DNS Leak with OpenVPN

Stryker · January 23, 2023, 7:39pm

Hello,

I'm attempting to route my DNS queries through the OpenVPN interface, tun0. The only way I seem to be able to accomplish this is to use a redirect rule to forward all traffic on port 53 to my VPN providers DNS servers. However, when running a leak test, it shows OpenDNS servers and not the VPN providers. The OpenDNS servers are what I'm adertising to on the WAN interface. I've unchecked the "Use DNS servers advertised by peer" option on the VPN interface and entered the VPN providers DNS servers to the custom DNS servers, but it seems those are ignored. If I remove the redirect rule, I see the queries going out the wan interface, eth1, instead of the tun0 VPN interface. Any help would be appreciated!

lleachii · January 23, 2023, 8:39pm

Assigning DNS servers on other interfaces does little. There's quite a few [recent] threads on this here's one:

You can choose any DNS server you wish, it doesn't have to be the example (1.1.1.1).

Stryker · January 23, 2023, 9:25pm

Would you mind elaborating on how I might route the IP of the DNS over the tunnel interface?

lleachii · January 23, 2023, 9:50pm

Sure.

config route
        option target '1.1.1.1'
        option netmask '255.255.255.255'
        option interface 'tun0'

or

config route
        option target '1.1.1.1/32'
        option interface 'tun0'

See:

So if you configure your clients to use 1.1.1.1 - it will use the tunnel. Again, you can use any DNS server IP: Quad9, Google, etc.

Stryker · January 25, 2023, 9:41pm

Thanks, I found the problem. I'm using VPR to split my VPN tunnel and had not applied an additional IP address that was being used when I connected to my work VPN. Added that, and no more leak.

system · February 4, 2023, 9:41pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.