Jump to content
Not connected, Your IP: 3.145.74.54
AirVPN
gfdgfdgfd454asaakhj

Using the .ovpn conf file on linux lead to DNS LEAK!

By gfdgfdgfd454asaakhj, ... in Troubleshooting and Problems

Recommended Posts

gfdgfdgfd454asaakhj    0

gfdgfdgfd454asaakhj
Posted ...

Im downloading the .ovpn files generated by the site and adding them to openvpn on linux.

However https://dnsleaktest.com/ correctly identifies my ISP!

 

I tried couple of tutorials online to fix that leak by adding lines to the .ovpn file and reimporting it but it still leaks.

 

How to fix it and why openVPN is providing files that lead to a leak?!

Share this post

Link to post

Staff    9761

Staff
Posted ...

Hello!

 

Since DNS leaks do not exist in GNU/Linux (or in other systems, except Windows) it's first necessary to understand what you mean with your message.

 

The servers DNS push is not considered in OpenVPN for GNU/Linux so, if you don't take care of it, your nameservers will remain set with no modifications. Check /etc/resolv.conf file. If they are remote servers (not in your LAN) the DNS queries will be tunneled anyway. Local traffic will keep going on as usual, so if your GNU/Linux box queries your router and then your router forwards the query to some external DNS server, you have a DNS query (from the router) not in the tunnel, but that's has nothing to do with DNS leaks.

 

If that's the issue you report, you can consider to accept DNS push. Some ideas can come from our guide https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/, otherwise you can consider to run Eddie, the AirVPN free and open source software client, which will take care of DNS push in GNU/Linux.

 

Kind regards

Share this post

Link to post

gfdgfdgfd454asaakhj    0

gfdgfdgfd454asaakhj
Posted ...

I mean that when I visit site like dns leak it shows my actual ISP

 

resolv.conf has nameserver 127.0.0.53
 

so i guess that is my router, which is set to auto and i guess it automatically gets my ISP dns servers and hence the "leak"

 

I clicked on your guide but it seems to refer a case where open vpn is run directly and i use the gui in Gnome to import your ovpn files

 

so in that case what i can do to prevent that "leak"  (yes i get it is not a leak according to you hence the quotes, but the end customer doesnt care about semantics but if he is trully protected)

Share this post

Link to post

Staff    9761

Staff
Posted ...

I clicked on your guide but it seems to refer a case where open vpn is run directly and i use the gui in Gnome to import your ovpn files

 

Hello!

 

If you run network-manager-openvpn please consider to switch to Eddie (the free and open source Air software client) or to direct OpenVPN usage. We don't feel to recommend network-manager-openvpn because in the past it caused too many problems.

 

 

so in that case what i can do to prevent that "leak"  (yes i get it is not a leak according to you hence the quotes, but the end customer doesnt care about semantics but if he is trully protected)

 

You would need a script to modify your resolv.conf if network-manager-openvpn can't do that by accepting the DNS push, but a faster and easier solution might be just running Eddie, for example. What is your GNU/Linux distribution name and version?

 

Kind regards

Share this post

Link to post

go558a83nk    352

go558a83nk
Posted ...

I would prefer to stick to the network-manager-openvpn since it's much more tested and widely used than your client.

So, is there a solution to prevent this DNS issue with it?

 

Sigh.  Did you even read what they wrote to you?  Quote from their reply "You would need a script to modify your resolv.conf if network-manager-openvpn can't do that by accepting the DNS push". 

 

There is your answer.

 

Not everything will be done for you in life.  Sometimes you must put in a little effort.

corrado reacted to this

Share this post

Link to post

corrado    100

corrado
Posted ...

I would prefer to stick to the network-manager-openvpn since it's much more tested and widely used than your client.

 

The reason for that I suppose is that many VPN providers do not bother offering OpenVPN clients for GNU/Linux. Whether it is more tested or not, the network-manager plugin itself offers far less in terms of functionality and no leak protection as you have experienced yourself. This is one reason why it is not recommended. Secondly, OpenVPN frontends such as Eddie or my application use an unmodified OpenVPN executable (just as network-manager-openvpn - check the dependencies) which gets audited and tested while also taking care of setting the correct DNS servers, prevent ipv6 leaks and so on. Both are open source, too.

 

The Arch Wiki is a good starting point to learn how to set DNS servers with OpenVPN - the information there is applicable to other distributions, too.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...