Jump to content
Not connected, Your IP: 18.117.94.77
Listing

OpenVpn config generator suggestion

Recommended Posts

​I recently learned that newer openvpn versions support the

​block-outside-dns

​command that fixes dns leaks. After modifying the openvpn config generated by the user control panel and adding that line my dns leaks are gone.

​I would recommend making this the default or at least adding a checkmark box to add this option.

Share this post


Link to post

You can always use the Advanced checkbox and put it in the custom directives.

There are a few issues with making this particular directive global, first of all older

clients will throw an unsupported directive error and it will be confusing, second

thing is that DNS leaks should be solved at a more comprehensive method rather

than patches that apply only when the client is running.

A more complete solution is setting the VPN DNS server on all of your adapters,

or using firewall rules/network lock to restrict traffic only to your VPN gateway.

 

Windows users (where DNS leaks happen) are encouraged to use Eddie, which

solves this problem at the root cause, without relying on 3d party software.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Thanks for the explaination. I see your point with outdated clients, that pretty much answers my question why it was not default

​While you it is probably insecure to use outdated openvpn clients I guess there may be some routers or other things that enforce working with outdated versions.

Share this post


Link to post

​While you it is probably insecure to use outdated openvpn clients I guess there may be some routers or other things that enforce working with outdated versions.

 

In repositories, you can have old OpenVPN versions that are perfectly up to date under a security point of view. Think about Debian Wheezy, using OpenVPN 2.2.1, updated for security purposes. Or even Debian Jessie, the current stable Debian distribution.

 

Eddie developers have circumvented the compatibility problem with older OpenVPN versions by emulating the directive effects as a DNS leak prevention on Eddie 2.11.1beta and higher (NOT on Eddie 2.10.3 or older versions),

 

Kind regards

Share this post


Link to post

The first thing I do when I download new ovpn files from the config generator is open them up in a text editor and paste ​block-outside-dns into them. Works like charm. Seems just as easy as using the advanced method to build them with the custom directive in the first place.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...