Ask Your Question
1

fix dns leaks private internet access

asked 2015-09-30 18:37:10 -0500

jbodhorn gravatar image

I'm having an issue with openvpn where its leaking my actual info when I do a dns leak test at https://www.dnsleaktest.com or anywhere else, my vpn info doesn't even show up. When i check my ip with http://www.whatsmyip.org it shows my vpn info, checking systemctl status -l openvpn@vpn.serviceeverything shows that it's connected with no errors. I changed my conf file to verb 6 to try to get more info but I can't even seem to find the logs atm, I'm sure I'll find them in a bit, but I'm not too good at reading logs and using them to fix stuff yet anyways.

My vpn service is through http://www.privateinternetaccess.com and they don't offer support for fedora, they point people to their forums. I've asked for help in the forums but haven't gotten any replies. I've tried a script that is supposed to stop dns leaks but it doesn't seem to work even though it says it's active, plus I have to leave it running in a terminal window for it to run, I don't know how to make it run in the background... The iptables script I tried is here: https://www.privateinternetaccess.com...

I tried to paste the code in a box but it only pastes #!/bin/bash in the code box and everything else ends up below the code box, I don't have enough points the post an attachment either... If someone can tell me how to make the code box bigger so I can paste into it I'd be quite appreciative, the line after #/bin/bash is blank, there are a bunch of blank lines in this script, I'm not sure if that presents a problem when using the code box but it sure seems like it...

I'm just lost atm and don't know where to start, I'm pissed I'm paying for a service that isn't even working, I'm pissed at myself that I decided to go with a service that doesn't offer support for my OS, but at that time I didn't know about issues like dns leaks. I thought all I have to do was import the conf file through network manager or start it on boot as I have set it up to do, and that was it, apparently there is a lot more to using a vpn than turning it on, thanks in advance to anyone who tries to help

edit retag flag offensive close merge delete

Comments

The formatting for a code box looks for indents of.. three or four spaces. Or you can highlight the copy and press the button.

randomuser gravatar imagerandomuser ( 2015-09-30 19:50:41 -0500 )edit
1

While they claim to provide a secure in-house DNS access I too noted this weird issue with PIA when trying the service some time ago, that's why I'm using another VPN provider now. If you already bought their plan and are stuck with them you can add a thin layer of security using dnscrypt-proxy.

msx gravatar imagemsx ( 2015-10-01 07:36:54 -0500 )edit

3 Answers

Sort by ยป oldest newest most voted
0

answered 2015-10-12 00:36:58 -0500

DNS requests are different from HTTP and other types of traffic. The DNS request only says "What computer hosts example.com?" and a separate request retrieves the content from example.com . Someone that can see your DNS traffic knows what sites you've visited, but not what you've done there. The actual traffic should still be going through the VPN.

If you don't want a particular entity to see your DNS requests, you cannot use their DNS servers. It's not a flaw in the service, it's just the way things work. If you want more privacy, install bind and run your own resolver.

edit flag offensive delete link more
0

answered 2015-10-12 01:44:16 -0500

Kord gravatar image

What you need to do, is to open the VPN connection that you've created (my SSD crashed yday so I won't be able to provide screenshots how it looks for me) and add the PIA dns servers there and run the dnsleak test, it should show you the IP for your VPN only.

Regarding your second question, about screwing things over, you may want to do a test, i suppose split tunneling is not available for security reasons, but your personal drives connected to your router should still be accessible. Please check and let us now.

edit flag offensive delete link more

Comments

Where would I add PIA's DNS?I thought that is supposed to be taken care of with the server/client conf files. I don't know what their server conf looks like but here is the client conf they provide, I've edited it to add a login text so I don't have to enter a password client dev tun proto udp remote us-east.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt tls-client remote-cert-tls server auth-user-pass /etc/openvpn/login.txt comp-lzo verb 1 reneg-sec 0 crl-verify crl.pem

jbodhorn gravatar imagejbodhorn ( 2015-10-15 13:53:17 -0500 )edit

the stupid code box isn't working, I've tried indenting each line, I've tried copy/paste of the enter text here code box, I can't enter code the has more than one line, it only shows the first line as code and the rest as plain text. plus these reply spaces are too small for me to type a whole detailed comment...

jbodhorn gravatar imagejbodhorn ( 2015-10-15 16:36:27 -0500 )edit

When you're opening Network Manager you should see your VPN connection, from there mark it and click on the cogwheel to go into settings, there pick advanced and add PIA dns servers: 209.222.18.222 and 209.222.18.218 (those can be checked on PIA's site). Once done, your requests will be send through those servers.

Kord gravatar imageKord ( 2015-10-16 02:03:20 -0500 )edit

Kord, I think that seems to have worked and my drives are still accessible too. How would I do it if I'm not using network manager? I have openvpn set to connect on boot to the vpn, it doesn't go through network manager doing it that way, it just loads the conf file.

jbodhorn gravatar imagejbodhorn ( 2015-10-19 00:50:37 -0500 )edit
0

answered 2015-10-11 19:58:57 -0500

jbodhorn gravatar image

So far the only suggestion I've gotten is to replace the nameservers listed in my /etc/resolv.conf with PIA's namesservers. I tried doing this but my conf gets overwritten by network manager. I tried to change them through network manager but I can only seem to add servers, I couldn't find a way to remove the ones that were there.

If I were to remove the current nameservers(I have verizon fios) would I want to leave my router(192.168.1.1) and just get rid of the verizon dns server(68.237.161.12)? or would I need to remove them both?

What I don't want to do is mess up my access to my networked hard drives, this is why I was asking about the 192.168.1.1 address, also I still have to be able to connect to my home network before I can even access the vpn so I don't need that getting screwed up either.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2015-09-30 18:37:10 -0500

Seen: 3,446 times

Last updated: Oct 12 '15