wireguard or openvpn - DNS leak in ubuntu based systems
by axolinx from LinuxQuestions.org on (#6CGT5)
I setup a wireguard server in the cloud, on a clean Ubuntu server 20.04 without any previous network configurations or software changes than the standard updates.
The clients i am using for testing, are Mint 20.3 and Pop OS 22.04.
On the server side, ipv4 and ipv6 forwarding are enabled in /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Wireguard server Configuration:
Code:[Interface]
PrivateKey = TheServerPrivateKey-HERE
Address = 192.168.69.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
[Peer]
PublicKey = TheClientPrivateKey-HERE
AllowedIPs = 192.168.69.2/24
PersistentKeepalive = 25On the clients, i added a line for DNS in the config, using open DNS 1.1.1.1, and also edited the /etc/NetworkManager/NetworkManager.conf file adding:
Code:[main]
dns=none
rc-manager=unmanagedCode:[Interface]
PrivateKey = TheClientPrivateKey-HERE
Address = 192.168.69.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = TheServerPublicKey-HERE
Endpoint = 34.xx.xx.xx:51820 #server IP obfuscated for the forum post.
AllowedIPs = 0.0.0.0/0
I restarted both, server and clients and can confirm all settings are in effect.
Client and server establish the wireguard connection.
On the client, i am checking https://ipleak.net and https://browserleaks.com/dns
Both sites show me the IP from the server, but the DNS checks show me the client IP in both ipv4 and ipv6.
This is a problem on ubuntu based clients i believe. I had the same issue using OpenVPN Access server. But if i connect from android for example within the same network, the DNS is not leaked. I havent tested on windows clients.
What else can be tweak to actually pass the DNS request inside the wireguard tunnel?
The clients i am using for testing, are Mint 20.3 and Pop OS 22.04.
On the server side, ipv4 and ipv6 forwarding are enabled in /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Wireguard server Configuration:
Code:[Interface]
PrivateKey = TheServerPrivateKey-HERE
Address = 192.168.69.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
[Peer]
PublicKey = TheClientPrivateKey-HERE
AllowedIPs = 192.168.69.2/24
PersistentKeepalive = 25On the clients, i added a line for DNS in the config, using open DNS 1.1.1.1, and also edited the /etc/NetworkManager/NetworkManager.conf file adding:
Code:[main]
dns=none
rc-manager=unmanagedCode:[Interface]
PrivateKey = TheClientPrivateKey-HERE
Address = 192.168.69.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = TheServerPublicKey-HERE
Endpoint = 34.xx.xx.xx:51820 #server IP obfuscated for the forum post.
AllowedIPs = 0.0.0.0/0
I restarted both, server and clients and can confirm all settings are in effect.
Client and server establish the wireguard connection.
On the client, i am checking https://ipleak.net and https://browserleaks.com/dns
Both sites show me the IP from the server, but the DNS checks show me the client IP in both ipv4 and ipv6.
This is a problem on ubuntu based clients i believe. I had the same issue using OpenVPN Access server. But if i connect from android for example within the same network, the DNS is not leaked. I havent tested on windows clients.
What else can be tweak to actually pass the DNS request inside the wireguard tunnel?