openvpn and DNS
From the comments...
Turn dnsmasq back on, and in your network connection profile, go to the IPv4 tab and change Automatic (DHCP)
to Automatic (DHCP) addresses only
and then retry your leak test.
Related videos on Youtube
Fritz
Updated on September 18, 2022Comments
-
Fritz over 1 year
I'm on Ubuntu 16.04 and I have setup an openvpn connection that works fine. Before starting the vpn connection, my ISP DNS is defined in
/etc/resolv.conf
from DHCP:# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver isp.x.y.z
I have added the followign lines to the openvpn configuration file:
up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf
so the
/etc/resolv.conf
gets updated when I start the vpn connection. When started, it looks like this:# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver vpn.x.y.z nameserver isp.x.y.z
with
vpn.x.y.z
the IP of the vpn DNS server; what I wanted. However, the line for my ISP DNS is still there. This causes a problem when running a DNS leak tests as my ISP DNS gets queried.So I'm trying to get rid of the entry of my ISP when starting the openvpn connection. It works fine if I remove it manually but I'd like to get this automated. Any suggestion?
Thanks!
Fritz
-
Boris Hamanov about 7 yearsClear the list of DNS Servers defined in your connection profile.
-
Fritz about 7 yearsHow? What do you mean by "connection profile"? I have not defined any dns entry anywhere, they are either coming from network manager and dhcp or openvpn.
-
Boris Hamanov about 7 yearsConnection profile... go to Network icon in the top panel, choose Edit Connections..., find the profile for "Wired Connection"/whatever, go to the IPv4 tab, and clear any list of DNS servers shown there.
-
Fritz about 7 yearsI checked that one already and can confirm I do not have any DNS entry in any NetworkManager connection. My DNS is defined dynamically via DHCP.
-
Boris Hamanov about 7 yearsIf you're seeing nameserver isp.x.y.z in resolve.conf, then you're probably not running dnsmasq. What's in your /etc/NetworkManager/NetworkManager.conf?
-
Fritz about 7 yearsIndeed, I switched off dnsmasq by commenting out the line dns=dnsmasq in
/etc/NetworkManager/NetworkManager.conf
. I have try both actually; with dnsmasq on, my/etc/resolv.conf
contains the linenameserver 127.0.1.1
but still any dns leak test reveals my isp dns -
Boris Hamanov about 7 yearsTest with leaving dnsmasq on/off, and in your network connection profile, go to the IPv4 tab and change
Automatic (DHCP)
toAutomatic (DHCP) addresses only
and then try your leak test. -
Fritz about 7 yearsIt did the trick. I have set the connection to
Automatic (DHCP) addresses only
and dnsmasq on at no leak anymore. Thanks a lot!
-