I'm running on Debian 9 and am having some light issues and questions related to DNS/DNS leaks/iptables.
I have openvpn 2.4.0 and am setting iptables according to https://github.com/fermi-cryptostorm/fe ... tostorm.sh but without the hexstring part because I don't know what it does. =]
When I run openvpn from the command line I don't get a new nameserver in /etc/resolv.conf and it doesn't show in either the openvpn logs or /var/log/syslog.
When I connect with gnome's network-manager, though, I can see in syslog that Avahi is triggered and sets a new nameserver that comes from CS. The catch is that it keeps my local router as a secondary nameserver as well. So I wonder: Can it leak DNS sometimes because of that? Does it matter in any way?
Right now I just picked one of the CS DNS servers and set it with a script. Also running openvpn from command line. Everything seems quite smooth and fast but I could not access .onions. So I wondered: Is there a correct DNS server for each CS entry node/location?
And finally, is there a way to get the 'correct' if there is one DNS server address from the openVPN server automatically?
It seems that this is somehow related to viewtopic.php?f=46&t=9356 but I did not understand why I should set nameserver 127.0.0.1 and how dnsmasq comes into the scene. =]