fix.

Reproducible: Always

Steps to Reproduce:
1. Connect to my university's wifi network
2. Connect to the VPN app
3. Attempt to connect to my university's website
Actual Results:  
Error - unable to connect

Expected Results:  
Connected to the website

https://discussion.fedoraproject.org/t/silverblue-38-unable-to-visit-university-websites-when-connecting-to-its-wpa2-enterprise-wifi-on-vpn/81725

https://github.com/mullvad/mullvadvpn-app/issues/4633
Comment 1 groguko36 2024-04-01 06:30:25 UTC 
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2196615