Comment 4 for bug 1634689

Also noticed this. when using a couple of example setup files (different servers) that worked without leak in 16.04, in 16.10 there is dns leak. I am not sure how to exactly send requests mean for VPN but would be willing to try if I can figure it out. The rest of the information is below.

How is the VPN configured on the client?

Export of VPN settings as .ovpn:
client
remote <server> <port>
ca <ca cert>
cert <cert>
key <key>
comp-lzo yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nm-openvpn
group nm-openvpn

vpn conf at /etc/NetworkManager:

[connection]
id=<id>
uuid=<uuid>
type=vpn
permissions=
secondaries=
timestamp=<timestamp>

[vpn]
connection-type=tls
remote=<IP>:<port>
comp-lzo=yes
cert-pass-flags=0
cert=<cert>
dev=tun
key=<key>
ca=<ca>
service-type=org.freedesktop.NetworkManager.openvpn

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto

Is it set up to "Use this connection only for the resources on its network"? Is that the case for both IPv4 and IPv6?
No, and no.

What are the contents of /etc/resolv.conf?

/etc/resolve.conf while VPN is running:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search home