-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS leaks still appear #14
Comments
If someone is interested, I solved this issue with the following workaround:
This is hacky though, it would be really cool if we found a proper fix, so that providing the exclusive flag On another side, using this method instead of |
@cryzed Is there an open issue for NetworkManager or discussion thread concerning this? |
Yes, I created an issue somewhere in the NetworkManager bugtracker (which doesn't allow Google to index it so I can't find the issue), and similar problems can be found all over the internet. I decided that using NetworkManager for VPN things is completely unreliable for many reasons, not just this one. I set The NetworkManager bug tracker seems completely dead and no one really pays attention to it, IIRC. |
Hey, unfortunately I've had some troubles with this script. The problem is that, however I configure my system, the IP of my local nameserver still appears in /etc/resolve.conf. For example with my VPN disabled:
And enabled:
While the second version looks good, it isn't at all:
(Source: http://man7.org/linux/man-pages/man5/resolv.conf.5.html)
So as I understand it, the only thing required for DNS leaks to happen is that the VPN's DNS servers aren't reachable, until eventually the local DNS nameserver entry is cycled to and used.
Also see this discussion about the same issue. I suspected too that dhcpdc might be the cause for the nameserver entry, but it isn't:
Seemingly all entries are provided by the NetworkManager. The local nameserver is provided by the configured wired connection I am using, and the others by the DNS server I subsequently connect to. Considering this, OpenVPN seems to popualte the
foreign_option_*
environment variables in reverse order, which results in the current behavior. The (imho) correct behavior would be to have the local nameserver completely removed and only list the VPN's DNS servers.Is this my fault? Am I misconfiguring or misunderstand something?
EDIT: I just read some more about the environment variables set by OpenVPN, and even ran OpenVPN manually with my configured VPN -- Only the two addresses are pushed by my VPN after all, I'm not sure how my local DNS address even ends up in /etc/resolv.conf. Any ideas?
EDIT2: Seems like this NetworkManager's fault -- The update-resolv-conf script doesn't even seem to be needed when connecting to the VPN using it, it automatically sets the pushed VPN DNS addresses, unfortunately it doesn't remove the local DNS addresses.
The text was updated successfully, but these errors were encountered: