PC’s, have two problems with the use of VPN’s:
- If the VPN drops out and the normal internet connection will continue, after which information and activities can be found. It usually takes a while for u know that ur VPN is stopped and u are using ur own ip that can recognize u (It will only happen during a PenTest lol).
- U also have the problem of “DNS Leakage” Domain nameservers are like phone-books, the name (www address) that you type into your browser, is translated into a number that the server can be reached. Well actually VPN’s encrypt ur connection but in some cases it happens that the DNS lookup STILL goes via ur regular internet connection is. This is called a “Dns leak” and means that ur ISP can look at what sites you go, etc. Nowadays it is common that ur ISP neatly store’s that information by storage obligation this is not what u want. This problem is common when routers and computers are set to dhcp with automatic setting. This is the kind of information that all the sites you visit, as well as their advertisers and any embedded widget, can see and collect.
The DNS testing leaks:
- Connect to ur VPN, go to this site: http://entropy.dns-oarc.net or https://www.grc.com/dns/dns.htm
- Click Test, and ignore messages as “good, great” and everything except dns resolver addresses.
- In the latter address click initiate bottom of the page, ignore ‘spoof ability’, everything except addresses listed as ‘nameserver’ and ‘server name’.
- Check each IP address mentioned in that list, use infosniper or use Robtex. Make sure none of those IP addresses is ur IP or indicates that the IP is from ur ISP.
If the latter is the case, you have a DNS leak, if none of the IP’s appears not from ur ISP then you are safe.
To fix a DNS leak:
- let the computer specified dhcp settings instead of using Auto-dhcp settings (for that you are going to use VPN, only required if you are running XP.)
- After you are connected to your vpn put your dns nameserver of your regular internet connection to ‘none’ this particular forcing dns lookups via vpn only.
- Put everything back after you disconnect ur VPN.
- http://dnsleaktest.com has a batch file that’ll auto execute when running OpenVPN that’ll do the DNS work automatically. via @AnonyActivist
How can I fix a DNS leak?
The solution is to ensure that once connected to the anonymity network, you are using ONLY the DNS server/s provided by the anonymity service. As this problem affects predominantly windows clients, only solutions for Windows appear here.
3 basic steps to fix the problem;
- Before connecting to the VPN, set static IP address properties if you are using DHCP
- After connecting, remove DNS settings for the primary interface
- After disconnecting, switch back to DHCP if neccessary or reapply original static DNS servers
Solution A – Automatic
If you are using OpenVPN on Windows XP/Vista/7 then a fully automated solution is available.
Download dnsfixsetup.exe – (md5 checksum: f212a015a890bd2dae67bc8f8aa8bfd9)
After installation, when you connect to a VPN server, a batch file will be run executing the 3 steps above.
Three scripts are generated for each OpenVPN configuration file;
- configfilename_pre.bat – executed before the connection is established – Calls pre.vbs – If any active DHCP adapters exist, switch to static
- configfilename_up.bat – executed when the connection is established – Calls up.vbs – Clear the DNS servers for all active adapter except the TAP32 adapter
- configfilename_down.bat – executed after the connection is disconnected – Calls down.vbs – Reconfigure adapters back to their original configuration
If you have any problems or suggestions, please contact me
Solution B – Manually clearing the DNS
The solution below does not switch the adapter to static if you are using DHCP. If you do not switch to a static IP configuration and your computer renews its IP address whilst connected to the VPN, the DNS settings may be overwritten. It is highly recommended switching to a static IP configuration.
- Open the command prompt (cmd.exe) as an administrator.
- Before connecting identify the name of the connected network interface. In the case below it is “Local Area Connection”
netsh interface show interface
- Connect to the VPN. Once connected proceed to the next step.
- Flush the DNS resolver cache
- Disable the DNS configuration for the Interface identified in step 1
netsh interface IPv4 set dnsserver "Local Area Connection" static 0.0.0.0 both
- Test for DNS leaks.
- After disconnecting, reconfigure the adapter to renew the previous DNS settings
netsh interface IPv4 set dnsserver "Local Area Connection" dhcp
- Once again, flush the DNS resolver cache.