Jump to content
Not connected, Your IP: 54.224.124.217
smegma

DNS leaks running OpenVPN directly

Recommended Posts

I want to run openvpn directly because Eddie is too cpu intensive on my machine but I keep getting dns leaks. I am on manjaro linux 17.01 and have tried a number of methods: update-systemd-resolved scripts, adding 10.4.0.1 directly to the resolv.conf, etc. I've tried to read the arch wiki but I just end up frustrated and confused every single time. 

Share this post


Link to post

OK then try this

 

Add this to your ovpn file

script-security 2
up /etc/openvpn/add_rule.sh
down /etc/openvpn/del_rule.sh
 

Create the file /etc/openvpn/add_rule.sh with:

#!/bin/sh
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 10.4.0.1:53
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 10.4.0.1:53
 

And create the file /etc/openvpn/del_rule.sh with:

#!/bin/sh
iptables -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 10.4.0.1:53
iptables -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 10.4.0.1:53
 

Type these in a terminal window:

sudo chmod +x /etc/openvpn/add_rule.sh
sudo chmod +x /etc/openvpn/del_rule.sh

 

Re-try with ipleak.net, it should work now.

Share this post


Link to post

I tried and its not resolving dns now. Do I need to open ports for the dns? I was just doing generic UDP 443 for the config

Share this post


Link to post

Have you modified your DNS setup?

Does your system check for DNSSEC or anything specifically?

Otherwise that must work

Share this post


Link to post

No I haven't. I got your method working by prepending 10.4.0.1 to my resolv.conf file so far. I didn't realise it wasn't doing that automatically. How do I go about automating the overwrite? 

Share this post


Link to post

I tried and its not resolving dns now. Do I need to open ports for the dns? I was just doing generic UDP 443 for the config

Same problem here. Using Parabola Arch 4.10.3

Share this post


Link to post

There seems to be a problem with OpenVPN and DNS in Arch/Manjaro. See here.

I don't use Arch so I can't be of any help!

Unless someone else here knows how Arch works you're more likely to get help from Arch users in its forums, they surely know how it handles DNS when using OpenVPN.

Share this post


Link to post

My method of manually prepending 10.4.0.1 to the resolv.conf after adding your solution seems to have been working all day, I have tested on ipleak multiple times and haven't seen any dns leaks

Share this post


Link to post

Very surprising but I'm glad you carried it off!

As I said, I don't know how Arch works but in most distributions there's a process (generally network-manager) that regularly overwrites changes in resolv.conf

So be careful.

Share this post


Link to post

My method of manually prepending 10.4.0.1 to the resolv.conf after adding your solution seems to have been working all day, I have tested on ipleak multiple times and haven't seen any dns leaks

This solved it also for me thank you! Basically prepending the dns server seems to work. However what happens when I am not connected to the vpn? Does the system not find the dns server of airvpn?

Share this post


Link to post

I assume it just skips over the 10.4.0.1 and uses whatever default dns you had set up under that. When you reset you may have to prepend again or use chattr +i or one of the other methods in arch wiki

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...