© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Please note that this patch and fix only works for Ubuntu 17.04 which relies on
systemd-resolved as a DNS/DNSSEC stub resolver, as well as an LLMNR resolver.
You also need to be using a network-manager plugin like network-
Install and configure an openvpn connection after going 'sudo apt-get install network-manager-
openvpn-gnome', importing a config file, connecting (if possible), and observing the fact that
there are DNS leaks (queries WILL be routed to your ISP) with online tools like those at
https:/
over all configured domains on all interfaces by design unless a specific system bus call is made.
In this case, the SetLinkDomains(in i ifindex, in a(sb) domains) method, if passed
the interface index followed by an array containing the "routing-only" domain "~."
(see https:/
But enough with the technical details, lets move on to the fix!
First, make sure you have all necessary packages to build the network manager, install with:
sudo apt update
sudo apt-get build-dep network-manager
cd ~/Documents
mkdir nm && cd nm
apt-get source network-manager
cd network-
Copy the patch file into the network-
cp ~/Downloads/
Apply the patch with:
patch -p1 < resolved-
Remove patch from source directory before compilation:
rm resolved-
Compile and build .deb package for installation (this will take a while):
dpkg-buildpackage -us -uc -b
The compiled .debs should be in the parent directory you created nm:
cd ../
First, stop all network services:
sudo service network-manager stop
sudo service networking stop
Install just the patched network manager (the other .debs are not necessary):
sudo dpkg -i network-
Bring network services back up:
sudo service networking start
sudo service network-manager start
Connect to standard openvpn via network-
Search the syslog for something like:
NetworkManager[
TUN or TAP, fixing DNS leak...
and verify that the VPN link (for example tun0) includes the descriptor:
DNS Domain: ~.
using the command:
systemd-resolve --status
When compiling network manager, several bogus links are created and will show up when
you type 'systemd-resolve --status', don't worry they will disappear once you reboot.
Then open your browser, navigate to https:/
You should only see your VPN provider's DNS servers. For example, with PIA you should see
something like:
Test complete
Query round Progress... Servers found
1 ...... 1
2 ...... 1
3 ...... 1
4 ...... 1
5 ...... 1
6 ...... 1
IP Hostname ISP Country
173.239.220.5 ip-5-220-
Now, to prevent Ubuntu apt from replacing your patched, VPN-DNS-leak-free version of network manager that relies on systemd-resolved, use the command:
sudo apt-mark hold network-manager
Thats all, you're done. Congrats, no DNS leaks on Ubuntu 17.04!
I hope that I was able to make your life easier and more secure using openvpn or other
vpn services through the built-in GUI for the Gnome NetworkManager on Ubuntu 17.04 :)
(Side note: I am a college student and C/C++ dev who loves Ubuntu <3 Also, this took quite a bit
of research on the GLib API, systemd-resolved API, and much much tracing using our good friend
'grep -r' for built in functions and enums of the Gnome network manager itself. No additional
compiler warnings are generated, the patch conforms to the C90 standard, and the syntax style
used throughout the network manager source code was maintained.)
I will attach the small text patch generated using 'diff -u' along with the patched generated
.deb file for your convenience. Cheers, and I hope this helps you all!