Open Xiol opened 7 years ago
It would be appreciated if you could PR against the instructions with these additional steps https://github.com/jlund/streisand/blob/698cecbb774e6f429e64e7a1b3566bee641e4d50/playbooks/roles/openvpn/templates/instructions.md.j2#L83-L123
This should already be happening because of this server-side setting. Out of curiosity, what version of Ubuntu are you running?
This was on 16.10. The only reason I thought it wasn't working was because I installed an adblocking hosts file on the VPN server and while it was blocking ads on my phone (for example) it wouldn't block them on Ubuntu. Changing the settings I described caused it start blocking, so I assumed it was needed to push the DNS requests down the tunnel.
I'm at work at the moment but I will test this again when I'm home and get back to you.
I have this issue too (on an Ubuntu 16.10 client). However, configuring the VPN connection to use "Automatic (VPN) addresses only", and explicitly setting the DNS server to 10.8.0.1, does not fix the DNS leak for me, according to dnsleaktest.com.
I can dig @10.8.0.1 anydomain.com
and have it resolve correctly, but if I dig anydomain.com
, the output includes:
;; SERVER: 127.0.1.1#53(127.0.1.1)
I'm not sure how to force Ubuntu to use the VPN's DNS server, whether it's explicitly configured in my network manager or not.
Manually commenting out dns=dnsmasq
in /etc/NetworkManager/NetworkManager.conf
seems to fix using localhost as a DNS server over the VPN's DNS server. My output from dig anydomain.com
now includes ;; SERVER: 10.8.0.1#53(10.8.0.1)
without me manually setting the DNS server for my wifi connection to 10.8.0.1
. dnsleaktest.com still reports my ISP's DNS server though, so I have some more investigating to do to fix the leak...
dnsleaktest.com still reports my ISP's DNS server though, so I have some more investigating to do to fix the leak...
It turns out that Firefox continued using 127.0.1.1
as the preferred DNS server over 10.8.0.1
until I closed and re-opened it. I made no further changes apart from restarting Firefox, and dnsleaktest.com is no longer reporting my ISP's DNS server.
Hi,
The default instructions provided to configure Network Manager on Ubuntu don't include the instructions to make use of the DNS server down the VPN tunnel. This could leak DNS lookups onto the local network, depending on resolver configuration. I believe the following should be added to the manual instructions already present while editing the VPN connection but before going into the advanced screen: