OpenVpn config generator suggestion

[Listing 2]

​I recently learned that newer openvpn versions support the

​

​block-outside-dns

​

​command that fixes dns leaks. After modifying the openvpn config generated by the user control panel and adding that line my dns leaks are gone.

​I would recommend making this the default or at least adding a checkmark box to add this option.

[zhang888 1066]

You can always use the Advanced checkbox and put it in the custom directives.

There are a few issues with making this particular directive global, first of all older

clients will throw an unsupported directive error and it will be confusing, second

thing is that DNS leaks should be solved at a more comprehensive method rather

than patches that apply only when the client is running.

A more complete solution is setting the VPN DNS server on all of your adapters,

or using firewall rules/network lock to restrict traffic only to your VPN gateway.

 

Windows users (where DNS leaks happen) are encouraged to use Eddie, which

solves this problem at the root cause, without relying on 3d party software.

[Listing 2]

Thanks for the explaination. I see your point with outdated clients, that pretty much answers my question why it was not default

​

​While you it is probably insecure to use outdated openvpn clients I guess there may be some routers or other things that enforce working with outdated versions.

[Staff 9972]

​While you it is probably insecure to use outdated openvpn clients I guess there may be some routers or other things that enforce working with outdated versions.

 

In repositories, you can have old OpenVPN versions that are perfectly up to date under a security point of view. Think about Debian Wheezy, using OpenVPN 2.2.1, updated for security purposes. Or even Debian Jessie, the current stable Debian distribution.

 

Eddie developers have circumvented the compatibility problem with older OpenVPN versions by emulating the directive effects as a DNS leak prevention on Eddie 2.11.1beta and higher (NOT on Eddie 2.10.3 or older versions),

 

Kind regards

[Khariz 109]

The first thing I do when I download new ovpn files from the config generator is open them up in a text editor and paste ​block-outside-dns into them. Works like charm. Seems just as easy as using the advanced method to build them with the custom directive in the first place.