OpenVPN connection DNS leak, any help?

stabwound · 2015-07-29 00:20:03

I setup OpenVPN on a VPS running Arch using the wiki guide: https://wiki.archlinux.org/index.php/OpenVPN .

My local laptop is also running Arch, and I'm connecting to the VPS through OpenVPN. The goal is to surf anonymously without exposing my local IP or information.

Everything seems to work as it should, when browsing from home connected to the VPN my IP is detected as the VPS. But when I use DNS leak tests such as https://ipleak.net/, it tells me my DNS is leaking.

I'm at a loss as to why.

I tried editing my local computer's /etc/resolv.conf to only contain:

nameserver 10.8.0.1

But that does nothing to help. I'm wondering if there's somewhere else Arch might be looking for DNS servers to use?

Here's my OpenVPN server config:

push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/cert.crt
key /etc/openvpn/key.key  # This file should be kept secret
dh /etc/openvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

Client:

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/stab.crt
key /etc/openvpn/stab.key
remote-cert-tls server
tls-auth /etc/openvpn/ta.key 1
comp-lzo
verb 3

When typed on local computer:

$ ip route show

default via 10.8.0.5 dev tun0  proto static  metric 50 
default via 192.168.2.1 dev enp1s0  proto static  metric 100 
10.8.0.1 via 10.8.0.5 dev tun0  proto static  metric 50 
10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6 
10.8.0.5 dev tun0  proto static  scope link  metric 950 
10.8.0.6 dev tun0  proto kernel  scope link  src 10.8.0.6  metric 50 
***.***.***.*** via 192.168.2.1 dev enp1s0  proto static  metric 100 
192.168.2.0/24 dev enp1s0  proto kernel  scope link  src 192.168.2.11  metric 100

This is the output of $ netstat -nr on local computer

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.5        0.0.0.0         UG        0 0          0 tun0
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 enp1s0
10.8.0.1        10.8.0.5        255.255.255.255 UGH       0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.8.0.6        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
xxx.xxx.xxx.xxx 192.168.2.1     255.255.255.255 UGH       0 0          0 enp1s0

Is the second line begining 0.0.0.0 maybe what's wrong?

If anyone has any clue or can help, I'd really appreciate it!

Last edited by stabwound (2015-07-29 00:37:57)

nstgc · 2015-07-30 22:11:13

For what it's worth I'm also having this issue, however I haven't tried anything to remedy this yet.

[edit] This worked for me:
https://github.com/masterkorp/openvpn-u … lv-conf.sh

Last edited by nstgc (2015-07-30 22:45:02)

brebs · 2015-07-31 20:08:31

See previous thread - use Unbound.

stabwound · 2015-08-01 04:07:51

So, I figured out that apparently OpenVPN won't just do the DNS lookups magically - I installed and configured dnsmasq and now it's properly working.

Apparently now I need to figure out how to run my own DNS server so I don't have to use 8.8.8.8

I guess unbound is a solution for this?

Arch Linux

#1 2015-07-29 00:20:03

OpenVPN connection DNS leak, any help?

#2 2015-07-30 22:11:13

Re: OpenVPN connection DNS leak, any help?

#3 2015-07-31 20:08:31

Re: OpenVPN connection DNS leak, any help?

#4 2015-08-01 04:07:51

Re: OpenVPN connection DNS leak, any help?

Board footer