linux-app icon indicating copy to clipboard operation
linux-app copied to clipboard

Published 20 hours ago verified publisher icon ProtonVPN

DNS leak on linux GUI app

Open parrotx-proton opened this issue 4 years ago • 8 comments

While the linux cli successfully updates the nameservers in /etc/resolv.conf the GUI does not and hence results in an DNS leak.

parrotx-proton avatar Jun 23 '21 14:06 parrotx-proton

Hey @parrotx-proton

There shouldn't be any difference in that regard as both use the same backend (library). Could you be more specific how you came to this conclusion ?

calexandru2018 avatar Jun 23 '21 14:06 calexandru2018

Connected to one of the NL Servers via. GUI, went to dnsleaktest.com and I could see my ISP's servers getting picked up. Further I checked my /etc/resolv.conf, it had no entries for ProtonVPN's DNS servers ie. 10.8.8.1 or 10.7.7.1

OS Info: Linux parrotx 5.10.0-6parrot1-amd64 #1 SMP Debian 5.10.28-6parrot1 (2021-04-12) x86_64 GNU/Linux

parrotx-proton avatar Jun 24 '21 10:06 parrotx-proton

I am having leaks with both GUI and CLI. Tried several servers (Plus and basic). Tried with Netshield full and secure core. Always leaking. Debian unstable with Network-manager, IWD and systemd-resolved.

heiserhorn avatar Jun 24 '21 19:06 heiserhorn

Hey @parrotx-proton

We've attempted to recreate this behavior but were not able to find any DNS leaks.

Edit: Does this happen when you're on Wifi/Ethernet, changing networks or simply only when you connect once ?

calexandru2018 avatar Jun 29 '21 09:06 calexandru2018

Hi @calexandru2018,

Setup was nothing special. Added repositories using a deb file and apt get install protonvpn Since I am working on VM's its working over ethernet. I was not changing networks or doing anything special.

I was using cli for quite a while but notice that it had 2 problems(havent opened issues yet as I didnt do much investigation from my end)

  1. If you shutdown the machine without issuing a disconnect the Proton DNS entries in /etc/resolv.conf remain and hence on next startup any DNS resolution will simply fail.
  2. On many occasions it just simply fails to connect and throws authorization error even with correct credentials. I didnt get any --debug flag to investigate further.

Hence I decided to fallback on the GUI client which works for most of the part other than leaking DNS. I never saw entries in /etc/resolv.conf getting modified by this client.

image

parrotx-proton avatar Jun 29 '21 12:06 parrotx-proton

@calexandru2018 since I see a few other people have also reported similar issues albeit with slight variations. I guess may also be related to the environment. Could you have some test setup with VM's using the same OS?

parrotx-proton avatar Jun 29 '21 12:06 parrotx-proton

Hello everybody,

We wrote a post yesterday thinking that we found a workaround, but today it didn't work :-( So in our case the /etc/resolv.conf is reset by dhclient every time that the IP address is renewed.

We have one DHCP profile with all automatic settings, and one static IP profile. The issue comes with the DHCP profile (the static one is only used to configure a specific device, without internet connection).

The issue is the same on 2 devices with Linux Debian.

SwissTico avatar Jun 30 '21 05:06 SwissTico

Hi protonvpn team, I have noticed that the oldest unsupported version of protonvpn-cli does not leak DNS. I have checked this with ipleak.org. So can you please implement the same approach in new protonvpn app and cli as soon as possible. Thank you very much

gituser987654 avatar Feb 26 '22 18:02 gituser987654