Ade Malsasa Akbar contact
Senior author, Open Source enthusiast.
Tuesday, September 8, 2015 at 13:35

If you follow our previous OpenVPN tutorial, you probably find that your DNS request could be leaked. It means anyone may see what you were browsing for. So how to fix DNS leak in OpenVPN? Here we show you how.

Intro


OpenVPN has a special behavior in which it will not change your default DNS. OpenVPN encrypt you connection to the internet, but it doesn't encrypt your DNS request. If so, anyone can not see your traffic, but someone can see your DNS request (i.e. to block you). That is DNS leak. OpenVPN should change DNS into its VPN DNS server and can revert back into your original DNS. In Linux, you will deal with /etc/resolv.conf file manually to do that. To prevent DNS leak, OpenVPN needs help from another process. And it will automatically update /etc/resolv.conf for you.

1. Edit The .ovpn File


You just need to add these three lines of config into your .ovpn file. Add these to the end of file as new lines.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Explanation: OpenVPN (if you install it from Ubuntu repo) has a special script named update-resolv-conf. This script will update your /etc/resolv.conf file automatically. It will force OpenVPN to use default DNS from your .ovpn file.

2. Run The .ovpn File

sudo openvpn --config name_of_your_file.ovpn

3. Test DNS Leak


Browse http://dnsleaktest.com and start a standard test. See that your DNS changed into another than your ISP DNS (thus VPN's DNS). In this example, I use vpngate VPN service and Google as my DNS.

Reference