DNS Leak when using OpenVPN Connect for Android (& iOS)
-
NickelFS
- Posts: 2
- Joined: Sun Nov 23, 2014 4:04 am
DNS Leak when using OpenVPN Connect for Android (& iOS)
Hello, I've set up a SoftEther VPN server on my dedicated server. It is running on the default configuration (with a few modifications). I don't think the specific config and stuff is necessary for this question. Anyway, I (and possibly others) plan on connecting to this VPN through a smartphone (Android/iOS) when I am on a specific network (which is fairly constricting) in order to access blocked content. I cannot test what the network have blocked at this time. However, I am quite sure that they've blocked most ports (apart from the common ones like 80, 443, etc.), certain domain names from their DNS servers & most public DNS servers (like Google's 8.8.8.8). This means I cannot use L2TP so intead I use the OpenVPN Connect app to connect to the VPN on port 443. This all works fine, but the problem is that my DNS is getting leaked which means that I won't be able to access certain blocked content. I'm trying to figure what the best way to resolve this would be. I do have a BIND server running which I can set-up as a forwarder if necessary but I don't know how to actually make Android/iOS use my forwarder while connected to the VPN. Any ideas would be appreciated (I need this to work for both Android and iOS).
-
dajhorn
- Posts: 137
- Joined: Mon Mar 24, 2014 3:59 am
Re: DNS Leak when using OpenVPN Connect for Android (& iOS)
If you are using the official OpenVPN client for Android, then disable the "DNS Fallback" option in the connection preferences for the SoftEther server. There might also be a way to force DNS behavior in the VPN import file.
The DNS forwarder in SoftEther is sometimes unreliable. If you are using SecureNAT, then try setting whatever is in the /etc/resolv.conf file instead of using the SoftEther gateway address.
The DNS forwarder in SoftEther is sometimes unreliable. If you are using SecureNAT, then try setting whatever is in the /etc/resolv.conf file instead of using the SoftEther gateway address.
-
NickelFS
- Posts: 2
- Joined: Sun Nov 23, 2014 4:04 am
Re: DNS Leak when using OpenVPN Connect for Android (& iOS)
Thanks for the reply. I don't use SecureNAT but I've figured it out. I am using dhcpd on "tap_vpn" interface (bridged to my SoftEther hub).
I simply added this to /etc/dhcp/dhcpd.conf:
> option domain-name-servers 192.168.250.1;
(192.168.250.0/24 is the subnet I'm using for my VPN)
Then, I set up BIND as a forwarder on that IP. I added this to /etc/named.conf:
> listen-on port 53 { 127.0.0.1; 192.168.250.1; };
> forwarders { 8.8.8.8; 8.8.4.4; };
Hopefully this helps anyone that is looking to accomplish something similar. And yes, don't forget to disable "DNS Fallback" on the OpenVPN Connect client.
I simply added this to /etc/dhcp/dhcpd.conf:
> option domain-name-servers 192.168.250.1;
(192.168.250.0/24 is the subnet I'm using for my VPN)
Then, I set up BIND as a forwarder on that IP. I added this to /etc/named.conf:
> listen-on port 53 { 127.0.0.1; 192.168.250.1; };
> forwarders { 8.8.8.8; 8.8.4.4; };
Hopefully this helps anyone that is looking to accomplish something similar. And yes, don't forget to disable "DNS Fallback" on the OpenVPN Connect client.