You are not logged in.
Pages: 1
Hi all , im using vpn with Openvpn protocol on network manager, i have dns leak how i can fix this ? I search on the forum but dont find the answer to my question.
Thx
Offline
Run Unbound, then you can specify particular DNS server(s) for particular domains.
Last edited by brebs (2015-04-17 11:57:04)
Offline
Give us some information to work with here. How do you know you have a DNS leak? What are you leaking exactly? What is your OpenVPN configuration? What is your local network architecture?
You may benefit from having a read of this document, in particular this section.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Run Unbound, then you can specify particular DNS server(s) for particular domains.
Thx for the tip but i think its a litle difficult for a newbie setup Unbound .... do you know another method ?
Thx
Offline
Give us some information to work with here. How do you know you have a DNS leak? What are you leaking exactly? What is your OpenVPN configuration? What is your local network architecture?
You may benefit from having a read of this document, in particular this section.
Thx for the reply.
I know i have dns leak because i run the dns leak test on the site http://dnsleak.com/ and show my original dns and location of dns. Im using the openvpn from arch linux repos with vpn provider file imported only have to enter my user and password and thats it. Only have a router and computer are connected by cable.
Thx
Offline
If you're using Firefox to browse through your VPN then it may cause DNS leakage and can be configured to avoid it by going to about:config and setting "network.proxy.socks_remote_dns" to "true".
Offline
If you're using Firefox to browse through your VPN then it may cause DNS leakage and can be configured to avoid it by going to about:config and setting "network.proxy.socks_remote_dns" to "true".
I was using chrome but i switch do firefox and do that config but continues to have dns leak ..... any more tips ?
Thx
Offline
May be you'll have to disable webrtc on all your browsers.
Offline
May be you'll have to disable webrtc on all your browsers.
Im using only firefox now and have done that to disable webrtc, but on dnsleak.com show my dns leaking ... what i can do more ?
Offline
After googling a lot i find a chrome plugin "scriptsafe" i think with this plugin i dont have more dns leaking and no more webrtc .... Anyone have try this plugin ?
Thx
Last edited by Smallville (2015-04-18 00:58:47)
Offline
Then preventing non-vpn traffic should be the way to go, a sample iptables rules can be found @ AirVPN Forums - Prevent leaks with Linux & iptables
Offline
Then preventing non-vpn traffic should be the way to go, a sample iptables rules can be found @ AirVPN Forums - Prevent leaks with Linux & iptables
Interesting post, what you think is better iptables or gufw firewall ? In case i do some mistake how i undone all on iptables? I have lost many hours config my arch
Thx
Offline
Both interact with netfilter framework (iptables & ufw CLI's, gufw GUI front-end for ufw) so use whatever you want. Disabling/removing rules you created is easy as well.
If you missed with and broke things then that's the way you'll learn more and better IMO
Offline
Both interact with netfilter framework (iptables & ufw CLI's, gufw GUI front-end for ufw) so use whatever you want. Disabling/removing rules you created is easy as well.
If you missed with and broke things then that's the way you'll learn more and better IMO
I have tried in the last days configuration the ufw/gufw i have done this :
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any
sudo ufw allow out from any to (my vpn ip )
If i have the gufw enable i cant connect to anything no vpn and no my network, but if i disable the gufw i can connect to my network and vpn.
If i disable the gufw connected to vpn server i have conection and after that i enable the gufw and i dont have any dns leak and i have a kill switch.
Is there any way i can connect to my vpn withou i need do disable and enable gufw ?
Thx in advnce for the help
Offline
I strongly recommend you stop messing around with iptables, when you plainly haven't got a clue what you are doing, and use Unbound (or dnsmasq or BIND), which is the proper solution.
Offline
I strongly recommend you stop messing around with iptables, when you plainly haven't got a clue what you are doing, and use Unbound (or dnsmasq or BIND), which is the proper solution.
With unbound i can have a kill switch ? Because gufw give-me no dns leak and kill switch in case my vpn conection go down i dont show my real ip.
Can you pls give-me an example how can i setup the Unbound ?
Thx 4 the help
Offline
Example snippet for unbound.conf:
# Disable default rejection of 192.168/16 range
local-zone: "168.192.in-addr.arpa." nodefault
forward-zone:
name: "blah.mycompany.com"
forward-addr: 192.168.2.1
# Reverse DNS
forward-zone:
name: "2.168.192.in-addr.arpa"
forward-addr: 192.168.2.1
What weird situation do you have, where you want to connect to something, but it would be such a big problem if you're *not* connecting via the VPN? For *that* situation (which is a separate issue to DNS "leak"), then yes, could use iptables.
Edit: Added reverse DNS lines.
Last edited by brebs (2015-05-20 22:19:24)
Offline
Example snippet for unbound.conf:
# Disable default rejection of 192.168/16 range local-zone: "168.192.in-addr.arpa." nodefault forward-zone: name: "blah.mycompany.com" forward-addr: 192.168.2.1 # Reverse DNS forward-zone: name: "2.168.192.in-addr.arpa" forward-addr: 192.168.2.1
What weird situation do you have, where you want to connect to something, but it would be such a big problem if you're *not* connecting via the VPN? For *that* situation (which is a separate issue to DNS "leak"), then yes, could use iptables.
Edit: Added reverse DNS lines.
I finally understand how i enable and use the unbound thx for your example brebs !!!
But i have 2 questions if anyone can help:
the 192.168.2.1 - is my router ip ?
and the "blah.mycompany.com" is the vpn server adress ?
Thx for the help
Last edited by Smallville (2015-06-12 17:57:50)
Offline
Pages: 1