C
C
cacoxo2017-05-19 16:16:17
linux
cacoxo, 2017-05-19 16:16:17

How to fix DNS leak on OpenVPN?

Configured OpenVPN on an AWS instance with the script https://github.com/Nyr/openvpn-install
A problem came up - DNS Leak.
Googled the solution:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

At first he was delighted, because. at the first check, the leak disappeared, but I noticed that if you reload the page several times, the leak still pops up.
How to fix? Ubuntu 16.04

Answer the question

In order to leave comments, you need to log in

5 answer(s)
D
Dmitry, 2017-05-19
@TrueBers

--block-outside-dns

K
ky0, 2017-05-19
@ky0

Kill with a firewall on the client everything that flies to port 53, except for the vpn subnet.

M
m5xim, 2017-05-27
@m5xim

Fix dns leak
try adding a line block-outside-dnsto the client.conf file (according to which client configs will be generated), while of course it is necessary to generate and deliver new configs to clients.
Also use the latest versions of openVpn for both server and clients.

Y
younghacker, 2017-06-05
@younghacker

It is necessary to transfer DNS from the server side to the client, and on the client, as already mentioned above, cut outgoing and incoming traffic on port 53 everywhere except for the tun interface.
Of course, in this case, the VPN server address must be indicated in digital form. Not domain.
iptables on the client will look something like this:

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o eth0 -d adresservera -p udp -dport vpnport -j ACCEPT
-A OUTPUT -j DROP

a piece of the openvpn server config:
push "dhcp-option DNS 10.1.10.1"
push "redirect-gateway"

Of course, DNS must be proxied or forwarded from the outside through the tunnel.
If it's still relevant, knock on Skype - I'll explain/help.

R
RZYR, 2019-04-09
@RZYR


Either add block-outside-dns to the ready-made client config Or push "block-outside-dns"
to the server config Taken from here: https://forums.openvpn.net/viewtopic.php?t=22039 tested, works.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question