Tutorial - Resolving DNS Leak

I was scratching my head since few hours to resolve the DNS leak in Open VPN. I'm using Nord VPN and fought with DNS leaks on Ubuntu and Open WRT couple of hours from morning and finally figured it out once and for all.

Mercy-- This is a guide from a newbie who recently installed Linux/OpenWRT and learning from scratch.

DNS leak is a known bug in Ubuntu 17.04 and 16.04. That same bug(I can't call it a bug on LEDE but same work around applies) affects Open VPN running in LEDE.
Following instructions are precisely for LEDE and can be applied to all Linux distros too if you are facing DNS leak in Open VPN.

If you are running Linux or its distros and successfully incorporated Open VPN into it, You can find a file called 'update-resolv-conf' in /etc/openvpn. Copy the same file into LEDE /etc/openvpn

Add these lines at the ending of your .ovpn file

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Restart Firewall, Network Manager and Open VPN
That's it. There shouldn't be any DNS leak if you set everything properly prior to this work around.

P.s.- This is for the users who are able to see their VPN provider DNS but also at the same time leaking their own or Google DNS servers. You can check it on https://www.dnsleaktest.com/

Note- If you are the user who didn't configure Open VPN in Linux or still using Windows, It is highly unlikely you could get hold of the update-resolv-conf file. I can upload it for you guys if VPN masters in this forum certify if that file is safe to share without any sensitive info like credentials.

Update 1- It was working fine for one hour but It began leaking Google DNS servers after writing this article. Restart of Firewall, Network Manager and Open VPN fixed it again immediately with no leakage. I will be testing it for few days and update this thread and in the meanwhile, suggestions from experts here are also greatly helpful.

Update 2 - Ok! This is weird, A reboot broke entire VPN connection causing it to stop. Manually removing the lines added into above ovpn file and rebooting the router restores the connection back with DNS leaks. After the reboot, had to follow the above process again to prevent such leak but it only works for certain amount of time or until router reboots. We have to restart the Open VPN after certain intervals for it work.
Expertes needed, as we already made it partially- A simple edit can prevent this which I'm not able to find out. Any suggestions??

Update 3 - Finally figured it out and it is f****** hilarious fix.
All i have to do is disable IPv6. LOLLLLLL ! The above steps are necessary if your VPN provider constantly changes DNS addresses. Nord VPN doesn't do that and these won't apply in my case. However, the above workaround can be used on Linux :slight_smile:

Modifying the overlay directly (/overlay/upper/) is usually not a good idea, work on /etc/openvpn directly.

1 Like

Thanx for the safety indication :slight_smile:
I edited it in the op.