2

I Am using vpn through network manager by downloading the configuration file from vpn provider. According to this site DNS leak test my original isp IP is leaking somehow.

By searching online it appears that many had to face this issue but none of the mentioned methods works for me.

6
  • I'd change the DNS servers to, for example, OpenNIC 107.150.40.234 (Primary Server) and 50.116.23.211 (Secondary Server) and test again.
    – user123492
    Commented Jun 3, 2017 at 17:39
  • What mean "dns leak*? DNS quary do not go trought vpn?
    – 2707974
    Commented Jun 3, 2017 at 17:42
  • how to change secondary server??
    – jason
    Commented Jun 3, 2017 at 17:49
  • I use Linux Mint, but I guess in Ubuntu 16.04 would be similar to change DNS servers. First of all go to Preferences, Networks, Select the Preferences of the Network you are connected to, IPv4 tab, and change the IP addresses of the DNS servers, then Apply.
    – user123492
    Commented Jun 3, 2017 at 18:05
  • ok i found the location? what should i add?? Also it has methods like automatic DHCP which is correct?
    – jason
    Commented Jun 3, 2017 at 18:19

2 Answers 2

Reset to default
6

In order to let openvpn to alter the system DNS settings, therefore eliminating the leak, add the following lines at the end of the your *.ovpn configuration file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Most likely that solution will help, depending on the OpenVPN server settings.

If you're curious of the meaning of the directives above, those do the following:

  1. script-security 2 - this directive offers policy-level control over OpenVPN's usage of external programs and scripts. Script security level 2 allows calling of built-in executables and user-defined scripts.

  2. up and down directives specify the commands to run after successful TUN/TAP device open and close, in this case, which are /etc/openvpn/update-resolv-conf and /etc/openvpn/update-resolv-conf correspondingly. These scripts align the resolv.conf with the DNS address supplied by OpenVPN server, returning it to its original state when the connection is closed.

1

This solution applies only to Ubuntu 16.04 LTS, where DNS leaks have appeared. Editing each and every .ovpn file with a script as advised by others, may work, it may not. For me it did not. If you have been doing this, replace the ovpn files with fresh ones and proceed.

If you have been mucking around for quite some time with this problem, a fresh install could be indicated, to which you can immediately implement this simple solution successfully.

This solution, may work for other Distro derivations to 16.04 LTS, that‘s possible, I have not tested this. This solution presumes you‘ve been successful in importing VPN config files and applied them only to discover a DNS leak of your IP's DNS server has shown up in a DNS Leak test.

What this solution does is force your computer to use only the DNS server as provided by your VPN provider's ovpn file.

In the terminal:

sudo su

<enter your password>

apt-get install openresolv nscd unbound

Allow the install to proceed past the reboot recommendation. When finished, close the terminal.

For good measure, reboot your computer, start up your VPN and check with a DNS leak test. You should see only your VPN‘s DNS server listed. If you see your IP‘s DNS server, check your other VPN config files to see if this isn‘t just an aberation with your VPN provider‘s server.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .