Udp OpenVPN Dns leak?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
youpiyoyo
OpenVpn Newbie
Posts: 2
Joined: Sat Jun 27, 2020 4:03 pm

Udp OpenVPN Dns leak?

Post by youpiyoyo » Sat Jun 27, 2020 4:14 pm

Hi,

I'm using openvpn (OpenVPN 2.4.7 arm-unknown-linux-gnueabihf) on a raspberry pi.
I have another raspberry pi with pi hole on it. my router is used for the dhcp server.

I recently noticed that some udp queries from the torrent client transmission is going through my pi.hole.
I tried http://dnsleak.net/ and as per this site I don't have a dnsleak.

I'm also using squid as a proxy server, I don't have any trouble. nothing is going through the pi.hole.
BUT, when I add a torrent, I see the udp trackers passing through the pi.hole.

How I can I prevent this. I can I debug, verbose or monitor it.

does DNScrypt will secure anything? what can I do?

here my configuration

Code: Select all

client
dev tun
proto udp
remote xxxxx
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass /etc/openvpn/login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
script-security 2
up /etc/openvpn/upscript
down /etc/openvpn/downscript
in the up and down script I'm playing with ip rule and ip route to access my Nas and ssh in my local network

Thanks for your help
Last edited by Pippin on Sat Jun 27, 2020 10:10 pm, edited 1 time in total.
Reason: Formatting

youpiyoyo
OpenVpn Newbie
Posts: 2
Joined: Sat Jun 27, 2020 4:03 pm

Re: Udp OpenVPN Dns leak?

Post by youpiyoyo » Sun Jun 28, 2020 5:59 pm

Well to fix this, in case it help someone I drop every connection on the pi.hole with

Code: Select all

iptables -A INPUT -s IP-ADDRESS -j DROP

and in the /etc/hosts put every local ip for the resolve local dns.
I had to change to the static ip in the openvpn config file as the pi.hole will reject the connection coming from the other pi.
Hope it helps someone

Post Reply