OpenVPN with NordVPN has DNS leak

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Yetanotherusername
Level 1
Level 1
Posts: 5
Joined: Fri Jan 05, 2018 3:13 pm

OpenVPN with NordVPN has DNS leak

Post by Yetanotherusername » Fri Jan 05, 2018 3:47 pm

Hi,

I am new to Linux which I have installed alongside my windows 10.

How do I solve a DNS leak with OpenVPN?

I have Linux Mint 18.3 Cinnamon and I use OpenVPN to connect to my NordVPN subscription using these instructions.
On this website I noticed I have a DNS leak. I do not have a leak using NordVPN in windows 10!
I googled for solutions and tried the following:
http://www.ubuntubuzz.com/2015/09/how-t ... linux.html
block-outside-dns
But I'm not even sure I did it correctly since I'm a noob and not familiar with all this techno jumbo lingo. For a start, it took me ages to find out how to be able to edit the nl126.nordvpn.com.udp.ovpn file with root privileges.

I hope there's an easy solution. I would love to move to Linux but my experience till now is that Windows is for the general (ignorant) public and linux is for the intelligent programmers.

Thanks in advance for the help.
There is no such thing as user friendliness. We have all become the slaves of the technology we created to serve us.

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Fri Jan 05, 2018 4:18 pm

I have been installing "bind9" like so.

Code: Select all

sudo apt-get install bind9
Edit your network connections and change IPv6 to Ignore.

Edit IPv4 to "Automatic DHCP Address only" and in DNS Servers: type in 127.0.0.1 and select save.

Code: Select all

sudo /etc/init.d/bind9 restart
Edit the configuration file:

Code: Select all

sudo nano /etc/NetworkManager/NetworkManager.conf
Find the line:

Code: Select all

dns=dnsmasq
Replace it with:

Code: Select all

#dns=dnsmasq
Save & close the file with Ctrl+O, Enter, Ctrl+X.

Reboot computer or restart NetworkManager

Restart NetworkManager:

Code: Select all

sudo systemctl restart NetworkManager
Go here to test for leaks with and without your VPN.

https://ipleak.net/

You should have no leaks with and without your VPN.

Been do this for years and 127.0.0.1 is your best friend.

and if you see "Your IP addresses - WebRTC detection"

goto the bottom of the page and it will show you how to fix that as well.

Edit: added a few lines about NetworkManager from my later post.
Last edited by sammiev on Sat Jan 06, 2018 12:22 am, edited 1 time in total.

User avatar
majpooper
Level 5
Level 5
Posts: 938
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: OpenVPN with NordVPN has DNS leak

Post by majpooper » Fri Jan 05, 2018 5:26 pm

dnscrypt is another way to eliminate dns leak and is in the LM repositories
dnscrypt also works well with OpenDNS although you can pick any number of resolvers.
I learned about in this thread
viewtopic.php?t=107096
which led me here and has be updated for LM 18.x
http://www.webupd8.org/2014/08/encrypt- ... -with.html

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Fri Jan 05, 2018 7:49 pm

Dnscrypt is a wonderful utility but it will not fix a DNS leak. It's more for man in the middle attack.

DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.

Non leaking VPN services do much the same.

Either way, a leaking DNS is just bad.

Yetanotherusername
Level 1
Level 1
Posts: 5
Joined: Fri Jan 05, 2018 3:13 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Yetanotherusername » Fri Jan 05, 2018 11:10 pm

This seemed to have worked except if I turn off my VPN (you said I will have no DNS leaks with and without vpn), webpages do not load.
There is no such thing as user friendliness. We have all become the slaves of the technology we created to serve us.

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Fri Jan 05, 2018 11:25 pm

Yetanotherusername wrote:This seemed to have worked except if I turn off my VPN (you said I will have no DNS leaks with and without vpn), webpages do not load.
Very easy fix,

Code: Select all

sudo nano /etc/NetworkManager/NetworkManager.conf
# dns=dnsmasq

add the # sign in front of dns=dnsmasq

Save and reboot or restart NetworkManager

GaryD
Level 1
Level 1
Posts: 34
Joined: Sun Jul 31, 2016 5:12 am

Re: OpenVPN with NordVPN has DNS leak

Post by GaryD » Sat Jan 06, 2018 9:59 am

I've used NordVPN to stream geo restricted videos. My simple workaround was to modify manually my DNS setting. I set to Google DNS and kaboom! DNS Leak gone.
Image
CPU: i7Core 920, Mobo: Gigabyte EX58-UD3R, Graphic Card: GTX 260

User avatar
phd21
Level 19
Level 19
Posts: 9291
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: OpenVPN with NordVPN has DNS leak

Post by phd21 » Sat Jan 06, 2018 3:42 pm

Hi "Yetanotherusername",

I just read your post and the good replies to it. Here are my thoughts on this as well.

Very interesting approach "sammiev" to resolve the DNS leaks.

Another option eluded by "GaryD", which I recommend everyone do anyway, is to just change your Local ISP's default DNS servers in your Network Manager to those provided by a neutral, secure, and anonymous DNS provider like "dns.watch", "opennic", "openDNS", "freenom world", etc... Google also has public DNS servers, but I prefer to use a more anonymous DNS provider. This way may not prevent a VPN DNS leak, but it hides your actual location among many other benefits, whether you connect to a VPN server or not... Even if your VPN leaks DNS information, it will show the DNS provider's servers not your local ISP ones, so you are still safe, secure, and anonymous. Some VPN providers also provide their own DNS servers to use.

Hope this helps ...
Last edited by phd21 on Sat Jan 06, 2018 4:18 pm, edited 1 time in total.
Phd21: Mint KDE 18.3 & 19, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

Pippin
Level 4
Level 4
Posts: 281
Joined: Wed Dec 13, 2017 11:14 am
Location: NL/DE/TH

Re: OpenVPN with NordVPN has DNS leak

Post by Pippin » Sat Jan 06, 2018 3:57 pm

Hi,

First check if you have resolvconf installed, if not install it.
Then you can add following lines to your OpenVPN config file:

Code: Select all

setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
and

Code: Select all

dhcp-option DNS put.dns.server.here
You can add multiple DNS server lines.

P.S.
block-outside-dns is for Windows only.
Everything is electric.

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Sat Jan 06, 2018 5:55 pm

phd21 wrote:Very interesting approach "sammiev" to resolve the DNS leaks.
Years a go a wise man who takes care of servers around the world showed me this method to use with paid vpn servers as an extra layer of protection.

It has severed me very well over the years of travel and living out of hotel rooms. :wink:

Dragon_Chaser
Level 1
Level 1
Posts: 11
Joined: Wed Jan 03, 2018 6:55 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Dragon_Chaser » Sat Jan 06, 2018 6:38 pm

majpooper wrote:dnscrypt is another way to eliminate dns leak and is in the LM repositories
dnscrypt also works well with OpenDNS although you can pick any number of resolvers.
I learned about in this thread
viewtopic.php?t=107096
which led me here and has be updated for LM 18.x
http://www.webupd8.org/2014/08/encrypt- ... -with.html
Thanks. That DNS leak issue has been bugging me for a while. Using dnscrypt and adding the 127.0.0.2 entry has worked like a charm.

User avatar
majpooper
Level 5
Level 5
Posts: 938
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: OpenVPN with NordVPN has DNS leak

Post by majpooper » Sat Jan 06, 2018 6:40 pm

Can someone help me understand this a little better - I am really confused at this point.
My configuration is :
VPN (Private Tunnel)
openvpn
dnscrypt using OpenDNS (CISCO) dns servers

Test results:
1.) Without the VPN and dnscrypt-proxy turned off - local ip and ISP DNS server ip
2.) VPN with dnscrypt-proxy turned off - VPN ip and VPN DNS server ip
3.) VPN with dnscrypt-proxy turned on - VPN ip and OpenDNS server ip
Questions:
2.) dnsleaktest.com indicates the VPN DNS servers - so no dns leak - correct?
3.) dnsleaktest.com indicates OpenDNS DNS servers from dnscrypt - dnsleak ?????
Last edited by majpooper on Sun Jan 07, 2018 12:18 pm, edited 3 times in total.

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Sat Jan 06, 2018 7:01 pm

3) Your using your VPN to connect to dnscrypt-proxy.

2) VPN from your computer to the VPN service.

1) Local IP to your ISP DNS server.

Yetanotherusername
Level 1
Level 1
Posts: 5
Joined: Fri Jan 05, 2018 3:13 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Yetanotherusername » Sun Jan 07, 2018 11:44 am

sammiev wrote:
Very easy fix,

Code: Select all

sudo nano /etc/NetworkManager/NetworkManager.conf
# dns=dnsmasq

add the # sign in front of dns=dnsmasq

Save and reboot or restart NetworkManager
OK sorry, I must have missed that hash in your first post. I am following instructions without knowing what I'm doing. For example:
When I "sudo systemctl restart NetworkManager" a new network connection appears (eno1 screenshot) and it connects to it automatically without vpn. eno1 has ipv4 set to automatic dhcp and contains several dns servers. It also has ipv6 set to automatic with some additional dns servers. Connection works fine but there is 3 things that I do not understand:
- why does the NordVPN server still appear on the ipleaks.net page even though VPN is checked off in the system tray (screenshots). Does this mean I do not need a NordVPN service and I am anonymous?
- on the ipleaks.net screenshot I circled a server in red that was not there yet yesterday (before adding # in front of dns=dnsmasq). When I click the ipv6 box that I circled in red, I can see my home town appear on that page. So I'm not protected then (dns leak)? After reboot I get connected to the default "wired connection 1" again with openvpn turned ON and eno1 is not there. When I then visit ipleaks.net I get the same as in screenshot with the circled ipv6 box. This box only disappears when deleting the # in front of dns=dnsmasq.
- do I need to reboot when I want to connect to "wired connection 1" + VPN again? Because when I click on this network and enable vpn, I cannot surf the web and need to reboot.

I am soooo tooootally lost in oblivion! Not a nice feeling at all. I don't drink but I need a beer now.
Attachments
ipleak.net.png
eno1.png
eno1.png (77.33 KiB) Viewed 7213 times
There is no such thing as user friendliness. We have all become the slaves of the technology we created to serve us.

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Sun Jan 07, 2018 3:59 pm

I see your main connection is eno1, that is the connection you need to edit.

IPv4 - Method - Automatic (DHCP) address only
- DNS Server: 127.0.0.1

IPv6 - Method - Ignore

Save

Code: Select all

sudo systemctl restart NetworkManager
or stop your Internet connection and restart.

then test https://ipleak.net/

Yetanotherusername
Level 1
Level 1
Posts: 5
Joined: Fri Jan 05, 2018 3:13 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Yetanotherusername » Sun Jan 07, 2018 4:25 pm

sammiev wrote:I see your main connection is eno1, that is the connection you need to edit.

IPv4 - Method - Automatic (DHCP) address only
- DNS Server: 127.0.0.1

IPv6 - Method - Ignore

Save

Code: Select all

sudo systemctl restart NetworkManager
or stop your Internet connection and restart.

then test https://ipleak.net/
OK and in "sudo nano /etc/NetworkManager/NetworkManager.conf" do I leave this so that it reads "#dns=dnsmasq" as you said by adding the #? Because when I visit ipleak.net I get 2 possibilities:
1. with #dns=dnsmasq : on the ipleak.net page I can see an IPv6 box (screenshot previous post) that leads to my home town which does not look anonymous to me?
2. with dns=dnsmasq : on the ipleak.net page the IPv6 box is no longer present and only my VPN's IPv4 address and DNS address show. Which is what you're supposed to see if you want to be anonymous with no DNS leak, am I correct?
There is no such thing as user friendliness. We have all become the slaves of the technology we created to serve us.

User avatar
sammiev
Level 4
Level 4
Posts: 370
Joined: Sat May 19, 2012 12:16 pm

Re: OpenVPN with NordVPN has DNS leak

Post by sammiev » Sun Jan 07, 2018 4:43 pm

#dns=dnsmasq is correct in /etc/NetworkManager/NetworkManager.conf

on the ipleak.net page the IPv6 box is no longer present and only my VPN's IPv4 address and DNS address show --> correct

Your IP address and DNS address should all be one of the same which means - No DNS Leak :D

Now check for leaks with/without the VPN -- You will have No DNS Leaks both ways.

Enjoy

Rubin_Farr
Level 1
Level 1
Posts: 33
Joined: Sun Jul 09, 2017 3:50 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Rubin_Farr » Sun Jan 07, 2018 7:54 pm

There has been an outstanding bug with Ubuntu that will cause DNS leaks. Bug report

I don't know if this is why you are getting leaks. To work around this particular bug, if you have it, you have to install an older network-manager and resolvconf and and hold it from getting updated. Ubuntu/Canonical has been freakishly slow addressing this bug.

Code: Select all

sudo apt-get install resolvconf=1.78ubuntu2

sudo apt install network-manager/xenial-security


sudo apt-mark hold network-manager  (or unhold)
sudo apt-mark hold resolvconf

Yetanotherusername
Level 1
Level 1
Posts: 5
Joined: Fri Jan 05, 2018 3:13 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Yetanotherusername » Mon Jan 08, 2018 1:00 pm

Rubin_Farr wrote:There has been an outstanding bug with Ubuntu that will cause DNS leaks. Bug report

I don't know if this is why you are getting leaks. To work around this particular bug, if you have it, you have to install an older network-manager and resolvconf and and hold it from getting updated. Ubuntu/Canonical has been freakishly slow addressing this bug.

Code: Select all

sudo apt-get install resolvconf=1.78ubuntu2

sudo apt install network-manager/xenial-security


sudo apt-mark hold network-manager  (or unhold)
sudo apt-mark hold resolvconf
Wow, finally a solution that works. I almost gave up linux since I have other pending problems to be solved. I entered your 4 lines in the terminal and reboot. Then I went to https://www.dnsleaktest.com/ and https://ipleak.net/ to test. I also reverted "sudo nano /etc/NetworkManager/NetworkManager.conf" to default settings reading dns=dnsmasq instead of #dns=dnsmasq. I left all the rest as posted in sammiev's instructions. So to summarise the solution for those that may face the same issue:

Code: Select all

sudo apt-get install bind9
Bottom right - Network connection icon - edit your connection: change IPv6 to Ignore
Edit IPv4 to "Automatic DHCP Address only" and in DNS Servers: type in 127.0.0.1 and select save

Code: Select all

sudo /etc/init.d/bind9 restart
Older network drivers:

Code: Select all

sudo apt-get install resolvconf=1.78ubuntu2
sudo apt install network-manager/xenial-security
sudo apt-mark hold network-manager  /**(or unhold)**/
sudo apt-mark hold resolvconf
Reboot
Test DNS leak at:
https://www.dnsleaktest.com/
https://ipleak.net/
IPleak.png
Network connection IPv6.png
Network connection IPv4.png
There is no such thing as user friendliness. We have all become the slaves of the technology we created to serve us.

Pat D
Level 4
Level 4
Posts: 360
Joined: Thu Jul 14, 2016 2:31 pm

Re: OpenVPN with NordVPN has DNS leak

Post by Pat D » Mon Jan 08, 2018 3:34 pm

Excellent.
Thank you sammiev.

I no longer have a DNS leak. :D :D

Post Reply

Return to “Newbie Questions”