DNS Leaking when using VPN

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
anotheri
Level 1
Level 1
Posts: 15
Joined: Mon Jan 22, 2018 11:34 pm

DNS Leaking when using VPN

Post by anotheri » Mon Jan 29, 2018 2:48 am

So I just got started using a VPN, Mint 18.2 x64 is my OS,

I'm using VyprVPN, using the OpenVPN "protocol" if that's what it's called on Mint.

I set it up using this page on their website, following exactly to a T what they said.

https://support.goldenfrog.com/hc/en-us ... ux-Ubuntu-

It was meant for Ubuntu but seeing as Mint is based on Ubuntu and the features are all pretty much the same down to the menu, it was relatively easy. Easier in some ways as ALL the openvpn packages were already installed by default in Mint 18.2.

Works perfectly, speedtest.net, and whatever what is my IP websites would read my IP as whatever I would set it EXCEPT when I would go on the various DNS Leak checker websites my VPN's server would show up as well as my local ISP's. Sometimes even with the VPN connected, I would get 4 or more of my local ISP's servers/addresses showing up.

I used these two DNS checkers.

https://www.dnsleaktest.com/
http://ipleak.com/

So I freaked out a bit, and starting digging around the net. Most of the solutions were for Windows, and what little solutions were for Linux seemed to be based around Ubuntu, which while similar was confusing for me when trying to implement the solutions.

Two things I did, one seemed to do nothing and the other seemed to work...

I updated the stock update-resolv-conf file in /etc/openvpn
with this little line of code at the end

script-security 2

Code: Select all

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
This was based on this guys post on this site

http://www.ubuntubuzz.com/2015/09/how-t ... linux.html

I could not understand what he meant in his final step #2 by

Code: Select all

2. Run The .ovpn File

sudo openvpn --config name_of_your_file.ovpn
So I couldn't do it, and hence nothing happened.

Second solution that seemed to work was this youtube video where some guy basically showed himself in Ubuntu

Doing

sudo apt-get openresolv nscd


I did that, installed "openresolv nscd", it created a file called "update-resolv-conf.save" in my home directory and that's it.

I wasn't expecting anything but after that every DNS leak checker website I looked at could not expose my local ISP, it seemed my VPN was working fully and only it's address was being displayed. Good right?

So what is the proper way to go about this? Did I actually end up fixing the problem? I'm worried I might have just done some kind of band aid fix and I am not actually anonymous when using my VPN.

If this did somehow fix the issue it would be helpful to understand what exactly happened and what changed what.

If this is not the correct solution, and somebody knows how to stop the DNS leaks please help.


Really the goal here is using the VPN to the fullest extent for protection. Which seems a lot easier on Win/OSX, as most VPN providers all hand out proprietary software applets that allow you to control everything through a nice GUI, where as in Linux I'm stuck editing text files and messing around with OpenVPN.

User avatar
catweazel
Level 14
Level 14
Posts: 5204
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: DNS Leaking when using VPN

Post by catweazel » Mon Jan 29, 2018 3:05 am

anotheri wrote:If this is not the correct solution, and somebody knows how to stop the DNS leaks please help.
From one of the links you posted above...

https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

Try the openvpn solution.
A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it. - Max Planck

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: DNS Leaking when using VPN

Post by sammiev » Mon Jan 29, 2018 9:42 am

Here is a read you maybe interested in, been using it for years without any DNS leak.

viewtopic.php?f=90&t=260970

anotheri
Level 1
Level 1
Posts: 15
Joined: Mon Jan 22, 2018 11:34 pm

Re: DNS Leaking when using VPN

Post by anotheri » Wed Jan 31, 2018 4:58 am

catweazel wrote:
anotheri wrote:If this is not the correct solution, and somebody knows how to stop the DNS leaks please help.
From one of the links you posted above...

https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

Try the openvpn solution.
What exactly is the "openvpn" solution, I am using openvpn as it came installed in Mint.

That page says that as of version 2.3.9 you can prevent DNS leaks by opening the .conf (or .ovpn) file for the server that I am connecting to and adding "block-outside-dns" to it.

I am using OpenVPN version 2.3.10 as per whats listed in my Software Manager as installed.

I never set up my VPN using a .opvn file, as I said in the OP I set it up using exactly this tutorial my VPN provider had.
https://support.goldenfrog.com/hc/en-us ... ux-Ubuntu-

This method involves using ca.vyprvpn.com.crt file for the key. I do not have a .opvn file.


I was able to find VyprVPN's .opvn file download page
https://support.goldenfrog.com/hc/en-us ... VPN-files-

I figured the .opvn files are some kind of config file, like a bookmark file for a web browser (correct me if I am wrong here please), since when setting up OpenVPN you can pick your config by "importing" the file and it sets everything up for you.

I picked the 256bit config, imported the file. Opened the file later, and added the "block-outside-dns" to it.


I have not gotten around to testing it yet. I will report back soon.



With all of that being said. The whole thing that sketches me out in all of this is the repeatability.

The way I first set my VPN up using the instructions in the first link in this post, with the extra resolve-conf update file downloaded... My VPN does not seem to leak 90% of the time, out of all the sites I test it on.


Then all of a sudden I'll test it, and it'll show my local ISP servers 6 in a row, with my 1 VPN server as well. So the DNS is leaking, didn't change anything

It especially likes to leak if I disconnect for whatever reason and then re-connect, or change the location/servers for my VPN. It'll leak like hell, and then somehow "settle in" and stop leaking. Or so the test websites show anyway.

User avatar
catweazel
Level 14
Level 14
Posts: 5204
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: DNS Leaking when using VPN

Post by catweazel » Wed Jan 31, 2018 6:28 am

anotheri wrote:
catweazel wrote:
anotheri wrote:If this is not the correct solution, and somebody knows how to stop the DNS leaks please help.
From one of the links you posted above...

https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

Try the openvpn solution.
What exactly is the "openvpn" solution
It's documented right there on the page.
As of OpenVPN version 2.3.9 you can now prevent DNS leaks by specifying a new OpenVPN option. Simply open the .conf (or .ovpn) file for the server that you are connecting to and add the following on a new line. For more information see the OpenVPN manual.

Code: Select all

block-outside-dns
If for any reason you are unable to use the solution above continue reading.
I have not gotten around to testing it yet.
I have. It works. Simply edit the config file you import to create a connection.
A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it. - Max Planck

anotheri
Level 1
Level 1
Posts: 15
Joined: Mon Jan 22, 2018 11:34 pm

Re: DNS Leaking when using VPN

Post by anotheri » Wed Feb 07, 2018 4:41 am

Okay so I added block-outside-dns to my .ovpn, it sort of seemed to work but after connecting/disconnecting quickly and then testing my DNS using a few websites I did manage to get my DNS to leak.

I did the steps outlined in the thread sammiev linked to.

viewtopic.php?f=90&t=260970

I added the following to my .ovpn file

Code: Select all

 script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf 
I also edited

/etc/NetworkManager/NetworkManager.conf

to

#dns=dnsmasq

I had to go even further though...

I had to disable IPV6 on my router/modem in the network manager, the "wired" connection showed in the network manager, as well as on the VPN.

I had to edit the IPV4 settings for the listed router, "wired" connection and VPN in the network manager to Address = Automatic DHCP AND change the DNS server address to 127.0.0.1 for all of them.

My /etc/resolv.conf file is already as such.

Code: Select all

 # Generated by resolvconf
search home
nameserver 127.0.0.1 
The only thing I did not do is install "bind9", no idea what it is.

It would appear that after all of that my DNS is no longer leaking after doing about 50 tests over the course of a few days. I will keep an eye though.



One thing that worries me though is if I look at my network configurations with the command ifconfig
it shows my tun0 as this...

Code: Select all

  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.3.34.118  P-t-P:10.3.34.118  Mask:255.255.255.0
          inet6 addr: fe80::578e:6633:9b37:e121/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:4288 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4301 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:3249945 (3.2 MB)  TX bytes:382626 (382.6 KB) 

I have no idea what any of that means except for "POINTTOPOINT", as in POINT TO POINT TUNNELING PROTOCOL.

My VPN is supposed to offer OpenVPN 256bit encryption and I'm pretty sure that's the way I set it up but I know they do have a PPTP option.


Does this mean I am using PPTP and not OpenVPN 256bit encryption?

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: DNS Leaking when using VPN

Post by sammiev » Wed Feb 07, 2018 1:12 pm

The idea of bind9 is to stop the dns leak by using bind9 and 127.0.0.1

This will stop dns leaking without even using a VPN.

After installing the VPN there should be no leaks there as well and if there is, it's your vpn provider that has a leaking dns.

Included are a few pics.

Image
pic of no vpn and no dns leak

Image
pic of vpn and no dns leak

Image

Image
pics of connection

User avatar
majpooper
Level 5
Level 5
Posts: 549
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: DNS Leaking when using VPN

Post by majpooper » Wed Feb 07, 2018 5:23 pm

Install dnscrypt from the software manager - I use dnscrypt and no DNS leak weather I use my VPN or not.

Charlie
Level 4
Level 4
Posts: 237
Joined: Sun Jul 09, 2017 10:09 am
Location: Eng-er-land

Re: DNS Leaking when using VPN

Post by Charlie » Fri Feb 09, 2018 8:31 am

majpooper wrote:
Wed Feb 07, 2018 5:23 pm
Install dnscrypt from the software manager - I use dnscrypt and no DNS leak weather I use my VPN or not.
Is it possible to use dnscrypt and Bind9 together? I am happily using Bind9 alone at the moment.

User avatar
sammiev
Level 4
Level 4
Posts: 369
Joined: Sat May 19, 2012 12:16 pm

Re: DNS Leaking when using VPN

Post by sammiev » Fri Feb 09, 2018 10:02 am

Charlie wrote:
Fri Feb 09, 2018 8:31 am
majpooper wrote:
Wed Feb 07, 2018 5:23 pm
Install dnscrypt from the software manager - I use dnscrypt and no DNS leak weather I use my VPN or not.
Is it possible to use dnscrypt and Bind9 together? I am happily using Bind9 alone at the moment.
Nope, bind9 will not work with dnscrypt.

Dnscrypt uses there own type of bind9.

It's like using Dnscrypt and a VPN, the VPN runs along side of Dnscrypt, not inside.

I had a test machine on Dnscrypt for months and it worked very well, a few times there was a dns leak ( usually in the evening ) but it's free.

Use Dnscrypt or a VPN, whatever works best for you. :wink:

Charlie
Level 4
Level 4
Posts: 237
Joined: Sun Jul 09, 2017 10:09 am
Location: Eng-er-land

Re: DNS Leaking when using VPN

Post by Charlie » Fri Feb 09, 2018 10:10 am

sammiev wrote:
Fri Feb 09, 2018 10:02 am
Charlie wrote:
Fri Feb 09, 2018 8:31 am
majpooper wrote:
Wed Feb 07, 2018 5:23 pm
Install dnscrypt from the software manager - I use dnscrypt and no DNS leak weather I use my VPN or not.
Is it possible to use dnscrypt and Bind9 together? I am happily using Bind9 alone at the moment.
Nope, bind9 will not work with dnscrypt.

Dnscrypt uses there own type of bind9.

It's like using Dnscrypt and a VPN, the VPN runs along side of Dnscrypt, not inside.

I had a test machine on Dnscrypt for months and it worked very well, a few times there was a dns leak ( usually in the evening ) but it's free.

Use Dnscrypt or a VPN, whatever works best for you. :wink:
Thanks for the explanation. At the moment I use a VPN via OpenVPN which I run on my router. I use Bind9 on my laptop which I learned about by reading this thread actually. I just thought it might be nice to encrypt DNS traffic also. I will stay as I am I think, now I know the situation.

User avatar
trytip
Level 6
Level 6
Posts: 1294
Joined: Tue Jul 05, 2016 1:20 pm

Re: DNS Leaking when using VPN

Post by trytip » Fri Feb 09, 2018 10:36 am

do you have a .ovpn certificate? if so open file manager where it is, rightclick an empty space in the file manager where your .ovpn is open terminal here and then sudo openvpn --config FreeVPN.me-TCP80.ovpn replace FreeVPN.me-TCP80.ovpn with your certificate name
Image

Charlie
Level 4
Level 4
Posts: 237
Joined: Sun Jul 09, 2017 10:09 am
Location: Eng-er-land

Re: DNS Leaking when using VPN

Post by Charlie » Fri Feb 09, 2018 11:23 am

I learned recently that if you use DNS on your router, this may only apply to dd-wrt flashed versions, but probably includes all, and if you do not set all three DNS options, for example

Code: Select all

8.8.8.8, 8.8.4.4, 4.2.2.1
and leave any with the default

Code: Select all

0.0.0.0
then if your chosen DNS servers fail it will use your ISP default DNS server. So I always make sure to set all three. That could cause a leak or be considered a leak. This MAY also apply to Linux Mint, though I am not sure about that.

Post Reply

Return to “Other networking topics”