Comment 13 for bug 1652525

So, as promised, the logs. The only thing I needed to replicate the issue was to add again a DNS server on the network manager configuration. I found out that removing it from there + using UFW was doing the trick (meaning the test didn't crash when tried to resolve using the alternative DNS server and the possible rogue requests are stopped).

For this I'm using openvpn on the CLI. The issue was more or less the same for the openvpn-nm applet but I wasn't able to find a way to get it to work there.

For connecting I use ovpn files with these options:

client
dev tun
proto udp
remote us-ga.gw.ivpn.net 2049
auth-user-pass /home/tux/pass.txt

resolv-retry infinite
nobind
persist-tun
persist-key
persist-remote-ip

cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
ns-cert-type server
verify-x509-name us-ga name-prefix
key-direction 1
comp-lzo
verb 3

;ca ca.crt
<ca>
-----BEGIN CERTIFICATE-----
(...)

</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
(...)
-----END OpenVPN Static key V1-----
</tls-auth>

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
script-security 2