DNS Leak when using OpenVPN Client

Support
1

I have a DNS leak issue which reveals my real IP when using my VPN with the Ovpn network manager client. After further testing the issue would appear to be caused by DNS caching on parrot.

What is the command I can use to disable this for testing?

What version of Parrot are you running? 4.19

What method did you use to install Parrot? Standard

Configured to multiboot with other systems? No

If there are any similar issues or solutions, link to them below:

If there are any error messages or relevant logs, post them below:

2

How did you discover the leak?

Why do you think its using cached DNS?

What servers do you expect to use? / Which ones are unexpected?

If its using cached DNS you shouldnt be leaking to anyone. Your cache is local after all.

1 Like
3

https://am.i.mullvad.net/ Leak test that was used

When connected to my home wifi it leaks everytime unless the cache is cleared for that network

On a new netowork with a different hostname and ISP the DNS leak issue does not present itself

I also used this test as a secondary check
https://www.dnsleaktest.com/

4

A DNS leak only really applies if you are using a DNS server you don’t expect/ don’t want to be using. At the end of the day somebody has to resolve your DNS, it just depends whether you trust them.

What DNS servers you should be using depends on the openVPN configs. So if you dont like the DNS servers being used, you might have to change the config.

Mullvad will probably tell you your DNS is leaking everytime, unless you are using its DNS servers. Lots of VPN companies will tell you your DNS is leaking, just to get you to purchase their service.

1 Like
5

Problem is that DNS leak test also shows my real IP behind my VPN. They arent associated with mullvad. Any suggestions on what config files I should look at altering to fix this? I cant log into some critical accounts till this gets fixed for security reasons. I am checking out openvpn’s config files now.

6

If dnsleaktest.com is showing your real IP, then your VPN isnt working properly. You can also check external IP with start.parrotsec.org.

I would check your openVPN logs, see if anything looks out of order. Or try another config if possible.

7

I have tried everything I can think of since this post was made. Ill try whatever you guys have as suggestions but it looks this might not be fixable. :disappointed_relieved::sweat::confounded::frowning_face::confused::pensive::cry::sob:

 Thu Apr 11 07:57:58 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 25 2018
Thu Apr 11 07:57:58 2019 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Thu Apr 11 07:57:58 2019 PLUGIN_INIT: POST /opt/Mullvad VPN/resources/libtalpid_openvpn_plugin.so '[/opt/Mullvad VPN/resources/libtalpid_openvpn_plugin.so] [/tmp/talpid-openvpn-a1a773f5-e24e-47eb-9d47-7dc36335556c]' intercepted=PLUGIN_ROUTE_UP|PLUGIN_ROUTE_PREDOWN|PLUGIN_AUTH_FAILED 
Thu Apr 11 07:57:58 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]207.189.xx.xx:1194
Thu Apr 11 07:57:58 2019 Socket Buffers: R=[212992->2097152] S=[212992->2097152]
Thu Apr 11 07:57:58 2019 UDP link local: (not bound)
Thu Apr 11 07:57:58 2019 UDP link remote: [AF_INET]207.189.xx.xx:1194
Thu Apr 11 07:57:58 2019 TLS: Initial packet from [AF_INET]207.189.xx.xx:1194, sid=c71ffe67 77446a52
Thu Apr 11 07:57:58 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr 11 07:57:58 2019 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, [email protected]
Thu Apr 11 07:57:58 2019 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Transition-Intermediate CA v1, [email protected]
Thu Apr 11 07:57:58 2019 VERIFY KU OK
Thu Apr 11 07:57:58 2019 Validating certificate extended key usage
Thu Apr 11 07:57:58 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Apr 11 07:57:58 2019 VERIFY EKU OK
Thu Apr 11 07:57:58 2019 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=us-cle-002.mullvad.net, [email protected]
Thu Apr 11 07:57:58 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Thu Apr 11 07:57:58 2019 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Thu Apr 11 07:57:58 2019 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Apr 11 07:57:58 2019 [us-cle-002.mullvad.net] Peer Connection Initiated with [AF_INET]207.189.xx.xx:1194
Thu Apr 11 07:57:59 2019 SENT CONTROL [us-cle-002.mullvad.net]: 'PUSH_REQUEST' (status=1)
Thu Apr 11 07:57:59 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.xx.xx redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.8.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1194::1002/64 fdda:d0d0:cafe:1194::,ifconfig 10.8.0.4 255.255.0.0,peer-id 6,cipher AES-256-GCM'
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: compression parms modified
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: --socket-flags option modified
Thu Apr 11 07:57:59 2019 NOTE: setsockopt TCP_NODELAY=1 failed
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: route options modified
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: route-related options modified
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: peer-id set
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Thu Apr 11 07:57:59 2019 OPTIONS IMPORT: data channel crypto options modified
Thu Apr 11 07:57:59 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Apr 11 07:57:59 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Apr 11 07:57:59 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Apr 11 07:57:59 2019 GDG6: remote_host_ipv6=n/a
Thu Apr 11 07:57:59 2019 TUN/TAP device tun0 opened
Thu Apr 11 07:57:59 2019 TUN/TAP TX queue length set to 100
Thu Apr 11 07:57:59 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Thu Apr 11 07:57:59 2019 /sbin/ip link set dev tun0 up mtu 1500
Thu Apr 11 07:57:59 2019 /sbin/ip addr add dev tun0 10.8.xx.xx/16 broadcast 10.8.255.255
Thu Apr 11 07:57:59 2019 /sbin/ip -6 addr add fdda:d0d0:cafe:1194::1002/64 dev tun0
Thu Apr 11 07:57:59 2019 /sbin/ip route add 207.189.xx.xx/32 via 192.168.xx.xx
Thu Apr 11 07:57:59 2019 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Thu Apr 11 07:57:59 2019 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Thu Apr 11 07:57:59 2019 add_route_ipv6(::/2 -> fdda:d0d0:cafe:1194:: metric -1) dev tun0
Thu Apr 11 07:57:59 2019 /sbin/ip -6 route add ::/2 dev tun0
Thu Apr 11 07:57:59 2019 add_route_ipv6(4000::/2 -> fdda:d0d0:cafe:1194:: metric -1) dev tun0
Thu Apr 11 07:57:59 2019 /sbin/ip -6 route add 4000::/2 dev tun0
Thu Apr 11 07:57:59 2019 add_route_ipv6(8000::/2 -> fdda:d0d0:cafe:1194:: metric -1) dev tun0
Thu Apr 11 07:57:59 2019 /sbin/ip -6 route add 8000::/2 dev tun0
Thu Apr 11 07:57:59 2019 add_route_ipv6(c000::/2 -> fdda:d0d0:cafe:1194:: metric -1) dev tun0
Thu Apr 11 07:57:59 2019 /sbin/ip -6 route add c000::/2 dev tun0
Thu Apr 11 07:57:59 2019 PLUGIN_CALL: POST /opt/Mullvad VPN/resources/libtalpid_openvpn_plugin.so/PLUGIN_ROUTE_UP status=0
Thu Apr 11 07:57:59 2019 Initialization Sequence Completed
Thu Apr 11 07:58:14 2019 PLUGIN_CALL: POST /opt/Mullvad VPN/resources/libtalpid_openvpn_plugin.so/PLUGIN_ROUTE_PREDOWN status=0
Thu Apr 11 07:58:14 2019 /sbin/ip route del 207.189.xx.xx/32
Thu Apr 11 07:58:14 2019 /sbin/ip route del 0.0.0.0/1
Thu Apr 11 07:58:14 2019 /sbin/ip route del 128.0.0.0/1
Thu Apr 11 07:58:14 2019 delete_route_ipv6(::/2)
Thu Apr 11 07:58:14 2019 /sbin/ip -6 route del ::/2 dev tun0
Thu Apr 11 07:58:14 2019 delete_route_ipv6(4000::/2)
Thu Apr 11 07:58:14 2019 /sbin/ip -6 route del 4000::/2 dev tun0
Thu Apr 11 07:58:14 2019 delete_route_ipv6(8000::/2)
Thu Apr 11 07:58:14 2019 /sbin/ip -6 route del 8000::/2 dev tun0
Thu Apr 11 07:58:14 2019 delete_route_ipv6(c000::/2)
Thu Apr 11 07:58:14 2019 /sbin/ip -6 route del c000::/2 dev tun0
Thu Apr 11 07:58:14 2019 Closing TUN/TAP interface
Thu Apr 11 07:58:14 2019 /sbin/ip addr del dev tun0 10.8.xx.xx/16
Thu Apr 11 07:58:14 2019 /sbin/ip -6 addr del fdda:d0d0:cafe:1194::1002/64 dev tun0
Thu Apr 11 07:58:14 2019 PLUGIN_CLOSE: /opt/Mullvad VPN/resources/libtalpid_openvpn_plugin.so
Thu Apr 11 07:58:14 2019 SIGTERM[soft,] received, process exiting
8

I have tried modifying the dnsmasq.conf, and networkmanager.conf I downloaded unbound even

NOTHING I DO STOPS THE LEAK :face_with_symbols_over_mouth:

NO CONFIG CHANGES FIX THIS :face_with_symbols_over_mouth:

ADDING MULLVAD DNS AND DELETING ALL OTHER ENTRIES DOES :face_with_symbols_over_mouth: NOTHING :face_with_symbols_over_mouth:

:face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth::face_with_symbols_over_mouth:

Ok done venting

Seriously annoyed (and sleep deprived :sleeping: ) that this refuses to work no matter what I do tho :confused:

Should I uninstall dnsmasq? Im thinking of just commenting out the firejail profile for unbound and seeing what that does? Let me know any suggestions you have. Like I said Ill try any suggestions and let you know how it goes.

9

So lets just clarify a bit.

Without your vpn running, you go to start.parrotsec.org and it shows your IP. You start your vpn and go to start.parrotsec.org, and it shows your vpn’s IP.

Can you paste the output of dnsleaktest.com or post a screenshot and tell me which ones you are leaking to?/ which ones you don’t want.

1 Like
10

1 thing:
I hope I understand you correctly …
if you use a vpn … and route all the traffic trough the vpn … all sites you will visit saw the ip of the vpn provider … not your real ip.
if you, for example route only the web traffic trough the tunnel … and your dns request goes stright to your isp dns … your isp cant see the sites that you are looking for … but he knows it cause he can see the dns requests. :wink:

If you want stealth as good as possible … you have to route all the traffic (incl. dns) trough the tunnel.
look at this
And you will need a dns server without profiling, selling data and blabla …
Maybe one of these:

IP Hostname ISP Country
208.69.33.69 m41.fra.opendns.com OpenDNS, LLC Germany
208.69.33.67 m33.fra.opendns.com OpenDNS, LLC Germany
208.69.33.77 m61.fra.opendns.com OpenDNS, LLC Germany
208.69.33.74 m73.fra.opendns.com OpenDNS, LLC Germany

i hope i could help … :wink:

1 Like
11

PS: 2.4.6 is one year old …

12

Please update !!!
4.5.1 is the latest

sudo parrot-upgrade

1 Like
13

That’s not parrot issue, thats your OpenVPN configuration file problem
I personally suggest you that don’t use OpenVPN use NordVPN
Check leaks at https://ipleak.net

15

Sorry Ive been MIA for the last few days getting ready to try another fresh install of parrot to see if the issue (and a few others that are related) is fixed. I have a theory its unbound related if the issue persists we’ll know

16

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.