openconnect / openconnect-gui

MOVED TO https://gitlab.com/openconnect/openconnect-gui
https://gitlab.com/openconnect/openconnect-gui
GNU General Public License v2.0
1.3k stars 240 forks source link

DNS Leak on Windows 10 #257

Open sinclair8228 opened 5 years ago

sinclair8228 commented 5 years ago

Describe the bug I am running ocserv on my VPN server. When I use OpenConnect GUI on my Windows 10 client, it does not change the DNS settings and I am still using my ISP dns resolvers. IP address does change. This problem does not occur on my Linux laptop. I am using Unbound on the server to resolve all DNS, including for OpenVPN, for which this does work. Ocserv is set to use 127.0.0.1 as dns, Unbound set to listen at 127.0.0.1 and access-control also allows.

To Reproduce Steps to reproduce the behavior: Login to server via username and password.

Expected behavior DNS resolved by Unbound

Screenshots Unable to provide at this time, away from Windows computer. Can provide later upon request

Desktop (please complete the following information):

horar commented 5 years ago

So, as I understood the problem doesn't appears when you use OpenConnect-GUI on linux, just the windows version raise the problem?

sinclair8228 commented 5 years ago

Acutally, I use the command line to connect on Linux. A script executed by a .desktop file. This is my first attempt using the OpenConnect GUI, so as of now is strictly a Windows (10) problem. Dns is routed through the tunnel correctly with my Linux setup

horar commented 5 years ago

Could you please try command line tool on windows as well? (it's an optional part of windows installer). Thanks. Other point would be to change 'REDIRECT_GATEWAY_METHOD' variable in vpnc script (in the same folder asd GUI is installed)... Thanks.

odkrys commented 5 years ago

Unfortunately, this is normal behavior in windows 10. I can't find solution for other than Openvpn's block-outside-dns. https://github.com/OpenVPN/openvpn/search?q=block-dns-outside&type=Commits

horar commented 5 years ago

@odkrys did you tri to change refered variable in vpnc script?

odkrys commented 5 years ago
if (env("REDIRECT_GATEWAY_METHOD")) {
    var REDIRECT_GATEWAY_METHOD = env("REDIRECT_GATEWAY_METHOD");
} else {
    var REDIRECT_GATEWAY_METHOD = -1;
}

I tried -1 to 2 but no luck.

horar commented 5 years ago

Then it look like the problem should be discussed on openconnect mailing list. This project is about GUI only...