amnezia-client icon indicating copy to clipboard operation
amnezia-client copied to clipboard

Published 20 hours ago verified publisher icon amnezia-vpn

Problem with DNS servers

Open IlushaGovnocoder opened this issue 11 months ago • 14 comments

I can’t access websites when VPN is enabled. Pings IP addresses, but when trying to ping google.com or other domains it gives an error. VPN works on other devices

Amnezia: 4.4.0.0 Linux: KaOS rolling

IlushaGovnocoder avatar Mar 22 '24 15:03 IlushaGovnocoder

4.5.0.0 from github Manjaro Linux AmneziaWG - DNS not working. AmneziaDNS nor 8.8.8.8/1.1.1.1 etc Amnezia OpenVPN over Cloak works well

Guest007 avatar Apr 06 '24 14:04 Guest007

Please test https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.5.3.0

pokamest avatar Apr 22 '24 01:04 pokamest

Please test https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.5.3.0

Thank you. But it's not work for me now

Connect established, but dns not acceptable.

Guest007 avatar Apr 22 '24 09:04 Guest007

Not working for me image image

DmitriyMolch avatar May 30 '24 17:05 DmitriyMolch

This problem also remains in version 4.6.0.3 (AmneziaWG). OS: Manjaro linux 24.0.5. 01_08_2024_15-10-42 01_08_2024_15-10-26

evgeny-gerasimov avatar Aug 01 '24 12:08 evgeny-gerasimov

Same problem with Arch Linux. AmneziaVPN version 4.6.0.3. Unable to resolve domain names with OpenVPN and AmneziaWG. OpenVPN over Cloak works fine.

GILLIBON avatar Aug 02 '24 08:08 GILLIBON

Same problem here.

teamfighter avatar Aug 05 '24 13:08 teamfighter

Linux 6.1.0-22-amd64 Debian 6.1.94-1 (2024-06-21) x86_64 GNU/Linux

both on 4.6.0.3 and 4.5.0.0 has the same problem.

Vpn on:

❯ nslookup google.com
;; communications error to 192.168.50.1#53: connection refused
;; communications error to 192.168.50.1#53: connection refused
;; communications error to 192.168.50.1#53: connection refused
;; communications error to 8.8.8.8#53: connection refused
;; communications error to 8.8.4.4#53: connection refused
;; no servers could be reached

and whithout vpn:

❯ nslookup google.com
Server:		192.168.50.1
Address:	192.168.50.1#53

Non-authoritative answer:
Name:	google.com
Address: 142.250.186.142
Name:	google.com
Address: 2a00:1450:4026:803::200e

i decided to check:

vpn off:

❯ nc -vz 142.250.186.142 443
Connection to 142.250.186.142 443 port [tcp/https] succeeded!
❯ nc -vz 142.250.186.142 80
Connection to 142.250.186.142 80 port [tcp/http] succeeded!
❯ nc -vz 8.8.8.8 53
Connection to 8.8.8.8 53 port [tcp/domain] succeeded!

vpn on:

❯ nc -vz 8.8.8.8 53
nc: connect to 8.8.8.8 port 53 (tcp) failed: Connection refused
❯ nc -vz 142.250.186.142 80
Connection to 142.250.186.142 80 port [tcp/http] succeeded!
❯ nc -vz 142.250.186.142 443
Connection to 142.250.186.142 443 port [tcp/https] succeeded!

TL;DR : so, my workaround was this:

❯ sudo iptables -L | grep DNS
Chain amnvpn.310.blockDNS (1 references)
Chain amnvpn.320.allowDNS (1 references)
Chain amnvpn.a.310.blockDNS (1 references)
amnvpn.310.blockDNS  all  --  anywhere             anywhere            
Chain amnvpn.a.320.allowDNS (1 references)
amnvpn.320.allowDNS  all  --  anywhere             anywhere            
amnvpn.a.320.allowDNS  all  --  anywhere             anywhere            
amnvpn.a.310.blockDNS  all  --  anywhere             anywhere

I thought that it looks wierd, and i decide to delete some rules 1 by 1 (cuz i have no idea how iptables works):

sudo iptables -F amnvpn.a.310.blockDNS

and now everything is working, except amnezia dns:

❯ nc -vz 8.8.8.8 53
Connection to 8.8.8.8 53 port [tcp/domain] succeeded!
❯ nslookup google.com
Server:		192.168.50.1
Address:	192.168.50.1#53

Non-authoritative answer:
Name:	google.com
Address: 216.58.209.206
Name:	google.com
Address: 2a00:1450:4026:803::200e

Still need to hit sudo iptables -F amnvpn.a.310.blockDNS each time i need to use vpn!!

FeorPrime avatar Aug 07 '24 22:08 FeorPrime

If I understand the logic in client/platforms/linux/daemon/dnsutilslinux.cpp correctly amnezia-client tries to send information about new DNS servers via DBUS to local resolver (systemd-resolved), and blocks all other DNS requests with the firewall rule amnvpn.a.310.blockDNS. If local resolver is disabled (default on Arch and Manjaro), it causes an error in DNS name resolution.

You can start systemd-resolved before connecting to VPN to fix this issue: sudo systemctl start systemd-resolved

or enable it on system boot sudo systemctl enable systemd-resolved

f0ma avatar Aug 22 '24 13:08 f0ma

It didn't work for me with Kali Linux, I installed systemd-resolved and started service, it's running, but when I turn on VPN and try to find IP of google.com it writes: nslookup google.com
Server: 127.0.0.53 Address: 127.0.0.53#53

** server can't find google.com: REFUSED

Moreover, after VPN turned off, DNS still was not working. I had to write nameservers to resolv.conf file manually to restore Internet without VPN.

dsonozaki avatar Sep 02 '24 10:09 dsonozaki

I solved issue by changing nameserver 127.0.0.53 to nameserver 172.29.172.254 (it's the address of Amnezia DNS) in /etc/resolv/conf and not reloading systemd-resolved after making changes. It seems that there is no DNS leak and everything works fine.

dsonozaki avatar Sep 02 '24 10:09 dsonozaki

With 4.7.0.0 AmneziaWG started to work OS: Manjaro Linux Client app from Releases page here

Guest007 avatar Sep 03 '24 20:09 Guest007

Doesn't work for me when the systemd-resolved and the VPN are active both. I have to do systemctl disable systemd-resolved systemctl stop systemd-resolved and just then DNS resolve works again. EndeavourOS Amnezia 4.7.0.0

Kolbasyatin avatar Sep 21 '24 15:09 Kolbasyatin