You are not logged in.
- Topics: Active | Unanswered
#26 Freedom Hacks » [SOLVED] Fixing DNS Leaks with OpenVPN on Devuan: Workaround » 2024-08-05 19:52:48
- lynch9
- Replies: 7
Hey,
Yet another VPN adventure gone awry I guess. I was connecting through OpenVPN to Mullvad’s servers. Mullvad provides a custom `.config` file according to your needs, so it was no big deal (although you need to edit it a bit for further security and privacy). Some notify-send problems aside, everything seemed okay and all until I ran into an annoying DNS leakage issue.
Despite having OpenVPN configured, a nice and stable connection, DNS leakage was still a problem. While the Mullvad VPN app does a great job preventing this, I prefer using OpenVPN directly or even WireGuard in last resort since getting mullvad-vpn to work properly on any non-systemd distro is near impossible (I tried it hard). But you probably shouldn't be using any software like that anyways. So, I was left high and dry with DNS leaks.
What I Tried (And failed):
1. `resolv.conf` Tweaks:
- Directly editing `/etc/resolv.conf` didn’t solve the leakage.
2. NetworkManager Settings:
- I tinkered with NetworkManager settings, manually setting DNS servers, but still faced DNS leaks.
3. Mullvad custom .config file:
- Even with Mullvad’s custom .config file, using "dhcp-option", with no results :p
Not sure what was failing, logs showed nothing relevant, I would restart the service multiple times, the VPN always resorted to the same unwanted dns server.
After struggling with the most obvious solutions, I gave up to a simple one: DNS over HTTPS in every applicable software. Instead of dealing with messy system settings, I set up DoH in my browsers and so on to use custom DNS servers. Mullvad has also some promising-looking ones in terms of privacy (https://mullvad.net/pt/help/dns-over-ht … s-over-tls). It's very trivial to do it in most browsers.
By using DNS over HTTPS in your browser, you encrypt your DNS queries, preventing them from leaking outside your VPN tunnel. Surely you may want to turn it off if not using a VPN, and it might make the connection slightly slower. Still it’s a neat, although not ideal, way to bypass the complicated system-wide configuration issues, especially when working with Devuan and SysVinit. It’s a simple fix that doesn’t really require much knowledge and work.
Has someone run into this problem? Would love suggestions :P
Note: dnsmasq for DNS management could be a viable system-wide solution to handle this but I haven't tried it.
#27 Re: Off-topic » Secure Boot? Yes, we've heard of it ... » 2024-07-29 15:33:17
@igorzwx
ahaha yeah, often it just ends up causing more headaches (much like other Poettering projects, IMO).
Personally, I just find it tricky to set up and too buggy in practice. It feels like a temporary fix rather than a real solution.. still waiting for something that actually works smoothly :P
#28 Re: Hardware & System Configuration » black screen on boot or splash screen stuck [PSA] » 2024-07-29 15:15:19
Great PSA on BIOS/UEFI issues. Disabling fast boot and Legacy might help a lot. One should consider updating the BIOS/UEFI firmware or kernel too...
Some years ago I had the same problem, but reinstalling GRUB and forcing the machine to boot from UEFI did it for me :P different root causes too i guess
Thanks for sharing the information.
#29 Re: Off-topic » Secure Boot probably not as secure as users would prefer » 2024-07-28 21:44:33
Secure boot just kind off sucks, it can be quite a hassle to manage and update keys, especially if you’re dealing with custom or older hardware like me..
@nahkhiirmees
Running {Core/Libre}boot in a VM sounds like a cool idea, actually. It’s like trying out new firmware without committing to the hardware. Just don’t expect it to be the exact same experience as the real deal i guess aha
@quickfur
Totally agree. Logging into X as root is too risky with all that code running. A single flaw could be a major issue there... best to keep root access limited and avoid unnecessary risks :p
#30 Re: Installation » After installing firmware, runlevel is unknown » 2024-07-28 21:17:49
Heyo, start by checking the runlevel of your runlevel settings and check your init scripts in /etc/init.d/ for any incorrect settings. Might want to check into your boot logs with dmesg and journalctl -xb too. then check /etc/lxc/auto and check the LXC logs in /var/log/lxc/ to verify that your LXC container's autostart settings are correct. Re-configuring all packages with dpkg-reconfigure -a may also help... If the problem persists, hit up the #devuan IRC channel or something... anyways, good luck 
P.s. In last resort, reinstall the firmware packages one by one to see if any of them are the culprits 
#31 Re: Other Issues » Chrome updates again, and ad-block still works » 2024-07-28 20:59:56
ηMatrix is just a superior add-on to your browser. I actually just noticed it's for PaleMoon only, so for chrome you might want to go with uMatrix. It just overall manages better the creepy websites requests and targets a wider spectrum of those...
#32 Re: Other Issues » Chrome updates again, and ad-block still works » 2024-07-17 17:52:59
They aim for weekly patches to fix bugs, still sometimes delays happen for bigger changes or stability checks i guess. As for the new extensions platform (Manifest V3) affecting ad-blockers and privacy tools, i don't know about any major delay announcements. If you haven’t seen any changes or warnings, they might be rolling it out gradually to avoid issues or something. It's good news that your extensions are still working fine, though. I would just recommend ηMatrix and not using chrome maybe 
#33 Re: Installation » [SOLVED] Some problems after upgrading to Daedalus » 2024-07-17 17:43:37
in regards to the first problem, is pulseaudio installed?
#34 Re: Freedom Hacks » Frustration with Mullvad » 2024-07-17 17:38:07
I think it's pretty straightforward. Just download the Mullvad signing key and save it to /usr/share/keyrings using curl or whatever and then add the Mullvad repository to your APT sources list and reference the signing key.
Board footer
