DNS Leak when using OpenVPN
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 11 of 11
  1. #1
    Join Date
    Jan 2019
    Location
    Germany
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    DNS Leak when using OpenVPN

    I am using openvpn on Fedora 29, but unfortunately there is a DNS leak that I cannot fix.

    I am using the update-resolv-conf script described here: https://forums.fedoraforum.org/showt...nVPN-in-Fedora
    However it doesn't fix the leak. Interestingly I have an up to date installation of Manjaro on the same machine that uses the exact same openvpn config files and does not suffer from the dns leak.

    Also I have tried to implement the suggestions described here and in further links: https://unix.stackexchange.com/quest...envpn-dns-leak, but i can't get the update-systemd-resolved script to work on Fedora...

    Anyone come across this problem and solved it?

  2. #2
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Hi. I think I found excellent fix for that ! I searched Internet after reading this thread. From what I read, it seem that "update-resolve-conf" are now useless in Fedora/Ubunto because the way they deal with DNS had been changed radically - see the discussions in the following link:

    http://www.ubuntubuzz.com/2015/09/ho...-in-linux.html

    However, I discovered the following link:

    https://www.reddit.com/r/ProtonVPN/c...h_openvpn_cli/

    in the last comment, there is a user recommend the following package:

    dnscrypt-proxy

    it is available in our official repositories, together with GUI for it called:

    dnscrypt-proxy-gui

    It seem that is is very very very powerful solution tool since it was originated from OpenBSD (THE MOST SECURE OS IN THE WOLD) !! - read the following:

    https://github.com/jedisct1/dnscrypt-proxy
    https://dnscrypt.info/

    Can you please try it & if working for you please inform me to use it. I'm not expert with such advanced tool & afraid to cause permanent block for Internet on my PC from using such advanced tool wrongly ....
    Fedora 30 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  3. #3
    Join Date
    Jan 2019
    Location
    Germany
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Thanks for the answer.

    I did (after some trouble) manage to get dnscrypt-proxy up and running. Here's what it says:

    [root@fedora ~]# service dnscrypt-proxy status
    Redirecting to /bin/systemctl status dnscrypt-proxy.service
    ● dnscrypt-proxy.service - DNSCrypt-proxy client
    Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
    Active: active (running) since Sun 2019-01-27 11:06:06 CET; 28s ago
    Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
    Main PID: 1328 (dnscrypt-proxy)
    Tasks: 17 (limit: 4915)
    Memory: 26.0M
    CGroup: /system.slice/dnscrypt-proxy.service
    └─1328 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml

    Jan 27 11:06:19 fedora.tuxedo dnscrypt-proxy[1328]: [scaleway-fr] OK (crypto v2) - rtt: 94ms
    Jan 27 11:06:19 fedora.tuxedo dnscrypt-proxy[1328]: [securedns] OK (crypto v1) - rtt: 160ms
    Jan 27 11:06:19 fedora.tuxedo dnscrypt-proxy[1328]: [securedns-doh] OK (DoH) - rtt: 163ms
    Jan 27 11:06:19 fedora.tuxedo dnscrypt-proxy[1328]: [soltysiak] OK (crypto v1) - rtt: 32ms
    Jan 27 11:06:19 fedora.tuxedo dnscrypt-proxy[1328]: [trashvpn.de] OK (crypto v2) - rtt: 23ms
    Jan 27 11:06:20 fedora.tuxedo dnscrypt-proxy[1328]: [ventricle.us] OK (crypto v2) - rtt: 112ms
    Jan 27 11:06:20 fedora.tuxedo dnscrypt-proxy[1328]: [opennic-bongobow] OK (crypto v1) - rtt: 41ms
    Jan 27 11:06:20 fedora.tuxedo dnscrypt-proxy[1328]: [opennic-R4SAS] OK (crypto v2) - rtt: 34ms
    Jan 27 11:06:20 fedora.tuxedo dnscrypt-proxy[1328]: Server with the lowest initial latency: cloudflare (rtt: 13ms)
    Jan 27 11:06:20 fedora.tuxedo dnscrypt-proxy[1328]: dnscrypt-proxy is ready - live servers: 38
    Also I followed a few hints on other changes to make in order to close the DNS leak, notably: https://www.fosslinux.com/4137/how-t...in-ubuntu.htm/

    Alas nothing has changed, I still have the DNS leak...

  4. #4
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    @Dougal2104

    Dear I think that there is big diffirence between what we try & what really set in Fedora !
    1st, no package called "update-resolv-conf" in official Fedora repositories !
    2nd, no package called "update-systemd-resolved" or "openvpn-update-systemd-resolved" in official Fedora repositories !
    3rd, I found the following guide:
    https://www.azirevpn.com/support/gui...nux/change-dns
    which is given by your link also, but it should be - according to azirevpn - enough by itself without dnscrypt-proxy !!
    4th, dnfcrypt-proxy is very powerful tool, so how it is failed ??!!

    It seem that:
    1) there is some thing in the nature of Fedora dealing with DNS that prevent all these methods from work,
    2) you did not set dnscrypt-proxy well ......

    By the way, I found this method:
    https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

    it said that user should add the following line to .ovpn file:
    block-outside-dns

    but I found this link from PIA which said that this working only on Windows !! How this ?! How set in OpenVPN manul but only working on Windows ??
    Fedora 30 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  5. #5
    Join Date
    Aug 2011
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    The last time I was using a VPN I did have an issue with a DNS leak. I think I solved it by changing the network setting under IPV6 from Automatic to Automatic (DHCP Only) - see attached screenshotClick image for larger version. 

Name:	Screenshot.png 
Views:	60 
Size:	85.3 KB 
ID:	30016

  6. #6
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Quote Originally Posted by expectATIon
    The last time I was using a VPN I did have an issue with a DNS leak. I think I solved it by changing the network setting under IPV6 from Automatic to Automatic (DHCP Only) - see attached screenshotClick image for larger version. 

Name:	Screenshot.png 
Views:	60 
Size:	85.3 KB 
ID:	30016
    Yes I agree with you. I used this method for 2 years without problem till some months ago when, as it seems to be, ISPs in my country changed their policy ! Please see this:
    https://forums.fedoraforum.org/showt...m-DNS-further-!

    I read little about dnscrypt-proxy & I will try it.
    Fedora 30 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  7. #7
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    @Dougal2104

    I installed dnscrypt-proxy & dnscrypt-proxy-gui

    But when I tried to launch it's GUI from application menu, it did not launched at all ! No any GUI appeared to me !

    I tried in terminal the following (as non root):

    Code:
    $ systemctl status dnscrypt-proxy
    Unit dnscrypt-proxy.service could not be found.
    Code:
    $ service dnscrypt-proxy status
    Redirecting to /bin/systemctl status dnscrypt-proxy.service
    Unit dnscrypt-proxy.service could not be found.
    Please your kind help ! How can I start it ? Does my system has error or I made some thing wrong ?
    Fedora 30 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  8. #8
    Join Date
    Jan 2019
    Location
    Germany
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Thanks, but no luck in my case. The DNS leak persists even with that setting...

  9. #9
    Join Date
    Jan 2019
    Location
    Germany
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Please your kind help ! How can I start it ? Does my system has error or I made some thing wrong ?
    I am pretty much out of my depth here, but for what it's worth: in my case it was necessary to create the directories /var/cache/private/dnscrypt-proxy and /var/log/private/dnscrypt-proxy and then create softlinks for both in /var/cache and /var/log respectively.

  10. #10
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Quote Originally Posted by Dougal2104
    I am pretty much out of my depth here, but for what it's worth: in my case it was necessary to create the directories /var/cache/private/dnscrypt-proxy and /var/log/private/dnscrypt-proxy and then create softlinks for both in /var/cache and /var/log respectively.
    This is not package ! This is disaster ! It is very obvious that the defect lie not in dnscrypt-proxy itself, but in it's Fedora package ! I opened bug report about this at bugzilla here:

    https://bugzilla.redhat.com/show_bug.cgi?id=1669930

    But I discovered that not only me but many peoples complaining also ! See the following:

    https://bugzilla.redhat.com/show_bug.cgi?id=1506665

    https://bugzilla.redhat.com/show_bug.cgi?id=1542930

    https://bugzilla.redhat.com/show_bug.cgi?id=1614352

    I think the package for Fedora 29 is partially fixed but still of problems - see:

    https://bugzilla.redhat.com/show_bug.cgi?id=1645608
    Fedora 30 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  11. #11
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: DNS Leak when using OpenVPN

    Quote Originally Posted by Dougal2104
    Thanks, but no luck in my case. The DNS leak persists even with that setting...
    Dear, do you set your NetworkManager at DNS of local host 127.0.0.1 ? You should set DNS in your network manager at local host address that the dnscrypt-proxy listen to it by default - see the following:
    https://www.systutorials.com/docs/li...nscrypt-proxy/
    without this it will never work ! It's idea is to route requests not to Internet directly (not to DNS resolver directly) but to the package dnscrypt-proxy so as to encrypt them locally on your device before sending them to DNS resolved .....

    You can set your network manager as following:

    - click on the NetworkManager icon in the task bar and find the physical network card currently in use. Its name appears in bold, take note of it.
    - right-click on the NetworkManager icon and select Edit Connections….
    - Click on the name of the connection > Select the IPv4 Settings tab > In the Method list, select Automatic (DHCP) addresses only > In the DNS Servers field, enter:
    127.0.0.1
    - reboot PC or restart network manager.
    Last edited by User808; 30th January 2019 at 01:01 PM.
    Fedora 30 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

Similar Threads

  1. Replies: 1
    Last Post: 2nd February 2018, 10:37 PM
  2. Replies: 1
    Last Post: 29th January 2012, 07:44 PM
  3. firefox and memory - leak or not a leak
    By marko in forum Wibble
    Replies: 57
    Last Post: 21st July 2007, 09:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •