Adrian:

My understanding is that as of Ubuntu 16.10 (and this for 17.04 as
well), DNS resolution is handled by systemd-resolved and not dnsmasq as
in 16.04 and previous.

In earlier versions (using dnsmasq), when using openvpn directly from
the console using a client configuration file, we had to use a script
(called update-resolv-conf) to properly register the dns settings when
connecting. I would assume that network-manager-openvpn runs a similar
script for you in the background. The problem is that as of 16.10 and
systemd-resolved that script does not play well with systemd-resolved,
and therefore creates a leak.

Until network-manager-openvpn is updated to handle dns registration with
systemd-resolved, you might need to revert to connecting to your vpn
from the console (navigate to /etc/openvpn and calling sudo openvpn
--config client.conf from the console). But first you need to create a
client configuration file that has essentially the same info that you
provide via the gui interface.

OpenVPN provides a sample file here:
https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf

Then to stop the dns leak you need to copy the update-systemd-resolved script 
to your /etc/openvpn directory and add a call to the update-systemd-resolved at 
the end of your client file. I explain this in this post:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317/comments/42

Sorry if this is a bit technical, but hopefully you can get it to work.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1690759

Title:
  dns leak

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1690759/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to