Ubuntu
network-manager-openvpn package

dns leak

Bug #1690759 reported by Adrian
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Using the network manager to set my OpenVPN I have a DNS leak after connecting to my secured network which also provides Internet connection.

I think solution is here: http://www.ubuntubuzz.com/2015/09/how-to-fix-openvpn-dns-leak-in-linux.html

However, I didn't find in the network manager windows any place to set those scripts.

ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: network-manager-openvpn-gnome 1.2.6-2ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
Uname: Linux 4.10.0-20-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Mon May 15 10:32:38 2017
InstallationDate: Installed on 2015-04-02 (773 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
SourcePackage: network-manager-openvpn
UpgradeStatus: Upgraded to zesty on 2017-04-18 (26 days ago)

Revision history for this message
Adrian (adrianf0) wrote :
Revision history for this message
Vincent (dawansv) wrote :

Adrian:

My understanding is that as of Ubuntu 16.10 (and this for 17.04 as well), DNS resolution is handled by systemd-resolved and not dnsmasq as in 16.04 and previous.

In earlier versions (using dnsmasq), when using openvpn directly from the console using a client configuration file, we had to use a script (called update-resolv-conf) to properly register the dns settings when connecting. I would assume that network-manager-openvpn runs a similar script for you in the background. The problem is that as of 16.10 and systemd-resolved that script does not play well with systemd-resolved, and therefore creates a leak.

Until network-manager-openvpn is updated to handle dns registration with systemd-resolved, you might need to revert to connecting to your vpn from the console (navigate to /etc/openvpn and calling sudo openvpn --config client.conf from the console). But first you need to create a client configuration file that has essentially the same info that you provide via the gui interface.

OpenVPN provides a sample file here:
https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf

Then to stop the dns leak you need to copy the update-systemd-resolved script to your /etc/openvpn directory and add a call to the update-systemd-resolved at the end of your client file. I explain this in this post:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317/comments/42

Sorry if this is a bit technical, but hopefully you can get it to work.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.