still contacting system specified dns servers while running OpenVPN
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
still contacting system specified dns servers while running OpenVPN
Hi everybody
I use IPVanish
when connecting from my windows 10 machine everything is fine
but when connecting through OpenVPN on our Mint Linux system, a DNS Leak test shows that we are still talking to both the IPVanish servers and the system specified dns servers
I was advised by IPVanish to add 'dhcp-option DNS 198.18.0.1' to the server configuration file to force the use of IPVanish dns servers.
IPV6 is disabled
Their support guys, although very responsive, have run out of ideas.
Couple of questions:
"system specified dns servers" What system is specifying them?
To which "server configuration file" did you add the 'dhcp-option DNS 198.18.0.1'
What are the contents of /etc/resolv.conf?
What does ifconfig show?
Although I am adding to the file used by my client to contact the IPVanish server, this file is known by Linux as VPN configuration file and by IPVanish as the 'server configuration file' i.e. the file that specifies which IPVanish server to connect to and how to handle the connection'. confusing huh?
Habitual's comment about 198.18.0.1 has now confused me further as 198.18.0.1 and 198.18.0.2 are the IPVanish DNS servers https://github.com/Luen/IPVanish-Ser...-allowlist.txt (first two entries)
So why would they tell the client to use the system specified DNS servers?
I have set up a lot of Linux, Windows and IOS VPNs but have never encountered this problem before
I was just wondering if anybody else has had the same problem
..... and sorry Sean, I forgot to answer your questions
"system specified dns servers" What system is specifying them?
I meant just the DNS settings im my wireless connection that I am using (also in my router)
To which "server configuration file" did you add the 'dhcp-option DNS 198.18.0.1'
As my last post, semantics, It is the .ovpn file specifying IPVanish router
What are the contents of /etc/resolv.conf?
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
What are the "system specified dns servers" in your opening post after connecting to ipVanish service?
I use 84.200.69.80 and 84.200.70.40 (DNS.WATCH) although the problem persists with static or automatic
UPDATE:
I have just found out that different distros treat OpenDNS .ovpn files differently and there is a suggestion that in Mint, DNS specifications are ignored.
This would explain a lot and I have just experimented by removing static addresses from my network settings and my DNS requests are now being handled by the servers specified in my router.
This is the relevant section of syslog showing dnsmasq entries showing 192.168.1.1 even though an IPVanish DNS server is specified in the .ovpn file
Jul 2 23:06:23 mikep-SVE1511P1EW NetworkManager[999]: <info> [1530569183.6318] dns-mgr: Writing DNS information to /sbin/resolvconf
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: setting upstream servers from DBus
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 198.18.0.1#53(via tun0)
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 198.18.0.1#53 for domain 24.21.172.in-addr.arpa
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 198.18.0.1#53 for domain 25.21.172.in-addr.arpa
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 198.18.0.2#53 for domain 24.21.172.in-addr.arpa
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 198.18.0.2#53 for domain 25.21.172.in-addr.arpa
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 198.18.0.2#53(via tun0)
Jul 2 23:06:23 mikep-SVE1511P1EW dnsmasq[1414]: using nameserver 192.168.1.1#53(via wlp1s0)
I have read that the IPVanish DNS server should be specified in my /etc/resolv.conf and that to achieve this I should add it to my in my /etc/resolvconf/resolv.conf.d/base file and then regenerate resolv.conf
This, sadly, did not work, even after reboot. Do you know how to achieve specifying the DNS in /etc/resolv.conf
Any help would be appreciated as my brain is beginning to hurt
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.