• Pop!_Planet is still very much under development. Data for the wiki is being sourced from the Arch Linux and Ubuntu wikis, along with a bunch of completely unique content specific to Pop!_OS, and sourcing, converting and updating that content takes time; please be patient. If you can't find what you're looking for here, check the Arch Linux and Ubuntu wikis.
  • Welcome!

    I'll get straight to the point.

    When I started Pop!_Planet, I launched it because I saw a need for a centralized community for Pop!_OS. To be frank, I never expected the level of popularity it has achieved. Over the last year, we have gone from under 50 users, to almost 400 users. That's awesome! However... it also comes with a downside. We are rapidly running out of disk space on our server, and the bandwidth costs go up every month.

    Pop!_Planet is not affiliated with System76 in any way, and is funded completely out of pocket. From day one, I said that I'd never use on-site ads (I hate them as much as you do), so the only monetization we get is through donations. Right now, the donations we receive don't even cover our overhead.

    I know that most users will ignore this message, and that's ok. However, if even a few of our users are willing and able to donate a few dollars to help offset our expenses, it would be greatly appreciated.

    Support Pop!_Planet

    Thank you for your time,

    Dan Griffiths
    Pop!_Planet Founder

Guide Beginner Preventing openvpn DNS leaks in systemd-resolved.

derpOmattic

Pop!_Muse
Trusted User
Founding Member
Nov 23, 2018
969
143
20
www.patreon.com
The First thing you should do if you haven’t already is check if your ISP’s DNS is leaking from your Openvpn connection. Two sites you can use to do this are ipleak and dnsleaktest. If your ISP shows up in the results you have a leak and should read on.

Although there are many causes, DNS leaking while using Openvpn with GNOME 3, and by default Systemd-resolved, has been a known issue for a couple years. It may appear like this hasn’t been a priority, but I’m confident that it should be fixed soon. Its actually quite a large privacy, and possibly a safety concern! For example: Consider a journalist who assumes his / her communication is encrypted using Openvpn finding out the hard way that Systemd-resolved had been leaking the true IP, and therefore his / her identity and location!

My concern is this bug is under-reported due to a lot of users not being aware there is a problem because it doesn’t stop functionality! Basically you won’t know unless you check for yourself. I don’t use them, so I’m not certain if this DNS leak happens while using a VPN provider’s client. To specify, this DNS leak is present while using an Openvpn configuration via Network Manager in the GNOME 3 desktop environment. The culprit is Systemd-resolved and, at the time of writing, can confirm it’s present on POP, Ubuntu and Fedora 26 -29. Strangley, it wasn’t present on Fedora 23 - 25. It’s not a Pop!_OS only problem, so don’t bug them about it like I did before I knew better. (@ System76 – sorry!)

This bug, and close variants of it, have been filed since Jun 2017 and Oct 2017 . There’s many more reports but you get the picture.

Ironically, the work-around to fix this bug is to disable Systemd-resolved and install dnsmasq as the default DNS resolver. Currently It’s the easiest way I’ve found to ensure proper functionality and no leaks. Experienced Linux users know dnsmasq well because it had been the default DNS resolver in many distros for a long time. Originally found on the Ubuntu support site, this work around has successfully patched this bug on every OS that has the GNOME 3 desktop.

Let’s begin by opening Terminal ( super + t ) and entering the following commands line-by-line. Don’t enter the lines below that begin with “#” as they are comments*. I’m suggesting nano as the editor because it’s beginner friendly. Alternately, you can use what you want . Once you’ve edited your text in nano press ctrl + x to save and exit. You will need to confirm by typing y at the prompt and then press enter to exit. You'll notice the first line installs dnsmasq, which is prudent because your connection will momentarily stop during this sequence.

In Terminal type;

Code:
sudo apt install dnsmasq

#You will be prompted for your password this one time.

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

sudo nano /etc/NetworkManager/NetworkManager.conf

# add in the "main" section;

dns=default

#Then delete / remove the current symlink by;

sudo rm /etc/resolv.conf

sudo nano /etc/systemd/resolved.conf

#change DNS stublistener to "no". You will have to use the down arrow to see it.

sudo systemctl enable dnsmasq

sudo systemctl restart NetworkManager
To check you have achieved the correct outcome you can run sudo systemctl list-units --type service in Terminal. If dnsmasq is successfully installed and operating it will show as “loaded, active and running”. You should know anyway because if it isn’t right you won’t have an internet connection. You may have to reboot.

With this work around Openvpn has functioned as expected in GNOME 3 without DNS leaks. I'm still hoping for a proper fix but this does the trick. I haven’t been able to confirm a positive fix, but it seems the latest Pop!_OS ISO download (Dec 2018) doesn't have this bug that I can tell. I’m going to keep the work around in place until it is officially confirmed though.


*Comments are necessary, or at least good practice while editing files but these are for the purpose of instruction in this beginner guide.
 
Last edited:

Members online

Latest projects

Forum statistics

Threads
777
Messages
3,544
Members
716
Latest member
shaddow