Reply to topic

dns leak

mkashouty
Registered Member
Posts
1
Karma
0

dns leak

Mon Mar 12, 2018 5:21 pm
hey i have installed the developers addition of kde neon 5.12.3 and i am unable to prevent my ip from being leaked. routing through vpn service and disabling ipv6 still does not prevent my ip from being seen at dnsleaktest.com, in fact yesterday it would report only the actual isp and not even the vpn. this does not occur from gentoo or ubuntu running gnome. is there anyone that has experienced this problem?
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Fri May 10, 2019 7:51 pm
same problem. does not occur under gnome. tried everything.

.. is there a working solution?

thx.
NoNameNoBlame
Karma
0

Re: dns leak

Sat May 11, 2019 3:15 am
1/2) Check Your default route.
2/2) Check Your "resolv.conf" file.

And maybe Your "hosts" file.

And Your browser's proxy settings.
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Sat May 11, 2019 9:28 am
@nnnb

thanks for the reaction to this configuration - issue. everything checked (ip ro with and without (open)vpn connection, hosts, resolv.conf). no proxy. what should i look out for? did you solve this problem (on plasma) personally? maybe a "systemd & co. - thing" .. .

ps: all those "solutions" you find on the net don't work. just one example of many :

Code: Select all
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


or

Code: Select all
pkcon install openresolv nscd unbound


and so on. the other "solutions" - forgotten already.


edit: ovpn, network manager issue, dnsmasq, systemd :

https://airvpn.org/forums/topic/25263-h ... k-manager/

https://bugs.launchpad.net/ubuntu/+sour ... ug/1520771


pps : my vpn - provider's client would solve this problem :

Code: Select all
wget -qO - https://eddie.website/repository/keys/eddie_maintainer_gpg.key|sudo apt-key add -

deb http://eddie.website/repository/apt stable main


but this line gives me an ..

Code: Select all
deb http://eddie.website/repository/apt stable main


.. error message.


conclusio : it would be great if dns - leaks (on linux not actual dns - leaks - i know) were prevented "out-of-the-box", if you use the network manager + ovpn - files (like on f30 & co.). on windows, this was easy. all you had to do was add : block-outside-dns to the ovpn file. doesn't work on linux - systems. this was the only good thing about windows.
NoNameNoBlame
Karma
0

Re: dns leak

Sat May 11, 2019 2:04 pm
Did You use/try KDE neon's

Systemtray-Networks-<RightClick>
Configure Network Connections
Connections
Choose a Connection Type=>13 VPN-Entries

?

What was the result?

Edit:

And there is the 'kvpnc' application.
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Sat May 11, 2019 2:48 pm
hm..

-> system settings -> connections -> + -> add new connection -> import vpn connection -> i select the ovpn - config (+ deactivate ipv6)

now, under systemtray - networks my vpn - connections appear. i'll connect from here. works. but tests show : my cloudflare - dns is "leaked". on actual gnome - based systems, only the dns of my vpn - provider appears (ipleak.net & dnsleaktest.com).

kvpnc? didn't know about it. i could try (instead of the provider's client) .. let's see, i will edit this comment to post the result.

edit : unfortunately, the program crashes too often. 5x meanwhile. if it doesn't crash, no connection & strange errors. imho not correct in the context of the actual ovpn - config. if it doesn't crash, it want's

Code: Select all
script-security 2


which, as described, doesn't solve anything (only 4 old ubuntu versions).

i'm afraid this app is (generally) outdated (based on 4.14.38 & (C) 2004 - 2009). but thx for the hint to kvpnc. it would be preferable, it would work without problems via network - settings (as described) , out-of-the-box. it seems to be a dnsmasq and/or systemd problem. my gut tells me.
NoNameNoBlame
Karma
0

Re: dns leak

Sat May 11, 2019 3:49 pm
My probably last suggestion - before being out of ideas:

Maybe, remote VPN is via IPv4 only, and DNS is using local IPv6.
Or the other way round.

Both default routes should be checked: IPv4 and IPv6.
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Sat May 11, 2019 4:33 pm
hm..

my ovpn - configuration itself was udp ipv4 only. additionally i deactivated ipv6 as described. now, i created a new ovpn - file/config, udp ipv4 & ipv6. imported and nothing deactivated. same problem. i also tried "automatic - only addresses" in the ipv4 and/or ipv6 plasma - network - settings (of the ovpn - files/configs). it didn't help either. there must be a reason, why it works under actual gnome - builds (the same ovpn - files/configs). possibly there is some systemctl xy to execute in an openvpn - context (to install "network-manager-openvpn" is maybe not enough - but it should be enough, imho).

i don't know. but thx for your time. let me know if there is anything else you can think of. and if i still find a solution (i have been looking for a long time now), i will post it, too.


edit: there are (possibly) other "solutions" that i have just found, but this immense tinkering (based on good luck) does not come into question (for me) :

https://www.youtube.com/watch?v=oYW4aJntC8s

or systemd (gut) :

https://unix.stackexchange.com/question ... -dns-leaks

https://github.com/systemd/systemd/issues/7182

i give up. maybe, the solution comes with time.


edit: last but not least I was able to install the vpn - client & had no leaks - but a very high cpu & ram - load. lousy app (on linux) = no solution. a solution whould be : import the ovpn - config @ network - settings. done = no leaks. inherently.

therefore again: i give up. maybe, the solution comes with time.

thx & g.n.
NoNameNoBlame
Karma
0

Re: dns leak

Sun May 12, 2019 3:53 am
You could enter:
$ netstat -nvrF46 | grep G
and
$ netstat -nvrC46 | grep G

and maybe the rightmost interface-column
shows wrong/old interface even after
VPN-activation.

Just a thought.

Edit:
Or - while using VPN - maybe this will be interesting:

http://www.traceroute6.net/
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Sun May 12, 2019 9:06 am
thx nnnb,

i'll try netstat later. but I'm afraid it won't bring any new info. anyway, it's worth a try. i edit this comment again.

ps: traceroute6 = insecure connection & full of (bad) tracking.


edit: result : the 2nd netstat command shows me nothing. nothing at all. the 1st netstat command shows me (vpn on) 3 lines. 1st line on the right = tun0. 2nd & 3rd line on the right = my wlan. additionally in the third line on the left = my vpn-ip.

vpn off : one line, on the right my wlan. on the 2nd try (vpn on -> vpn off -> netstat -nvrF46 | grep G : 2 lines. on both lines on the right my wlan. in the second line on the left, my vpn-ip (but my vpn is off).

what does that say? my brain is offline right now - a good thing, otherwise .. .

Last edited by martinki on Tue May 14, 2019 7:44 pm, edited 1 time in total.
fuckregistrants
Registered Member
Posts
2
Karma
0

Re: dns leak

Mon May 13, 2019 10:22 am
Hey man! Got the same problem as you for many times! Also tried all these solutions without any luck. I think it's IPv6 leaking your location via DNS. I got a router with Internets that seted up to get its settings via DHCP and you cannot change this on the user side (actually you can, but you have to enable telnet, put some console **** that enables your admin rights etc, but i'm scarred of breaking something). But today I just played with network settings and voila I got everything works as it should be. All you have to do is:
1. Disable IPv6 by set it's 'Method' to ignore state: https://i.imgur.com/NwVfq61.png
I know that it doesn't actually disables ipv6 and 'ip a' shows that inet6 is up but it just works
2. On IPv4 tab set 'Method' to automatic (only addresses): https://i.imgur.com/zKuOy2K.png
You can also add some DNS but they won't work from here anyway
That's all. Reconnect to your network/wifi adapter and go to check any of it: dnsleaktest.com, whatleaks.com, ipleak.net or even yandex.com/internet. They all show what they should show now.
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Tue May 14, 2019 11:33 am
hey @fregi

do you have made these settings within your _primary connection_? it looks exactly like that. i have disabled ipv6 only in the vpn - connections (as well as "automatic; addresses only) .. . maybe should i go back to kde/plasma (i changed the distro out of frustration (although i love kde/plasma/neon) - there it works out-of-the-box (via network manager/import ovpn config)).. .

hard decision. the kde-community based on ordinary people like you and me is imho the greatest of all. but the communication end-user <-> developers seems to be horrible ( later edit: but it isn't - see the result below) (everywhere - a linux problem per se). on the other side : the upgrade to the hwe - stack or the placement of the flatpak - section in disvover was almost instantaneous.

please tell me, this works (settings in the primary connection).

Last edited by martinki on Tue May 14, 2019 7:43 pm, edited 1 time in total.
fuckregistrants
Registered Member
Posts
2
Karma
0

Re: dns leak

Tue May 14, 2019 2:53 pm
martinki wrote:hey @fregi
please tell me, this works (settings in the primary connection). if that works, i have no more problems with plasma and i am silent with criticism. but this is a huge privacy issue/bug (no one cares about since a long time).

Yes, all I did was for my primary connection. You can check it with livecd or VM. What I've got now: https://imgur.com/a/aJEB88P
martinki
Registered Member
Posts
31
Karma
0
OS

Re: dns leak

Tue May 14, 2019 4:24 pm
ok ... one last time once again all the work and a switch. i try it.


big edit : it was a lot of work and only at the end of my fine - tuning, flatpak dowloads & configurations, i was finally able to test the vpn. first with your settings. actually : no leak!

but now the (again, like with the super-fast hwe-stack & flatpak-discover-position upgrade) almost magical news: even without deactivating ipv6 in the standard connection and/or only allowing "addresses" in the ipv4 settings of the standard connection it works now! :o . i just disabled ipv6 in the vpn connections - as usual - which wouldn't be necessary because the ovpn config is already configured this way.

test it. we must have been heard, incredible work, dear kde/plasma/neon/kubuntu & co. team. thx.

thx also to my two tireless helpers here in the forum and the poor guy in the kde chat - now he's safe (if he only knew).

ps: https://planet.kde.org ( -> jan grulich, 14. mai) -> they are working on vpn-configurations in general right now, as i just saw.

 
Reply to topic

Bookmarks



Who is online

Registered users: Baidu [Spider], Bing [Bot], DigitalDeviant, Exabot [Bot], Google [Bot], Google Adsense [Bot]