How can I fix DNS leaks on Trisquel GNU/Linux?

7 replies [Last post]
anonymous

I have seen various forum posts on here addressing the issue and nothing has helped. I disabled IPv6 at the kernel level (because my VPN is IPv4 only), I added lines to by OpenVPN config file to 'fix' the leak, and still my DNS leaks behind my VPN. I browsed a number of Ubuntu specific forums as well to no avail. Everything is unencrypted, my ISP has unfettered access to my life when I run Trisquel on my Libreboot. This is an unacceptable violation of my right to privacy in my view. Tor is usually my default browser for everything, however, I still like to torrent/ use services like as PopcornTime. Unfortunately this is not possible with the default settings on Trisquel currently as I cannot use a VPN without several DNS leaks.

So, to those who have done it, how did you do it?

I know Ubuntu and Ubuntu based GNU/Linux distributions are horrible with DNS leaks. Fedora and RHEL, for whatever reason, do not leak by default. Perhaps someone better with code than myself could look into how they configure their networking to make this so and implement it into future versions of Trisquel. Just a thought.

Thanks!

lain7
Offline
Joined: 05/07/2018

I went through the same DNS leak problem.
At first I was able to solve it by adding the following to my .ovpn file and manually running openvpn as root.
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre

This wasn't really an acceptable answer to me, because I wanted to use the network manager applet.
Without adding the previous lines to my .ovpn files it turns out installing the following packages and rebooting has eliminated the problem.
openresolv nscd unbound

Also, I used https://dnsleaktest.com/ to test for leaks and it can be used without javascript.

GNUser
Offline
Joined: 07/17/2013

If you don't mind helping me out, where is that ".ovpn" file that you talk about?
I use BitMask which is I assume based off OpenVPN. I have tried installing those packages you mention and reboot and run as root, didn't solve anything. I only get DNS leaks in Trisquel 8 so maybe there is some manual configuration necessary??
I was hoping you could tell me where that file is so I can edit it myself and check the results.

Thanks

GNUser
Offline
Joined: 07/17/2013

I use BitMask VPN which apparently solves the issue of DNS leaks.
I have also made a firewall configuration that allows connections ONLY to my VPN IP.
I don't know if these are enough or not but I also test every once in a while with dnsleaktest.com and whoer.net to check if my DNS appears. up to this time it has not failed me.

EDIT: misspelled a website.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

GNUser senor, are you using the repo? If so, does 0.10.5 work for you? It hasn't been working for over a month here. (that is ever since they upgraded it to that one last version) :/

GNUser
Offline
Joined: 07/17/2013

Sorry, never noticed your reply until today. Well, RiseUp was having an issue with their service, but all is working well now. I guess.

As for DNS leak, I have to say, I was not having that problem with Trisquel 7, but now in Trisquel 8 I have those. I have installed the packages recommended above and ran BitMask as superuser and nothing... Still get DNS leaks.
I have tried using my firewall to block all traffic except to my VPN provider and it also allows DNS leaks. I am running out of ideas :(

GNUser
Offline
Joined: 07/17/2013

Any news on this? I keep getting DNS leaks... Should we open a but ticket? What can we do??
In Trisquel 7 still works perfectly, but in 8 we have this issue... :(

GNUser
Offline
Joined: 07/17/2013

Hey guys,

I noticed that Trisquel 8 has no IPV6 connectivity. I checked with Abrowser default settings and no VPN running and it get's me a "no IPV6 connectivity". So........ I think that might be the problem. I will explain:

In Trisquel 7 I used BitMask to use VPN. BitMask actually disables IPV6 on it's own, so when I (mistakenly) run a command to disable IPV6 on my OS, BitMask wouldn't even connect to the VPN. Fast forward today, and it got me thinking, since Trisquel 8 has no IPV6 connectivity by default, it might be interfering with the normal operation of BitMask (which is based on OpenVPN, so the same principles might apply) and preventing it from dealing with DNS leaks. Does that make sense??

How do I enable IPV6 in Trisquel 8? At least temporarily so I can test this out. Thanks.