OpenVPN: How To Prevent DNS Leaks

Yeah, I realize that for some people the answer to this question is probably WireGuard .

However, the good old OpenVPN is still used a lot in production settings. OpenVPN has been around for ca. 20 years, and is still the VPN solution of choice for enterprises and individuals the like.

So how do you prevent it from leaking DNS requests outside the encrypted tunnel?

There’s a pretty simple solution. Add the following 3 lines to your .ovpn file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Make sure that you’ve installed the resolvconf package:

$ apt install resolvconf

Make sure you test if any DNS leaks occur by using e.g dnsleaktest.com or ipleak.org .

Should you still be experiencing DNS leaks - sometimes the dreaded but oh so useful NetworkManager messes up things - then it’s time to edit /etc/resolv.conf by hand.

Until I figure out how to make NetworkManager behave… 😉


#OpenVPN #Security #Linux