DNS leaks on GNU/Linux, OpenSUSE, Ubuntu, Incorrect instructions OpenVPN, Network Manager


I just wanted to let GoldenFrog staff know that I have been getting constant DNS leaks while using OpenSUSE Tumbleweed, and Ubuntu 20.04.2. I followed the instructions provided by GoldenFrog from this link: https://support.vyprvpn.com/hc/en-us/articles/360037721812-VyprVPN-OpenVPN-Setup-for-Linux-Ubuntu-

However, even though I followed those instructions and set up everything correctly according to these instructions in both Ubuntu and OpenSUSE via network manager I still had persistent, constant DNS leaking. Even when I contacted staff to verify if I had DNS leaks I was told that I wasn’t having DNS leaks… but I was.

I tried ProtonVPN who have implemented a native linux app and one linux app specific to Ubuntu 20.04 and I verified that I don’t have any DNS leaks while using ProtonVPN. ProtonVPN also has a permanent kill switch. I checked the settings that their client sets up in network manager under Ubuntu 20.04 and they set way more settings than VyprVPN OpenVPN protocol does. I tried researching implementation of UFW firewall parameters to block all non-VPN traffic/packets or setting up iptables, but it’s a lot of work. Is there a fix or updated instructions to stop the DNS leaks with VyprVPN? I’m probably going to cancel my VyprVPN subscription if there isn’t a fix. Already paid for a year.

Hey, thanks for the post!

Can you provide any details about how you are detecting a DNS leak? If you’ve used a DNS leak test site, a screenshot of the results from there would be helpful.

I connect via L2PT on Tumbleweed. Are you sure your browser isn’t using it’s own DNS or proxy?

According to https://www.purevpn.com/dns-leak-test I get DNS leaks on L2TP on Tumbleweed & when I set the android app to use openvpn. The leaks seem to point to Amazon & digitalocean servers though. Might be best to use Firefox’s DNS over HTTPS with VyperVPN.

Thanks! Due to how VyprDNS works, it’s normal to see DNS servers that aren’t or don’t appear to be associated with VyprVPN or Golden Frog.

As a general rule, as long as your ISP’s DNS information isn’t visible in a leak test, then you aren’t experiencing a true DNS leak.

Daniel, I was still getting 1 to 3 ip addresses that were my isp’s dns. When I use ProtonVPN which also uses IKEv2 ipsec the leak test returns only 1 ip address which is the VPN. I’m wondering if the source is ipv6 misconfiguration or ipv6 needing to be disabled. Could also be many other things based on what I saw. Honestly, GoldenFrog should have these things sorted.

You’re right, and I should have thought to mention IPv6 - since we don’t support IPv6, IPv6 will need to be disabled. Your IPv6 address and other related info can be seen on the Internet if IPv6 is enabled while connected to VyprVPN.

If you’ve disabled IPv6 and continue to see information in leak tests that relates to your ISP or to you directly, please let us know!

1 Like