Stopping DNS leak with VPN

Greenjorn · 06-16-2013, 12:02 PM

I have PIA vpn and on slackware. I found this guide but when I run it I lose my internet connection completely. I need help setting it up.

https://www.privateinternetaccess.co...5#Comment_1605

I messaged the dude on that forum already 2 weeks ago but still haven't got a reply, I think he's inactive.

I thought that maybe the localhost ip he gives might not correspond with my ip on the linux machine but have no clue where to check or if it really is the problem, just trying to troubleshoot.

Quote:

echo "iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> /tmp/iptables.vpn
echo "iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT" >> /tmp/iptables.vpn

What I want to happen is that when my vpn drops, my main connection immediately drops too until vpn is started again. I am a complete noob and have no clue how to set this up other than the guide above.

I am using network manager with openvpn addon for it.

moody_mark · 06-17-2013, 06:03 AM

Hi, it looks to me like this procedure adds hosts or subnets to iptables and looking at the script quickly its adding the following:

- PIA server ipsa
- localhost (127.0.0.1)
- anything i/o on interface "tun" which is usually a virtual interface created when you hook up your VPN
- anything on the local 192.168.0.0/24 network

Then at the end it looks like a deny all, well usually when you configure an ACL you stick a deny all at the end.

You say when you run this, afterwards your internet doesn't work and I think I might know why, when you try to connect to the PIA server (to setup the VPN connection right?) your computer needs to know which interface to send the packet out of. Your routing table might be configured to route to a default gateway like your home router on 192.168.0.1 which might be on eth0 interface for example. However it seems like iptables is only allowing access to the tun* interface, although access is allowed to the local network it depends on what your default gateway is in your routing table. Perhaps after you connect to your VPN you could post the output of "route -n" which will show what your default gateway is.

Unfortunately I haven't really used iptables at all, although I do have some understanding of ip networking and ACLs, perhaps you should do this:

1. Startup your machine.
2. Post the output of "route -n", "ifconfig -a" and the output of iptables (not sure of the syntax)
3. Connect to your VPN, repeat post the details in #2
4. Run your script, repeat post the details in #2

Thanks

Greenjorn · 06-18-2013, 09:22 PM

Thank you for the reply and sorry for my late response as I've been having troubles with my rig. Anyway by output of iptables do you mean the contents of iptables.vpn file?

Here are some of the other details you requested:

Quote:

VPN Turned off:

bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

bash-4.2# ifconfig -a
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:1f:bc:01:7f:26 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 46 base 0x6000

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.144 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::74df:69ff:fec1:8db2 prefixlen 64 scopeid 0x20<link>
ether 76:df:69:c1:8d:b2 txqueuelen 1000 (Ethernet)
RX packets 2273 bytes 1742371 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2198 bytes 454731 (444.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 47 base 0xc000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 36 bytes 2132 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 2132 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

With VPN Turned on:

bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.108.1.5 0.0.0.0 UG 0 0 0 tun0
10.108.1.1 10.108.1.5 255.255.255.255 UGH 0 0 0 tun0
10.108.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
109.201.154.145 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

bash-4.2# ifconfig -a
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:1f:bc:01:7f:26 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 46 base 0x6000

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.144 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::74df:69ff:fec1:8db2 prefixlen 64 scopeid 0x20<link>
ether 76:df:69:c1:8d:b2 txqueuelen 1000 (Ethernet)
RX packets 2206 bytes 1720744 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2114 bytes 438842 (428.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 47 base 0xc000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 33 bytes 1976 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33 bytes 1976 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.116.1.6 netmask 255.255.255.255 destination 10.116.1.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 2141 bytes 1563679 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2039 bytes 278604 (272.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

With script and vpn runningconnection drops)

bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.108.1.5 0.0.0.0 UG 0 0 0 tun0
10.108.1.1 10.108.1.5 255.255.255.255 UGH 0 0 0 tun0
10.108.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
109.201.154.145 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

ifconfig -a
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:1f:bc:01:7f:26 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 46 base 0xe000

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.144 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::74df:69ff:fec1:8db2 prefixlen 64 scopeid 0x20<link>
ether 76:df:69:c1:8d:b2 txqueuelen 1000 (Ethernet)
RX packets 3640 bytes 2683586 (2.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3327 bytes 649844 (634.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 47 base 0xe000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 107 bytes 7424 (7.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 107 bytes 7424 (7.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.108.1.6 netmask 255.255.255.255 destination 10.108.1.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 1219 bytes 712347 (695.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1732 bytes 287401 (280.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0