Score:0

DNS Leak on Linux

cn flag

I am running Pop OS 21.10, and appear to have a DNS leak. Here are my configs:

Client

remote <IP> 1194
persist-key
persist-tun
dev tun
proto udp
cipher AES-256-CBC
reneg-sec 0
resolv-retry infinite
nobind
ifconfig 10.8.0.2 10.8.0.1
comp-lzo
verb 4
tls-client
redirect-gateway
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Server

port 1194
proto udp
dev tun
ifconfig 10.8.0.1 10.8.0.2
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
reneg-sec 28800
keepalive 10 120
comp-lzo
persist-tun
status server-tcp.log
verb 4
cipher AES-256-CBC

My public IP is as expected, but it seems the DNS queries are showing the local/incorrect IP. What am I missing to protect the DNS queries?

Tilman Schmidt avatar
bd flag
Please explain which DNS queries you are talking about, what their actual results are and which results you expect or desire instead.
cn flag
This is an openvpn config, that appears to be pushing `8.8.8.8` as the DNS service to the client. Have you checked that you're getting the right routes etc when the tunnel establishes? Is the server set up to NAT the clients if that's required?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.