VPN DNS leaks with grc.com test

First of all, I would like to point out that is not exactly the first time that I setup a vpn. I use it from years.
Second I did all the online tests for vpn dns leaks that I know. All of them are good (absolutely no leaks) except this one.
This particular test: GRC | DNS Nameserver Spoofability Test   leaks 2 dns that are not from the vpn but looks like directly from the isp I use.
I also installed the adrelanos vpn firewall and it looks like is working (if I kill openvpn everything goes down)
I use of course openvpn to connect to vpn and also I’m on linux so I use the scripts that I think everyone knows (those 3 lines with resolv-conf) to prevent leaks.
I got 2 questions. Of course like many others I do vpn → whonix → the world.
Is this leak only problematic in firefox? What can I do to prevent it? I installed the vpn firewall, I use the scripts. I don’t know what to do next to be more safe.

I highly suggest you on doing that test right now, to see if you have leaks or not.

Let’s see if I understand this right. You are using GitHub - adrelanos/vpn-firewall: Leak Protection (Fail Safe Mechanism) for (Open)VPN but the GRC | DNS Nameserver Spoofability Test   leak test can still figure out your ISP’s DNS server?

Exactly. Now, what I did is changing my dns to open dns in my wifi config (before this everywhting was set on automatic).
Now that test doesnt show up my isp dns but my vpn + opendns dns.
Every other test simply returns 1 dns, the one from the vpn.
I also tested this in another linux system, without vpn firewall, and with another vpn provider. Problem looks like is the same: with the other vpn it doesnt tell me directly my ISP name, but I can see several (5) dns leaks that point out in my country. Like above, the test on grc.com is the only one that shows this result. All the others, doesnt show leaks at all

5 posts were split to a new topic: VPN-Firewall discussions in Whonix forums

exactly I opened the topic in the anonymity section for this reason. I had leaks with Debian host + vpn-firewall and lubuntu without vpn firewall if that matters.
2 different vpn companies as well. It leaks the provider dns. I did all the test via firefox, everything is negative except that test on grc.com, which successfully leaks the dns provider. Either my ISP or Opendns if I change them.
I’ll try to test for leaks with wireshark I think I found a tutorial. It would be nice to know if that test you people have leaks too.
Thanks for your replies btw!

What’s your /etc/resolv.conf?

Why use OpenDNS? If you want all traffic to be tunneled through the VPN, and VPN-Firewall works with IPs, not hostnames, what would OpenDNS be good for?

Im normally not using it at all, but is either that or my isp address, so I thought it would be better

In resolv.conf at the moment I see that opendns address+the one probably from the vpn (its a private ip without much info. probably related to my vpn?)

Ill try to remove opendns config and reboot to see if its the same

okay I confirm that if I remove opendns my ISP nameserver/dns shows up in resolv.conf,
I’m searching on google now how to fix this, If any of you have idea on how to do it that would be helpful

Did you follow the full instructions on
VPN-Firewall: Enforce use of a VPN? resolvconf is mentioned
various times. One of the most important ones:
VPN-Firewall: Enforce use of a VPN

I did, however now if I repeat all the steps I get an error on the following command:

sudo service openvpn@openvpn start

Job for openvpn@openvpn.service failed. See ‘systemctl status openvpn@openvpn.service’ and ‘journalctl -xn’ for details.

if i do:

sudo service openvpn@openvpn status

I get:

openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/lib/systemd/system/openvpn@openvpn.service; enabled)
Drop-In: /lib/systemd/system/openvpn@openvpn.service.d
Active: failed (Result: exit-code) since Mon 2017-05-08 02:21:16 CEST; 3min 37s ago
Process: 3980 ExecStartPre=/usr/bin/sudo /usr/sbin/openvpn --rmtun --dev tun0 (code=exited, status=1/FAILURE)

May 08 02:21:16 computer sudo[3980]: tunnel : TTY=unknown ; PWD=/etc/openvp…n0
May 08 02:21:16 computer sudo[3980]: pam_unix(sudo:session): session opened…0)
May 08 02:21:16 computer sudo[3980]: Mon May 8 02:21:16 2017 ERROR: Cannot…6)
May 08 02:21:16 computer sudo[3980]: Mon May 8 02:21:16 2017 Exiting due t…or
May 08 02:21:16 computer sudo[3980]: pam_unix(sudo:session): session closed…ot
May 08 02:21:16 computer systemd[1]: openvpn@openvpn.service: control proce…=1
May 08 02:21:16 computer systemd[1]: Failed to start OpenVPN connection to …n.
May 08 02:21:16 computer systemd[1]: Unit openvpn@openvpn.service entered f…e.
Hint: Some lines were ellipsized, use -l to show in full.

However if I manually delete the content of resolvfconf file in /etc/resolvconf/run/interface and restart resolvconf I have zero leaks and everything works.

But the problem is that every time I connect and disconnect again, automatically I get the leaks unless I edit manually those files everytime.

the vpn firewall however i think is working, cause if I kill openvpn or turn off and on again my connection I cant connect at all. I have to flush manually netfilter everytime, connect, and then restart it.

Im sorry if this reply is confusing, im doing my best

Thanks again for the help

VPN-Firewall isn’t tested on Ubuntu (as readme on GitHub - adrelanos/vpn-firewall: Leak Protection (Fail Safe Mechanism) for (Open)VPN says), so I am not surprised and cannot really support it.

Ubuntu should be avoided anyhow. ( Dev/Operating System - Whonix )

I guess OpenVPN fails to write to that file due to missing write permissions. The following file might require an addition for Ubuntu support.