Linux OpenVPN IPV6/DNS Leak fix

Last updated by Shayne M on July 12, 2015 15:51

DNS/IPV6 Leak fix

The DNS servers used by the system are defined in /etc/resolv.conf. Traditionally, this file is the responsibility of whichever program deals with connecting the system to the network (e.g. Wicd, NetworkManager, etc...) However, OpenVPN will need to modify this file if you want to be able to resolve names on the remote side. To achieve this in a sensible way, install openresolv, which makes it possible for more than one program to modify resolv.conf without stepping on each-other's toes. Before continuing, test openresolv by restarting your network connection and ensuring that resolv.conf states that it was generated by "resolvconf", and that your DNS resolution still works as before. You should not need to configure openresolv; it should be automatically detected and used by your network system.

For Linux, OpenVPN can send DNS host information, but expects an external process to act on it. This can be done with a openvpn-update-resolv-conf script, which can be saved for example at /etc/openvpn/update-resolv-conf.sh. Make it executable with chmod and add the following lines to your OpenVPN client configuration file:

script-security 2 
up /etc/openvpn/update-resolv-conf.sh 
down /etc/openvpn/update-resolv-conf.sh 

Now, when your launch your OpenVPN connection, you should find that your resolv.conf file is updated accordingly, and also returns to normal when your close the connection.

Caveat: The script will fail to restore the original DNS settings if your OpenVPN client configuration is set-up to drop root privileges after connection. To avoid running OpenVPN as root you can add a locked-down user which only is allowed to use sudo on resolvconf. Then you have to change the RESOLVCONF variable in the script to RESOLVCONF=/usr/bin/sudo /usr/bin/resolvconf and the DNS restoration on disconnect should work with the generally dropped root privileges as well.

VPNSecure Provides Secure VPN servers in over 45+ Countries

If you are a looking for a versatile easy to use VPN service, checkout Today