openvpn dns no leak config

From thelinuxwiki
Jump to: navigation, search

versions

O.S. = debian stretch openvpn = 2.4.0-6+deb9u3 network-manager-openvpn-gnome 1.2.8-2

problem

I am trying to tunnel all traffic including DNS through a private VPN for privacy. The /etc/resolv.conf file Generated by NetworkManager needs to be changed upon vpn tunnel establishment.

solution

To prevent system dns from appearing and being used in /etc/resolv.conf when using a VPN, edit your vpn configuration (i.e. the file in /etc/NetworkManager/system-connections/<vpn name>) so it's something like this:

[ipv4]
dns=<vpn dns server ip address>;
ignore-auto-dns=true
method=auto
dns-priority=-1


the negative dns-priority means only this dns server will be used.
Then reload the config file:
sudo nmcli c reload <vpn name>


and toggle the vpn.


/etc/resolv.conf should now only include the one dns ip address defined in the config file.

References: https://developer.gnome.org/NetworkManager/stable/settings-ipv4.html https://bugzilla.gnome.org/show_bug.cgi?id=758772

solution from: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1211110/comments/92