After setting the ipv4.dns-priority of the VPN connection to a negative number and patching the source or installing the conveniently packaged .deb below, you should not experience DNS leaks over NM-VPN. (Output from extended test at https://dnsleaktest.com )
Test complete Query round Progress... Servers found 1 ...... 1 2 ...... 1 3 ...... 1 4 ...... 1 5 ...... 1 6 ...... 1 IP Hostname ISP Country 173.239.226.69 ip-69-226-239-173.east.us.northamericancoax.com LogicWeb Inc United States To install the .deb package, simply use: cd ~/Downloads && sudo dpkg -i network-manager_1.4.4-1ubuntu4_amd64.deb NOTE: make sure apt does not replace the package with: sudo apt-mark hold network-manager Make sure to stop all network services and restart the network manager using: sudo service network-manager stop sudo service networking restart sudo service network-manager start To build the source and apply the patch yourself, use the following steps: sudo apt-get build-dep network-manager cd ~/Downloads && mkdir nm-patch && cd nm-patch apt-get source network-manager cd network-manager-1.4.4 cp ~/Downloads/systemd-resolved-dns-priority-fix.patch . patch -p1 < systemd-resolved-dns-priority-fix.patch rm systemd-resolved-dns-priority-fix.patch dpkg-buildpackage -us -uc -b (wait a while, it will take some time to compile) Then install the generated network-manager_1.4.4-1ubuntu .deb package using: cd ../ && sudo dpkg -i <deb-name> ** Attachment added: "network-manager_1.4.4-1ubuntu4_amd64.deb" https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1624317/+attachment/4900613/+files/network-manager_1.4.4-1ubuntu4_amd64.deb -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS Status in systemd: New Status in network-manager package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Status in network-manager source package in Artful: Confirmed Status in systemd source package in Artful: Confirmed Bug description: I use a VPN configured with network-manager-openconnect-gnome in which a split-horizon DNS setup assigns different addresses to some names inside the remote network than the addresses seen for those names from outside the remote network. However, systemd-resolved often decides to ignore the VPN’s DNS servers and use the local network’s DNS servers to resolve names (whether in the remote domain or not), breaking the split-horizon DNS. This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL: https://bugzilla.redhat.com/show_bug.cgi?id=1151544 To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
