Adrian: My understanding is that as of Ubuntu 16.10 (and this for 17.04 as well), DNS resolution is handled by systemd-resolved and not dnsmasq as in 16.04 and previous.
In earlier versions (using dnsmasq), when using openvpn directly from the console using a client configuration file, we had to use a script (called update-resolv-conf) to properly register the dns settings when connecting. I would assume that network-manager-openvpn runs a similar script for you in the background. The problem is that as of 16.10 and systemd-resolved that script does not play well with systemd-resolved, and therefore creates a leak. Until network-manager-openvpn is updated to handle dns registration with systemd-resolved, you might need to revert to connecting to your vpn from the console (navigate to /etc/openvpn and calling sudo openvpn --config client.conf from the console). But first you need to create a client configuration file that has essentially the same info that you provide via the gui interface. OpenVPN provides a sample file here: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf Then to stop the dns leak you need to copy the update-systemd-resolved script to your /etc/openvpn directory and add a call to the update-systemd-resolved at the end of your client file. I explain this in this post: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317/comments/42 Sorry if this is a bit technical, but hopefully you can get it to work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1690759 Title: dns leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1690759/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
