ubuntu 23.10 openvpn issue dns leak

L

Leeuw

New Member
Joined
Nov 18, 2023
Messages
2
Reaction score
0
Credits
47
Hi guys,


I am having a hard time with configuring openvpn with a daemon.

openvpn 2.4.6

When I connect to the vpn server using network manager everything is perfect, but when I use the terminal openvpn command,
there is a openvpn connection, but without DNS tunneled. I tried to follow different tutorials that go the resolve.conf way, but I think
ubuntu 23.10 handles resolve conf a different way, none of it works.
It seems to be something with this ubuntu version. I do not understand why there are no other users writing on forums.
Why does the same certificate work on network manager and not with the terminal openvpn command or as a systemctl service?
I do not understand that in linux, openvpn is leaking and in windows it works without a hassle. These is important functionality,
yet I need to do a deep insight investigation on the net to find small answers....

However, any help would be appreciated.

Thanks.

ps: I need to have openvpn client run in a daemon for accountability reasons.
 


to it manually:
cd /etc/openvpn && sudo openvpn VPN_config.ovpn &
edit resolv.conf and comment out your ISP DNS server info. Otherwise you will connect to both: VPN and ISP DNS servers which is just leaky network config
This is distro agnostic approach so I hope that it will work for you.
 
Hi Aristarchus and feedmebits,

Thanks for your logical responses and help offer, I was tired the other night and lacked to send the needed configs.
Today i experimented more, and I was able to fix it for the moment.
It is difficult cause there appears to be a new resolve module in the latest ubuntu's which is handeled by 'resolvctl' instead of 'systemd-resolve'. The latter support different parameters. Most forum help on the net on this DNS subject is based on pre 22.10 if I am correct.

In the end i found these idea's:

askubuntu.com

How can I force Ubuntu 22.04 SERVER to use ONLY the DNS servers listed in /etc/systemd/resolved.conf (NOT my router's DNS) AND use DNS-over-TLS?

I have added these lines to /etc/systemd/resolved.conf in a Ubuntu 22.04 SERVER install with NO DESKTOP - I emphasize that because I can't use the normal desktop method of setting network options in
askubuntu.com askubuntu.com

askubuntu.com

Wrong nameserver set by resolvconf and NetworkManager

My DNS server is 192.168.1.152. This DNS is provided to clients by DHCP. The windows clients on my LAN resolve names properly using that DNS, but my Ubuntu VM doesn't. The VM is set up with bridge
askubuntu.com askubuntu.com

and the 'link cancel' part under post 18 here;
It is based on creating a new file and symlink for
/run/systemd/resolve/resolv.conf

https://askubuntu.com/questions/973017/wrong-nameserver-set-by-resolvconf-and-networkmanager

Don't ask me what exactly was the trigger cause what happened to me today is, the deeper you go, the more complex, and in the end you forgot where you started with....

I will add my conf file for openvpn client:


client
dev tun
proto udp
remote [my openvpn servers ip] {portnumber}
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC


redirect-gateway

verb 3
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
redirect-gateway
dhcp-option DNS {DNS server ip}

Maybe it is of use to someone. Sorry for wasting your time the other night.

The part what I really don't understand of openvpn is, openvpn is known as an old robust vpn protocol.
Why when a new ubuntu version comes out (and other distro's probably) is there not a fixed wat to be very very sure,
the DNS is set and there will be no DNSleak?
The windows version of openvpn client for example, works out of the box. Any noob can do it. But in Linux you need to handle all kinds of tricks and tweaks to get firstly the problem known, and secondary, solve it, by studying on forum articles for hours?

An opendns DNS setup or override must work in all cirumstances no?
Well, maybe it is my simple view, or maybe I missed the big picture somewhere.
For me it works now, I hope it will keep working. After rebooting 5 times openvpn takes the right dns automatically now.
Weird; I can't get rid of a backup dns which I can't remember to have configured anywhere:

Link 3 (tun0)
Current Scopes: DNS mDNS/IPv4 mDNS/IPv6
Protocols: +DefaultRoute -LLMNR mDNS=resolve -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 10.8.0.1 1.1.1.1

It seems it cannot leave the IP's router config alone, I can't get rid of 1.1.1.1 (google's DNS if I am not mistaken)

Thanks guys so far.












l
 
1.1.1.1 is Cloudflare
Usually set up in the browser config. It will encrypt traffic but reveal ip address unless tunneled inside VPN tunnel(?). If you never ever used Cloudflare services then this is quite strange.

If no other Ubuntu user has this problem, must be you.. it is difficult to guess what was done aside browser config editing but this would not affect resolv.conf file.
I hope that you will solve this mystery. Good luck.
 
I am very, very new to Linux, but I thought I'd throw this in if it should happen to be useful...

In your browser settings, turn off HTTPS over DNS or disable HTTPS. If I don't disable this, I'll end up with a DNS leak. Cloudflare is always involved in my DNS leaks
 
You must log in or register to reply here.

Members online

Total: 736 (members: 5, guests: 731)

Latest posts

Top