PIA client on ubuntu 17.04: DNS leak
Hey,
I noticed that I have a DNS leak when I use the PIA client on the new ubuntu 17.04 release. Ubuntu switched to systemd-resolvd as DNS daemon, so perhaps the problem is related to that. I noticed that some of my DNS queries (not all of them strangely enough) went to my local router instead of going through the VPN tunnel (and that router of course passes it to my ISP).
Is this a known bug? I could switch to pure OpenVPN, but I liked the hassle free client.
With kind regards,
Marcarrelus
I noticed that I have a DNS leak when I use the PIA client on the new ubuntu 17.04 release. Ubuntu switched to systemd-resolvd as DNS daemon, so perhaps the problem is related to that. I noticed that some of my DNS queries (not all of them strangely enough) went to my local router instead of going through the VPN tunnel (and that router of course passes it to my ISP).
Is this a known bug? I could switch to pure OpenVPN, but I liked the hassle free client.
With kind regards,
Marcarrelus
Comments
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391
but then it will likely get marked as duplicate of:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317
This is because 17.04 moved to systemd-resolved
I tried to switch back to dnsmasq, by:
sudo apt install dnsmasq
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved.service
then remove the /etc/resolv.conf symlink
and adding dns=dnsmasq in NetworkManager.conf and restarting network-manager (and note resolv.conf symlink get recreated but this time pointing to networkmanager instead of /run/resolvconf/resolv.conf )
however dns resolution seems to stop working altogether when I activate the VPN connection via the PIA client.
So right now I'm in the situation where systemd-resolved leaks DNS, and dnsmasq doesn't work with VPN.
I guess we'll have to wait for the aforementioned bug to be resolved?
sudo nano /etc/NetworkManager/NetworkManager.conf
add this line in main section:
dns=none
disable and stop systemd-resolved as described in my previous post
sudo service network-manager restart
sudo nano /etc/resolv.conf
#add your normal dns server(s)
nameserver 8.8.8.8
nameserver 8.8.4.4
now you should have manual control over dns plus no more dns leak :-)
Will PIA and/or Ubuntu work at a default workaround so this issue (the leak problem) is avoided 'OOTB' (out of the box) meaning in future Ubuntu and PIA editions, it might not leak and we won't need to edit our config files for Network Manager and DNS configuration?
VPNs are commonplace now and used frequently by many people so Ubuntu/VPNs should accommodate or (how to describe this?) try to anticipate DNS leaking and how connections to (the servers) occur over time, over new versions of programs/software etc.? I hope I make sense.
Actually, this is a very solid workaround. The reason you have no connection when you reboot is because DHCP is overwriting your resolve.conf file at startup. If you edit /etc/rc.d/rc.inet1.conf file to have DHCP not overwrite your custom server setting you'll have no problem whatsoever.
#DHCP_KEEPRESOLV[4]="yes"
It's as simple as uncommenting this line
You go get the giraffe and I'll fill the bathtub with brightly colored screwdrivers.
observe the content of resolv.conf after system reboot and network interface is up.
observe the content of resolv.conf again after VPN is up.
try it.