this post was submitted on 30 Jan 2024
11 points (100.0% liked)

Proton

5284 readers
29 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
ProtonPrivacy
alex_herrero
Nelizea
11
DNS leak with ProtonVPN (www.linuxserver.io)
submitted 9 months ago by [email protected] to c/protonprivacy
5 comments fedilink hide all child comments
 

cross-posted from: https://sh.itjust.works/post/13781050

Hello!

I did follow this guide but i went with protonvpn. I did achive that i can access my lan with VPN and get ProtonVPN when i check https://ip.me

Im running wireguard on my android and have a wireguard docker solution.

But when i ran an dnsleak test i see my wan IP adress. When i ran proton VPN app i get no leaks but cant access my LAN.

Any tips how i can fix the dns leak?

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (1 children)

I'm a bit confused on what you try to achieve.

I remember that android has "hardcoded" the dns server to be your home ISP router's, that's probably what's causing the dns leak.

On your phone's wireguard config add the following DNS server: 9.9.9.9

~~Or change your private DNS in your connection settings on your phone to: dns.quad9.net.~~ This won't work with wireguard.

I followed a similar tutorial to route all my devices traffic to ProtonVPN and it's miles away of being that complicated, but I have no idea what's your actual use case.

Also, you have to allow all traffic to your client's wireguard tunnel: 0.0.0.0/0.

Hope it helps !

Edit: Ohh it's a wireguard docker server... If I were you, I wouldn't bother to use wireguard in a container... Just install it bare bone on your server !

Edit2: Maybe I'm wrong, but docker containers uses the host's DNS, so this could also be a bad DNS configuration on your host !

[–] [email protected] 1 points 9 months ago (1 children)

Well i think this picture sums up my idea

I will contect to my server with VPN so i can access services on lan. Then i connect to internet via Protons VPN.

When i uses the ProtonVPN app i get no dns leak and uses theirs DNS.

I did allow all traffic on my wireguard tunnel.

I think i will install it barebone. Thanks for your input

[–] [email protected] 1 points 9 months ago (1 children)

Sorry can't see your image, javascript blocked, but reading through your link I suppose you want to route all your traffic from all your devices to ProtonVPN from your host server/wireguard.

I have something similar and followed the following general guidelines: Wireguard VPN endpoint.

While this doesn't solve your DNS problem, I can vouch for the guidelines working on my side (bare bone not in a container). Having all my traffic being routed to my wireguard server and accessing all my containers without DNS leaks.

Hope it helps !

[–] [email protected] 1 points 9 months ago

Aha its the picture from the guide i linked in my original post.

I looked at the link you posted and will compare it to my setup and consider to install wireguard bare metal.

Thanks for your input 😄

[–] supernicepojo 2 points 9 months ago

There are several ways you could leak plain dns. WebRTC requests, which I know ipleak checks, port 53 traffic not being sent through the vpn. There should be a config file that you can modify to help send your dns requests the way you want. This is not uncommon of a problem and you should be able to find a relatively easy solution to this quickly.