On 12/18/2017 09:50 AM, [email protected] wrote: > Do anybody know how prevent or disable dns leak with bitmask vpn provider? > > Bitmask when used "out of box" is useless as there are dns leak (checked with dnsleaktest.com). > > Instruction please. >
First: - Block all traffic and whitelist your DNS provider IP with sys-firewall (you should connect your VPN-VM to sys-firewall). For riseup and bitmask you should permit some ip's. Then: - bitmask uses some kind of iptables rules for forward your DNS petitions through the tunnel but it only affects the OUT chain, so when you are using the VM as a netVM for other AppVM this will be skipped and your petitions will go to the address specified in /etc/resolv.conf (probably sys-firewall). The solution is edit /etc/resolv.conf to the default gw of the tunnel. Try 'sudo route -n' and see the gateway which uses tun0 interface. If you do the first step you will protect DNS and any other kind of leaks since a compromised VPN-VM won't know your real address and won't reach direct internet without compromising sys-firewall. I hope it helps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d46a5d0b-e1e7-26cd-fc46-ef14c8f53354%40riseup.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
