Comment 70 for bug 1624317

In reference to John Bedford's comment:

>bedfojo (commercial-johnbedford) wrote on 2017-06-06: #57
>Nicholas, thank you very much for your work on this patch.
>It works correctly for me: no DNS leak detected by either https://ipleak.net or >https://dnsleaktest.com for me, when both detected leaks in the unpatched version.
>Running Ubuntu-MATE 17.04.
>Could we perhaps get this upstreamed into NM?
>bedfojo (commercial-johnbedford) wrote on 2017-06-06: #58
>I should add that I'm using network-manager-openvpn and network-manager-openvpn-gnome.

I think it would be great if we could get this patch upstreamed into the network-manager!
I've attached a finalized version of the patch with a more informative / verbose syslog message that also accounts for cisco gre/gretap connections not in #49. Please use this patch when building network-manager for Ubuntu 17.04. I will also attach a .deb build of network-manager for easy installation and testing for anyone interested. So far, this is known to solve dns leaks with network-manager-openvpn but could also solve dns leaks for other VPNs that use TUN, TAP, or Cisco GRE network interfaces through the network-manager.
You should now see a message in your syslog when connecting that looks like the following:
NetworkManager[32636]: <info> [1496880041.6435] systemd-resolved[0x55cc602ce430]: Link #12 type is VPN TUN or TAP, fixing DNS leak...

Make sure to stop apt from replacing the patched .deb using:
sudo apt-mark hold network-manager
To verify that you are using the 'routing-only domain', use the command
systemd-resolve --status
and look for the line "DNS Domain: ~." under the VPN link number. Alternatively, check that you are not experiencing DNS leaks using the 'extended test' on https://dnsleaktest.com/

Cheers :)