-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] DNS leaking with systemd-resolved #47
Comments
I tried this on a fresh install and the issue isn't present there. I'm not quite sure what I'm doing differently. 😔 Update: The difference seems to be the presence of the |
Thanks for this extensive explanation. I can also only replicate this with the As ProtonVPN-CLI doesn't require to have systemd installed, I'm not sure if this should be handled in the program. I'm also not sure how to properly handle this. As a default installation doesn't experience this, I don't think it's right to work around the errors introduced by another package. |
Hey Rafficer, thanks for taking the time to look into this and verify that ProgressAfter further research, I found that it more specifically involves the
Reverting the change to remove
Unfortunately, I've had mixed success with this. Sometimes DNS leaks after removing the nsswitch section, sometimes it doesn't. More digging needs to be done, but I hope this is at least a start. Arguments for systemd-resolved support
There is a mass exodus of users looking to switch away from another major VPN provider, so now may be a good time for the folks at ProtonVPN to step on the gas for Linux support, one of the things the competitor -- to its credit -- does well. I'm new to ProtonVPN and trying a couple of other services too. ProtonVPN stands out as my favorite with the exception of this DNS leak issue. Again, thanks so much for all of the hard work you've put into this! I hope my findings and comments are helpful to you. |
I also toyed with adding a few lines to the
Checking |
I am also facing this issue and this workaround seems to have fixed it for me too. Since this ticket is almost a year old, is there any update on this? |
The Linux clients are currently being rewriten, so no new commits will be made to fix this. |
The new linux beta-client does not support headless servers. Unless Im mistaken, is it not possible to use NetworkManager on a headless server setup? It wasnt untill i started working on a different bug, that I realised my DNS queries were going to my ISP DNS, via enp0s10. The client said i had "DNS Leak Protection".. I took it at its word. Im really sorry to say, that I shall be looking for a new VPN provider. |
Describe the bug
DNS requests still leak through the physical interface's servers on Ubuntu 18.04 with PVPN DNS Leak Protection enabled.
When connecting to PVPN, the CLI tool will modify the systemd-resolved config in an effort to route DNS traffic to the PVPN DNS server,
10.8.8.1
. However, it seems to do this with the Global config, not thetun0
interface. Here are outputs of severalsystemd-resolve --status
runs, altered and snipped for brevity.No VPN
ProtonVPN
Third-party VPN
I currently have two other VPN providers and they both handle the systemd-resolved config in about the same way. The PVPN method is different and results in my regular DNS servers appearing in DNS leak tests.
Modifying the systemd-resolved config myself after connecting to PVPN temporarily fixes the issue until I disconnect.
To Reproduce
Steps to reproduce the behavior:
$ protonvpn c -f
Expected behavior
My guess is that you'd want the PVPN CLI to set the DNS server on the
tun0
interface, not in the Global config.Error Messages
Just a few debug messages showing I have DNS Leak Protection enabled.
Desktop (please complete the following information):
Additional context
I noticed that the CLI tool relies on directly modifying the resolv.conf file in place, so this may not be a trivial fix. The third-party VPN client does not modify the resolv.conf file, and I wish I could find exactly how it does it.
Thanks for the hard work!
The text was updated successfully, but these errors were encountered: