How to Fix DNS leak issue with OpenVPN in Ubuntu

October 11, 2024

5 minutes

23 Views

When you connect to a VPN your internet traffic should be routed through the VPN server ensuring your privacy and security. DNS leaks can compromise your privacy by exposing your browsing activity to your Internet Service Provider (ISP) or other third parties even when you are using a VPN.

In this article, we will address the issue through understanding, detecting, and fixing DNS leaks when using OpenVPN on the Ubuntu system.

What is OpenVPN

OpenVPN is a popular open-source VPN solution that provides secure point to point connections. However, one common issue users face is DNS leaks which can undermine the privacy benefits of using a VPN.

Understand DNS Leaks

DNS stands for Domain Name System is responsible for translating domain names into IP addresses. When you use a VPN your DNS queries should be routed through the VPN tunnel to ensure privacy. A DNS leak occurs when these queries bypass the VPN tunnel and are sent directly to your ISP’s DNS servers exposing your browsing activity.

Common Causes

Several factors can cause while using Ubuntu DNS leak OpenVPN:

If OpenVPN is not configured to use the VPN’s DNS servers, DNS queries may bypass the VPN tunnel.
Ubuntu uses systemd-resolved for DNS resolution which can conflict with OpenVPN’s DNS settings.
NetworkManager may override DNS settings causing leaks.

Detecting DNS Leaks

When you install OpenVPN on Ubuntu system you might encounter the DNS leaks issue. To fix this issue you need to detect them. Here are a few methods:

Online Tools

Several online tools can help you detect DNS leaks like DNSLeak Test and IPLeak. Run these tests while connected to your VPN. If the DNS servers listed are not those of your VPN provider you have a DNS leak.

Command Line

You can also use the resolvectl command to check DNS settings:

resolvectl status

Look for the DNS servers assigned to the tun0 interface used by OpenVPN. If it shows your ISP’s DNS servers you have a DNS leak.

Fixing DNS Leaks

Following are methods described below to prevent DNS leak OpenVPN on Ubuntu system:

Method 1: Using OpenVPN Script

OpenVPN includes a script called update-resolv-conf that can update DNS settings when the VPN connects and disconnects. To download the script type the following command:

sudo wget -O /etc/openvpn/update-resolv-conf https://raw.githubusercontent.com/masterkorp/openvpn-update-resolv-conf/master/update-resolv-conf.sh

Now grant permission to script with the following command:

sudo chmod +x /etc/openvpn/update-resolv-conf

Add the following lines to your .ovpn configuration file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Now restart your OpenVPN with the following command:

sudo systemctl restart openvpn@client

Configure OpenVPN on Our Best Ubuntu VPS

Experience the dependability of the world’s leading Linux distribution combined with the flexibility of a virtual server. Enjoy ultra-fast speeds and minimal latency.

Best Ubuntu VPS

Method 2: Configure systemd-resolved

Ubuntu uses systemd-resolved for DNS resolution which can conflict with OpenVPN. You can configure systemd-resolved to work with OpenVPN. To install openvpn-systemd-resolved type the following command in the terminal:

sudo apt install openvpn-systemd-resolved

Modify your OpenVPN Configuration by adding the following lines to your .ovpn configuration file:

script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved

Now restart your OpenVPN with the following command:

sudo systemctl restart openvpn@client

Method 3: Modify OpenVPN Configuration

You can directly modify the OpenVPN configuration to fix DNS leak OpenVPN.

Add the following line to your .ovpn configuration file:

block-outside-dns

Now restart your OpenVPN with the command as above discussed.

Also, Read Authenticate OpenVPN Clients Using FreeRADIUS.

Important Notes

The following are important notes while resolving the DNS leaks using OpenVPN on the Ubuntu system:

Consider using a VPN client with built in DNS leak protection. Some VPN clients offer features that automatically prevent DNS leaks.
If you are still experiencing issues try switching to a different VPN provider or using a different VPN protocol.
Keep your system and VPN client software update to ensure you have the latest security patches and bug fixes.

Conclusion

Fixing DNS leaks is important to maintaining your privacy while using OpenVPN on Ubuntu. By following the methods outlined in this guide you can ensure that your DNS queries are securely routed through the VPN tunnel protecting your browsing activity.

Ultahost offers KVM VPS hosting a smoother and more user-friendly experience. Our VPS provides outstanding virtualization for optimal security and performance, making it the perfect foundation for your OpenVPN setup.

FAQ

What is a DNS leak in OpenVPN?

A DNS leak happens when your real DNS requests bypass the VPN and are exposed to your ISP.

How do I check for DNS leaks on Ubuntu?

You can check for DNS leaks by using online DNS leak test tools or checking your IP address after connecting to OpenVPN.

Why is my OpenVPN leaking DNS?

DNS leaks occur due to incorrect VPN settings, improper routing, or system-level DNS configuration.

How can I prevent DNS leaks with OpenVPN on Ubuntu?

To prevent DNS leaks, configure your OpenVPN settings correctly and force DNS requests to go through the VPN.

Which file do I edit to fix DNS leaks in OpenVPN?

You may need to edit your OpenVPN configuration file usually in /etc/openvpn/ to fix DNS leaks.

Do I need additional software to fix DNS leaks on Ubuntu?

No, you can fix DNS leaks by modifying your OpenVPN and DNS settings without extra software.

Can a DNS leak expose my online activity?

Yes, a DNS leak can reveal your browsing activity and real location to your ISP or third parties.

5 minutes Database Management