Answer the question
In order to leave comments, you need to log in
How to fix DNS leak on OpenVPN?
Configured OpenVPN on an AWS instance with the script https://github.com/Nyr/openvpn-install
A problem came up - DNS Leak.
Googled the solution:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Answer the question
In order to leave comments, you need to log in
Kill with a firewall on the client everything that flies to port 53, except for the vpn subnet.
Fix dns leak
try adding a line block-outside-dns
to the client.conf file (according to which client configs will be generated), while of course it is necessary to generate and deliver new configs to clients.
Also use the latest versions of openVpn for both server and clients.
It is necessary to transfer DNS from the server side to the client, and on the client, as already mentioned above, cut outgoing and incoming traffic on port 53 everywhere except for the tun interface.
Of course, in this case, the VPN server address must be indicated in digital form. Not domain.
iptables on the client will look something like this:
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o eth0 -d adresservera -p udp -dport vpnport -j ACCEPT
-A OUTPUT -j DROP
push "dhcp-option DNS 10.1.10.1"
push "redirect-gateway"
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question