Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

How to fix DNS leak on linux ?

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter the letters that are written in red.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: How to fix DNS leak on linux ?

Re: How to fix DNS leak on linux ?

Post by parityboy » Fri Sep 01, 2017 8:50 pm

LazyAss wrote:Nice information. Compared to messing around with up/down scripts and openvpn settings, this is a more bulletproof method.

Would it be possible to add a "Rules.v4" to the Linux section on Github populated (and updated) with all the current CS exit node IP's? Maybe add a small readme with the basics of this thread as well. Job done.


That sounds like a good idea. :)

Re: How to fix DNS leak on linux ?

Post by LazyAss » Wed Aug 30, 2017 5:42 am

Nice information. Compared to messing around with up/down scripts and openvpn settings, this is a more bulletproof method.

Would it be possible to add a "Rules.v4" to the Linux section on Github populated (and updated) with all the current CS exit node IP's? Maybe add a small readme with the basics of this thread as well. Job done.

Re: How to fix DNS leak on linux ?

Post by parityboy » Mon Aug 07, 2017 8:52 pm

@OP

Try this.

Code: Select all

sudo apt-get install iptables-persistent


Then edit /etc/iptables/rules.v6 to look like this:

Code: Select all

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
COMMIT


Now edit /etc/iptables/rules.v4. The idea is to permit traffic over eth0 to the exit nodes, but everything else goes over the tunnel.

Code: Select all

*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]

# Permit/accept traffic from localhost
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -s 127.0.1.1/32 -d 127.0.1.1/32 -j ACCEPT
-A OUTPUT -s 127.0.1.1/32 -d 127.0.1.1/32 -j ACCEPT

# Permit/accept traffic to NL exit node
-A INPUT -i eth0 -s 213.163.64.209/32 -p udp --sport 443 -j ACCEPT
-A OUTPUT -o eth0 -d 213.163.64.209/32 -p udp --dport 443 -j ACCEPT
-A INPUT -i eth0 -s 185.107.80.85/32 -p udp --sport 443 -j ACCEPT
-A OUTPUT -o eth0 -d 185.107.80.85/32 -p udp --dport 443 -j ACCEPT

# Only permit/accept other traffic if it's going/coming over the VPN tunnel
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
COMMIT


Now do "sudo iptables-restore /etc/iptables/rules.v4" and the firewall will be active. This method means that you'll need to make sure that the IP addresses of all current nodes are in your firewall rules.

How to fix DNS leak on linux ?

Post by nullstrike » Mon Aug 07, 2017 8:16 pm

I got the OpenVPN config from GitHub and I fallowed the indications to disable IPv6 and to add those 3 lines in the .ovpn config file.
After a visit to https://ipleak.net I saw that I still have a DNS leak with the IP from my ISP.

How to fix this major issue ?

I'm using Linux mint 18.1 Serena, and I tried it through NetworkManager and directly from terminal, in both cases I have the same issue.

Thanks!

Top

Nothing to display.

Login