How can you test for a DNS leak for an OpenVPN provider?

security vpn dns openvpn privacy

5,345

OpenVPN won't assign server's DNS resolver(s) if you run it from terminal. This is a known behavior and until OpenVPN developers fix it, you have to run an external script to assign the DNS resolvers once the tunnel is connected, and revert when disconnected. This should work on Ubuntu, Debian, and any Debian based distros.

Step 1

First, you have to update the .ovpn profiles to run a script that will assign a DNS resolver and restore your original resolver when the VPN connection will shut-down. Add the following lines to the .ovpn file:
script-security 2  
up updatedns.sh  
down updatedns.sh
Note that this applies if you run openvpn [server profile.ovpn] from the current folder, not eg.
openvpn /home/myself/Downloads/openvpn-profiles/server-location.ovpn 
If you run from different folder, you will have to include the full path accordingly (also to the mass-update command below)

To mass-update all .ovpn profiles in a folder, unzip the server profiles, then from the same folder run:
for filename in *.ovpn; do  echo -e "script-security 2\nup updatedns.sh\ndown updatedns.sh" >> $filename; done
Step 2

Get the updatedns.sh script:
wget https://vpn.ac/configs/misc/updatedns.sh
Run chmod +x updatedns.sh to make it executable Step 3

Connect by running:
openvpn ./[location-profile].ovpn
Once connected, check dnsleak test. It should report our DNS resolvers.

When you disconnect, the original resolv.conf will be restored. If anything goes wrong it it doesn't restore properly (ie. openvpn process killed), restore it manually by running:
cp -a /etc/resolv.conf.orig /etc/resolv.conf 