OpenVPN with NordVPN has DNS leak
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
OpenVPN with NordVPN has DNS leak
Hi,
I am new to Linux which I have installed alongside my windows 10.
How do I solve a DNS leak with OpenVPN?
I have Linux Mint 18.3 Cinnamon and I use OpenVPN to connect to my NordVPN subscription using these instructions.
On this website I noticed I have a DNS leak. I do not have a leak using NordVPN in windows 10!
I googled for solutions and tried the following:
http://www.ubuntubuzz.com/2015/09/how-t ... linux.html
block-outside-dns
But I'm not even sure I did it correctly since I'm a noob and not familiar with all this techno jumbo lingo. For a start, it took me ages to find out how to be able to edit the nl126.nordvpn.com.udp.ovpn file with root privileges.
I hope there's an easy solution. I would love to move to Linux but my experience till now is that Windows is for the general (ignorant) public and linux is for the intelligent programmers.
Thanks in advance for the help.
I am new to Linux which I have installed alongside my windows 10.
How do I solve a DNS leak with OpenVPN?
I have Linux Mint 18.3 Cinnamon and I use OpenVPN to connect to my NordVPN subscription using these instructions.
On this website I noticed I have a DNS leak. I do not have a leak using NordVPN in windows 10!
I googled for solutions and tried the following:
http://www.ubuntubuzz.com/2015/09/how-t ... linux.html
block-outside-dns
But I'm not even sure I did it correctly since I'm a noob and not familiar with all this techno jumbo lingo. For a start, it took me ages to find out how to be able to edit the nl126.nordvpn.com.udp.ovpn file with root privileges.
I hope there's an easy solution. I would love to move to Linux but my experience till now is that Windows is for the general (ignorant) public and linux is for the intelligent programmers.
Thanks in advance for the help.
Re: OpenVPN with NordVPN has DNS leak
I have been installing "bind9" like so.
Edit your network connections and change IPv6 to Ignore.
Edit IPv4 to "Automatic DHCP Address only" and in DNS Servers: type in 127.0.0.1 and select save.
Edit the configuration file:
Find the line:
Replace it with:
Save & close the file with Ctrl+O, Enter, Ctrl+X.
Reboot computer or restart NetworkManager
Restart NetworkManager:
Go here to test for leaks with and without your VPN.
https://ipleak.net/
You should have no leaks with and without your VPN.
Been do this for years and 127.0.0.1 is your best friend.
and if you see "Your IP addresses - WebRTC detection"
goto the bottom of the page and it will show you how to fix that as well.
Edit: added a few lines about NetworkManager from my later post.
Code: Select all
sudo apt-get install bind9
Edit IPv4 to "Automatic DHCP Address only" and in DNS Servers: type in 127.0.0.1 and select save.
Code: Select all
sudo /etc/init.d/bind9 restart
Code: Select all
sudo nano /etc/NetworkManager/NetworkManager.conf
Code: Select all
dns=dnsmasq
Code: Select all
#dns=dnsmasq
Reboot computer or restart NetworkManager
Restart NetworkManager:
Code: Select all
sudo systemctl restart NetworkManager
https://ipleak.net/
You should have no leaks with and without your VPN.
Been do this for years and 127.0.0.1 is your best friend.
and if you see "Your IP addresses - WebRTC detection"
goto the bottom of the page and it will show you how to fix that as well.
Edit: added a few lines about NetworkManager from my later post.
Last edited by sammiev on Sat Jan 06, 2018 12:22 am, edited 1 time in total.
Re: OpenVPN with NordVPN has DNS leak
dnscrypt is another way to eliminate dns leak and is in the LM repositories
dnscrypt also works well with OpenDNS although you can pick any number of resolvers.
I learned about in this thread
viewtopic.php?t=107096
which led me here and has be updated for LM 18.x
http://www.webupd8.org/2014/08/encrypt- ... -with.html
dnscrypt also works well with OpenDNS although you can pick any number of resolvers.
I learned about in this thread
viewtopic.php?t=107096
which led me here and has be updated for LM 18.x
http://www.webupd8.org/2014/08/encrypt- ... -with.html
Re: OpenVPN with NordVPN has DNS leak
Dnscrypt is a wonderful utility but it will not fix a DNS leak. It's more for man in the middle attack.
DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.
Non leaking VPN services do much the same.
Either way, a leaking DNS is just bad.
DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.
Non leaking VPN services do much the same.
Either way, a leaking DNS is just bad.
Re: OpenVPN with NordVPN has DNS leak
This seemed to have worked except if I turn off my VPN (you said I will have no DNS leaks with and without vpn), webpages do not load.
Re: OpenVPN with NordVPN has DNS leak
Very easy fix,Yetanotherusername wrote:This seemed to have worked except if I turn off my VPN (you said I will have no DNS leaks with and without vpn), webpages do not load.
Code: Select all
sudo nano /etc/NetworkManager/NetworkManager.conf
add the # sign in front of dns=dnsmasq
Save and reboot or restart NetworkManager
Re: OpenVPN with NordVPN has DNS leak
I've used NordVPN to stream geo restricted videos. My simple workaround was to modify manually my DNS setting. I set to Google DNS and kaboom! DNS Leak gone.
CPU: i7Core 920, Mobo: Gigabyte EX58-UD3R, Graphic Card: GTX 260
Re: OpenVPN with NordVPN has DNS leak
Hi "Yetanotherusername",
I just read your post and the good replies to it. Here are my thoughts on this as well.
Very interesting approach "sammiev" to resolve the DNS leaks.
Another option eluded by "GaryD", which I recommend everyone do anyway, is to just change your Local ISP's default DNS servers in your Network Manager to those provided by a neutral, secure, and anonymous DNS provider like "dns.watch", "opennic", "openDNS", "freenom world", etc... Google also has public DNS servers, but I prefer to use a more anonymous DNS provider. This way may not prevent a VPN DNS leak, but it hides your actual location among many other benefits, whether you connect to a VPN server or not... Even if your VPN leaks DNS information, it will show the DNS provider's servers not your local ISP ones, so you are still safe, secure, and anonymous. Some VPN providers also provide their own DNS servers to use.
Hope this helps ...
I just read your post and the good replies to it. Here are my thoughts on this as well.
Very interesting approach "sammiev" to resolve the DNS leaks.
Another option eluded by "GaryD", which I recommend everyone do anyway, is to just change your Local ISP's default DNS servers in your Network Manager to those provided by a neutral, secure, and anonymous DNS provider like "dns.watch", "opennic", "openDNS", "freenom world", etc... Google also has public DNS servers, but I prefer to use a more anonymous DNS provider. This way may not prevent a VPN DNS leak, but it hides your actual location among many other benefits, whether you connect to a VPN server or not... Even if your VPN leaks DNS information, it will show the DNS provider's servers not your local ISP ones, so you are still safe, secure, and anonymous. Some VPN providers also provide their own DNS servers to use.
Hope this helps ...
Last edited by phd21 on Sat Jan 06, 2018 4:18 pm, edited 1 time in total.
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: OpenVPN with NordVPN has DNS leak
Hi,
First check if you have resolvconf installed, if not install it.
Then you can add following lines to your OpenVPN config file:
and
You can add multiple DNS server lines.
P.S.
block-outside-dns is for Windows only.
First check if you have resolvconf installed, if not install it.
Then you can add following lines to your OpenVPN config file:
Code: Select all
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
Code: Select all
dhcp-option DNS put.dns.server.here
P.S.
block-outside-dns is for Windows only.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
Re: OpenVPN with NordVPN has DNS leak
Years a go a wise man who takes care of servers around the world showed me this method to use with paid vpn servers as an extra layer of protection.phd21 wrote:Very interesting approach "sammiev" to resolve the DNS leaks.
It has severed me very well over the years of travel and living out of hotel rooms.
Re: OpenVPN with NordVPN has DNS leak
Thanks. That DNS leak issue has been bugging me for a while. Using dnscrypt and adding the 127.0.0.2 entry has worked like a charm.majpooper wrote:dnscrypt is another way to eliminate dns leak and is in the LM repositories
dnscrypt also works well with OpenDNS although you can pick any number of resolvers.
I learned about in this thread
viewtopic.php?t=107096
which led me here and has be updated for LM 18.x
http://www.webupd8.org/2014/08/encrypt- ... -with.html
Re: OpenVPN with NordVPN has DNS leak
Can someone help me understand this a little better - I am really confused at this point.
My configuration is :
VPN (Private Tunnel)
openvpn
dnscrypt using OpenDNS (CISCO) dns servers
Test results:
1.) Without the VPN and dnscrypt-proxy turned off - local ip and ISP DNS server ip
2.) VPN with dnscrypt-proxy turned off - VPN ip and VPN DNS server ip
3.) VPN with dnscrypt-proxy turned on - VPN ip and OpenDNS server ip
Questions:
2.) dnsleaktest.com indicates the VPN DNS servers - so no dns leak - correct?
3.) dnsleaktest.com indicates OpenDNS DNS servers from dnscrypt - dnsleak ?????
My configuration is :
VPN (Private Tunnel)
openvpn
dnscrypt using OpenDNS (CISCO) dns servers
Test results:
1.) Without the VPN and dnscrypt-proxy turned off - local ip and ISP DNS server ip
2.) VPN with dnscrypt-proxy turned off - VPN ip and VPN DNS server ip
3.) VPN with dnscrypt-proxy turned on - VPN ip and OpenDNS server ip
Questions:
2.) dnsleaktest.com indicates the VPN DNS servers - so no dns leak - correct?
3.) dnsleaktest.com indicates OpenDNS DNS servers from dnscrypt - dnsleak ?????
Last edited by majpooper on Sun Jan 07, 2018 12:18 pm, edited 3 times in total.
Re: OpenVPN with NordVPN has DNS leak
3) Your using your VPN to connect to dnscrypt-proxy.
2) VPN from your computer to the VPN service.
1) Local IP to your ISP DNS server.
2) VPN from your computer to the VPN service.
1) Local IP to your ISP DNS server.
Re: OpenVPN with NordVPN has DNS leak
OK sorry, I must have missed that hash in your first post. I am following instructions without knowing what I'm doing. For example:sammiev wrote:
Very easy fix,
# dns=dnsmasqCode: Select all
sudo nano /etc/NetworkManager/NetworkManager.conf
add the # sign in front of dns=dnsmasq
Save and reboot or restart NetworkManager
When I "sudo systemctl restart NetworkManager" a new network connection appears (eno1 screenshot) and it connects to it automatically without vpn. eno1 has ipv4 set to automatic dhcp and contains several dns servers. It also has ipv6 set to automatic with some additional dns servers. Connection works fine but there is 3 things that I do not understand:
- why does the NordVPN server still appear on the ipleaks.net page even though VPN is checked off in the system tray (screenshots). Does this mean I do not need a NordVPN service and I am anonymous?
- on the ipleaks.net screenshot I circled a server in red that was not there yet yesterday (before adding # in front of dns=dnsmasq). When I click the ipv6 box that I circled in red, I can see my home town appear on that page. So I'm not protected then (dns leak)? After reboot I get connected to the default "wired connection 1" again with openvpn turned ON and eno1 is not there. When I then visit ipleaks.net I get the same as in screenshot with the circled ipv6 box. This box only disappears when deleting the # in front of dns=dnsmasq.
- do I need to reboot when I want to connect to "wired connection 1" + VPN again? Because when I click on this network and enable vpn, I cannot surf the web and need to reboot.
I am soooo tooootally lost in oblivion! Not a nice feeling at all. I don't drink but I need a beer now.
Re: OpenVPN with NordVPN has DNS leak
I see your main connection is eno1, that is the connection you need to edit.
IPv4 - Method - Automatic (DHCP) address only
- DNS Server: 127.0.0.1
IPv6 - Method - Ignore
Save
or stop your Internet connection and restart.
then test https://ipleak.net/
IPv4 - Method - Automatic (DHCP) address only
- DNS Server: 127.0.0.1
IPv6 - Method - Ignore
Save
Code: Select all
sudo systemctl restart NetworkManager
then test https://ipleak.net/
Re: OpenVPN with NordVPN has DNS leak
OK and in "sudo nano /etc/NetworkManager/NetworkManager.conf" do I leave this so that it reads "#dns=dnsmasq" as you said by adding the #? Because when I visit ipleak.net I get 2 possibilities:sammiev wrote:I see your main connection is eno1, that is the connection you need to edit.
IPv4 - Method - Automatic (DHCP) address only
- DNS Server: 127.0.0.1
IPv6 - Method - Ignore
Save
or stop your Internet connection and restart.Code: Select all
sudo systemctl restart NetworkManager
then test https://ipleak.net/
1. with #dns=dnsmasq : on the ipleak.net page I can see an IPv6 box (screenshot previous post) that leads to my home town which does not look anonymous to me?
2. with dns=dnsmasq : on the ipleak.net page the IPv6 box is no longer present and only my VPN's IPv4 address and DNS address show. Which is what you're supposed to see if you want to be anonymous with no DNS leak, am I correct?
Re: OpenVPN with NordVPN has DNS leak
#dns=dnsmasq is correct in /etc/NetworkManager/NetworkManager.conf
on the ipleak.net page the IPv6 box is no longer present and only my VPN's IPv4 address and DNS address show --> correct
Your IP address and DNS address should all be one of the same which means - No DNS Leak
Now check for leaks with/without the VPN -- You will have No DNS Leaks both ways.
Enjoy
on the ipleak.net page the IPv6 box is no longer present and only my VPN's IPv4 address and DNS address show --> correct
Your IP address and DNS address should all be one of the same which means - No DNS Leak
Now check for leaks with/without the VPN -- You will have No DNS Leaks both ways.
Enjoy
-
- Level 2
- Posts: 75
- Joined: Sun Jul 09, 2017 3:50 pm
Re: OpenVPN with NordVPN has DNS leak
There has been an outstanding bug with Ubuntu that will cause DNS leaks. Bug report
I don't know if this is why you are getting leaks. To work around this particular bug, if you have it, you have to install an older network-manager and resolvconf and and hold it from getting updated. Ubuntu/Canonical has been freakishly slow addressing this bug.
I don't know if this is why you are getting leaks. To work around this particular bug, if you have it, you have to install an older network-manager and resolvconf and and hold it from getting updated. Ubuntu/Canonical has been freakishly slow addressing this bug.
Code: Select all
sudo apt-get install resolvconf=1.78ubuntu2
sudo apt install network-manager/xenial-security
sudo apt-mark hold network-manager (or unhold)
sudo apt-mark hold resolvconf
Re: OpenVPN with NordVPN has DNS leak
Wow, finally a solution that works. I almost gave up linux since I have other pending problems to be solved. I entered your 4 lines in the terminal and reboot. Then I went to https://www.dnsleaktest.com/ and https://ipleak.net/ to test. I also reverted "sudo nano /etc/NetworkManager/NetworkManager.conf" to default settings reading dns=dnsmasq instead of #dns=dnsmasq. I left all the rest as posted in sammiev's instructions. So to summarise the solution for those that may face the same issue:Rubin_Farr wrote:There has been an outstanding bug with Ubuntu that will cause DNS leaks. Bug report
I don't know if this is why you are getting leaks. To work around this particular bug, if you have it, you have to install an older network-manager and resolvconf and and hold it from getting updated. Ubuntu/Canonical has been freakishly slow addressing this bug.
Code: Select all
sudo apt-get install resolvconf=1.78ubuntu2 sudo apt install network-manager/xenial-security sudo apt-mark hold network-manager (or unhold) sudo apt-mark hold resolvconf
Code: Select all
sudo apt-get install bind9
Edit IPv4 to "Automatic DHCP Address only" and in DNS Servers: type in 127.0.0.1 and select save
Code: Select all
sudo /etc/init.d/bind9 restart
Code: Select all
sudo apt-get install resolvconf=1.78ubuntu2
sudo apt install network-manager/xenial-security
sudo apt-mark hold network-manager /**(or unhold)**/
sudo apt-mark hold resolvconf
Test DNS leak at:
https://www.dnsleaktest.com/
https://ipleak.net/
Re: OpenVPN with NordVPN has DNS leak
Excellent.
Thank you sammiev.
I no longer have a DNS leak.
Thank you sammiev.
I no longer have a DNS leak.