I guess everyone knows that dns leak is due to client OS network stack settings. You need up and down script to make sure that DNS is not leaking and there are plenty of scripts now to do this. you have update-resolv-conf for linux client, up/down.sh from tunnelblick and dnsleaktest.com for windows.
Now I noticed that some other traffic may also be leaking. During the course of troubleshooting a user connections, using wireshark, new connections such as playing a steam-powered games, traffic is not routed thru VPN tunnels. Instead it went out directly thru the main interface. steam-powered games, in multiplayer mode, uses CLASSIC-STUN, for its p2p connections between the players.
It seems that CLASSIC-STUN application will not go thru the VPN for some reasons if the normal default gateway is still active. Using route print, you can see that the routes as follows:
Code: Select all
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
0.0.0.0 0.0.0.0 172.16.0.1 172.16.0.86 542
0.0.0.0 128.0.0.0 172.16.0.1 172.16.0.86 31
Is there any available scripts that can safely remove the main gateway after the tunnel is up? An extension to the existing script that accepts and modifies the DNS properties?
Appreciate if anyone can point me to the right directions in doing this.
Thanks