Maybe i should open a thread for VPN-Firewall .
I use this command to open openvpn : sudo openvpn --config .
If i connect to internet with my host, i’ll use the VPN DNS ?
The same question is for Gateway to make a connection with the tor entry nodes .
Quote GitHub - adrelanos/vpn-firewall: Leak Protection (Fail Safe Mechanism) for (Open)VPN
What does it NOT doCare about DNS leaks. Consult your VPN software's/provider's documentation and configure /etc/resolv.conf to use the DNS server of your VPN server.</blockquote>
[hr]
On Whonix-Gateway, Whonix-Gateway’s own DNS traffic is always resolved by Tor.
The VPN server doesn’t give me anything about resolv.conf .
For using, just for a case, a VPN-Firewall on the host i did this :
- Run VPN-Firewall
- Run Tor by tor-arm
- Run system updates or surf on the net ( is a risk )
- I set up a socks port for dns query and for torsocks traffic .
- I need to run system updates by vpn—>tor, i did this : sudo torsocks apt-get update && sudo torsocks apt-get dist-upgrade .
Arm has noticed me that DNS request is taken by the tor network and that apt-get didn’t leak anything .
However, how can i set up resolv.conf ? For only system updates i think there’s no problem .
What about dns query for gateway ? Yes, they are routed through Tor but the dns query are performed by me or the VPN provider ?
Consult the documentation of some random VPN provider. Then port these instructions to you VPN provider.
See also:
tor-arm is not a tool for detecting leaks
Whonix-Gateway’s own traffic is resolved through Tor. There is no global DNS. See this very chapter: Whonix-Gateway System DNS - Whonix (not the rest of that page)
I didn’t trust to tor-arm but I also tested with Wireshark .
I was connected only to a VPN, I setted only the IP of my VPN-provider on Network Manager ( Debian ), the same IP for Openvpn tunnel .
It seems the all traffic is passed through VPN, Did I make mistakes ?
Curiosity : if the VPN didn’t resolve my DNS-query, my connection shouldn’t been possible ? ( I think the connection isn’t possible )
If your DNS resolving mechanism (/etc/resolv.conf) points to an external IP. Or allowed internal IP (router)… Then the DNS might be resolved by that.
File /etc/resolv.conf :
#Generated by Network Manager
nameserver
Not, my router doesn’t resolve anything unless specified from my PC .
Is it all ok ?
I have seen other settings but I didn’t understand what they are do :
/etc/resolv.conf.d/update-libc.d/avahi-daemon .
#!/bin/sh
if we have an unicast .local domain, we immediately disable avahi to avoid conflicts with the multicast IPV4 .local domains .
if [ -x /usr/lib/avahi/avahi-daemon-check-dns.sh ]; then
exec /usr/lib/avahi/avahi-daemon-check-dns.sh
fi
I didn’t understnd nothing .
Distribution specific. Debian doesn’t use /etc/resolv.conf.d. Up to your distribution. Consider uninstalling avahi-daemon.
That’s why VPN-Firewall documentation says the following…
What does it NOT do
Care about DNS leaks. Consult your VPN software's/provider's documentation and configure /etc/resolv.conf to use the DNS server of your VPN server.