OpenVPN DNS leaks?

LoudLemur

I just tried testing an OpenVPN connection setup on Cloudron. It looked like there were DNS leaks.

What additional steps might be necessary inorder to eliminate the DNS leaks?

girish

How did you determine there are DNS leaks? Which OS/device are you using? In OpenVPN, the device must respect the DNS configuration pushed by the OpenVPN server. The DNS will leak if it ignore this.

LoudLemur

@girish The tool was visiting:
https://dnsleaktests.com
which is apparently the tool banks use.

The Operating System was Windows 10 on a PC.

nebulon

That link seems a bit wrong, did you mean https://dnsleaktest.com/ ?

But more generally, what exactly is this DNS leak in the context of the OpenVPN app? If DNS queries leave your system without using the VPN and thus creating some query leak, then this is more likely a client issue, however I am just purely guessing what DNS leak might refer to in this context

girish

@LoudLemur Just to double check are you able to test this on another device/OS as well?

ZeZaung

@girish I am having this issue also using openwrt and am unable to discern how to solve this.

The lines of code added to the ovpn file generated via cloudron goes like this

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

This seems to work to fix the dns leak issue on mac os or microsoft clients. However, when I try the same config with openwrt (a router), it doesn't work.

I have opened a support ticket on OpenWrt about this. Strange, since other VPN services which provide ovpn files do not have this dns leak and did not require the above block of code to be added beneath 'script-security-2'

girish

Maybe @mehdi has some ideas here since he wrote the initial app.

If I understand correctly, you are trying to put the OpenVPN certs into openwrt and this somehow leaks DNS. How are you testing this?