Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)

Topic Author
FoodMaven
Posts: 39
Joined: Thu Jun 01, 2017 2:22 am

For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby FoodMaven » Sun Mar 18, 2018 1:24 am

I have a DNS leak. I am "some Ubuntu user".

Into what file are the following lines added? Which file and which directory?

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

from:

https://github.com/cryptostorm/cryptost ... ster/linux

at the very bottom of that page.

I just got CS up and running and after 6 months of working on this (one and off), I don't want to do it all again, I won't remember how.


josh
Posts: 2
Joined: Sun Mar 18, 2018 7:27 am

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby josh » Sun Mar 18, 2018 7:31 am

Go to the directory you have the configs (*.ovpn files)

Hidden Content
This board requires you to be registered and logged-in to view hidden content.


Done. This adds the 3 lines to each .ovpn file which fixes DNS leaks.


Topic Author
FoodMaven
Posts: 39
Joined: Thu Jun 01, 2017 2:22 am

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby FoodMaven » Sun Mar 18, 2018 9:26 pm

The following should give an understanding as to how little I understand the "work" I'm doing.

When I determined I had a DNS leak via https://ipleak.net/ (Cryptostorm's "Goodies" page), I tried to find my own solution. When I saw the info about Ubuntu I jumped to a false conclusion. I thought, because my router is OpenWRT/LEDE, that it is Linux/Ubuntu based. My bad.

I did the following:

ssh root@192.168.xxx.xxx and entered the pw.

cd /etc/openvpn

then nano cstorm_linux-rumplestiltskin_udp.ovpn

next copy the text starting "for x" in the above post (and without quotes) next, holding ctrl & shift, this was pasted into cstorm_linux-rumplestiltskin_udp.ovpn. Ctrl-O, Enter, Ctrl-X.

As a double check open the modified .ovpn. Nope, not 3 lines of text, only one. Manually 3 lines separated at >> with no spaces before or after. Ctrl-O, Ctrl-X. Double check: see 3 lines.

Reboot. Odd I can ping google.com, but cannot get to a common web page such as ipleak.net.

So I had to remove the Ubuntu text. And I still have a DNS leak.

Thank you for your concern.


josh
Posts: 2
Joined: Sun Mar 18, 2018 7:27 am

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby josh » Mon Mar 19, 2018 2:21 am

Hidden Content
This board requires you to be registered and logged-in to view hidden content.

User avatar

df
Site Admin
Posts: 358
Joined: Thu Jan 01, 1970 5:00 am

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby df » Wed Jul 04, 2018 3:45 pm

Old post, I'm sure you've figured out the problem by now, but if not:
That "for x" line was meant to be executed at the command line, not pasted into your text editor (nano).
If you can edit the config with nano, you can add the three lines from there:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

But the reason for that "for x" command is that it allows you to add the above three lines to all your configs at once, so you don't have manually edit each of them with nano.
Our new Linux tutorial page @ https://cryptostorm.is/nix includes a similar command:

for conf in *.ovpn;do echo 'script-security 2' >> $conf;echo 'up /etc/openvpn/update-resolv-conf' >> $conf;echo 'down /etc/openvpn/update-resolv-conf' >> $conf;done


patrickjburt
Posts: 4
Joined: Fri Jul 13, 2018 3:40 pm

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby patrickjburt » Fri Jul 13, 2018 3:45 pm

This info is good to know. Thumbs up!


patrickjburt
Posts: 4
Joined: Fri Jul 13, 2018 3:40 pm

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby patrickjburt » Fri Jul 13, 2018 3:46 pm

Really worried about the DNS leak....

User avatar

df
Site Admin
Posts: 358
Joined: Thu Jan 01, 1970 5:00 am

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Postby df » Fri Jul 13, 2018 4:09 pm

@patrickjburt
Nothing to worry about. Just follow the directions on https://cryptostorm.is/nix and the DNS leak will be taken care of.


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 10 guests

Login