Open Xiol opened 7 years ago
sjug
commented
7 years ago It would be appreciated if you could PR against the instructions with these additional steps https://github.com/jlund/streisand/blob/698cecbb774e6f429e64e7a1b3566bee641e4d50/playbooks/roles/openvpn/templates/instructions.md.j2#L83-L123
jlund
commented
7 years ago This should already be happening because of this server-side setting. Out of curiosity, what version of Ubuntu are you running?
Xiol
commented
7 years ago This was on 16.10. The only reason I thought it wasn't working was because I installed an adblocking hosts file on the VPN server and while it was blocking ads on my phone (for example) it wouldn't block them on Ubuntu. Changing the settings I described caused it start blocking, so I assumed it was needed to push the DNS requests down the tunnel.
I'm at work at the moment but I will test this again when I'm home and get back to you.
nfm
commented
7 years ago I have this issue too (on an Ubuntu 16.10 client). However, configuring the VPN connection to use "Automatic (VPN) addresses only", and explicitly setting the DNS server to 10.8.0.1, does not fix the DNS leak for me, according to dnsleaktest.com.
I can dig @10.8.0.1 anydomain.com and have it resolve correctly, but if I dig anydomain.com, the output includes:
;; SERVER: 127.0.1.1#53(127.0.1.1)I'm not sure how to force Ubuntu to use the VPN's DNS server, whether it's explicitly configured in my network manager or not.
nfm
commented
7 years ago Manually commenting out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf seems to fix using localhost as a DNS server over the VPN's DNS server. My output from dig anydomain.com now includes ;; SERVER: 10.8.0.1#53(10.8.0.1) without me manually setting the DNS server for my wifi connection to 10.8.0.1. dnsleaktest.com still reports my ISP's DNS server though, so I have some more investigating to do to fix the leak...
nfm
commented
7 years ago dnsleaktest.com still reports my ISP's DNS server though, so I have some more investigating to do to fix the leak...
It turns out that Firefox continued using 127.0.1.1 as the preferred DNS server over 10.8.0.1 until I closed and re-opened it. I made no further changes apart from restarting Firefox, and dnsleaktest.com is no longer reporting my ISP's DNS server.
Hi,
The default instructions provided to configure Network Manager on Ubuntu don't include the instructions to make use of the DNS server down the VPN tunnel. This could leak DNS lookups onto the local network, depending on resolver configuration. I believe the following should be added to the manual instructions already present while editing the VPN connection but before going into the advanced screen: