arch-delugevpn icon indicating copy to clipboard operation
arch-delugevpn copied to clipboard

Published 20 hours ago verified publisher icon binhex

DNS server not pulled from airvpn

Open MarlonSchultz opened this issue 3 years ago • 1 comments

I am not sure if the OpenVPN settings allow for DNS leaks.

I am using the AirVPN setup with an OVPN file generated by the service. My external IP is an AirVpn exit node as expected. My DNS server is however not pulled from AirVpn.

Test System Unraid

Unraid 6.92 (5.10.28 Kernel) DeluveVpn:latest (977daa2ac84d) Environment vars injected into the running container:

PUID=99
HOSTNAME=f523c9bbc53e
VPN_PROV=airvpn
VPN_ENABLED=yes
VPN_OUTPUT_PORTS=
UMASK=000
VPN_CLIENT=openvpn
PWD=/
VPN_OPTIONS=
LAN_NETWORK=192.168.1.0/24
TZ=Europe/Berlin
HOME=/home/nobody
LANG=en_GB.UTF-8
PGID=100
DELUGE_WEB_LOG_LEVEL=info
ENABLE_PRIVOXY=no
TERM=xterm
HOST_OS=Unraid
STRICT_PORT_FORWARD=yes
SHLVL=1
VPN_INPUT_PORTS=
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DEBUG=false
DELUGE_DAEMON_LOG_LEVEL=info
_=/usr/sbin/printenv

Checking the IP and DNS Server the docker container comes up with this:

sh-5.1# curl ifconfig.io
82.102.27.171
sh-5.1# python3 dnstest/dnsleak.py 
Starting DNS leak test via system resolver...
Discovered DNS recursors are:
  84.200.69.80 (No PTR) hosted by Accelerated IT Services GmbH in , Germany
sh-5.1#

The DNS is unexpected to me. The obtain DNS servers i used this gist: https://gist.githubusercontent.com/Tugzrida/6fe83682157ead89875a76d065874973/raw/6e995a779db79327e376ec92e667211f7d130fc4/dnsleaktest

The resolver in the container has these settings, I have not set the environment var name_servers

sh-5.1# cat /etc/resolv.conf 
nameserver 84.200.69.80
nameserver 37.235.1.174
nameserver 1.1.1.1
nameserver 37.235.1.177
nameserver 84.200.70.40
nameserver 1.0.0.1
sh-5.1#

Expected behaviour without Docker on Ubuntu

If I do use Eddi (airvpn tool) on Ubuntu the DNS is being set correctly.

python3 dnsleak.py 
Starting DNS leak test via system resolver...
Discovered DNS recursors are:
  213.152.187.200 (No PTR) hosted by Global Layer B.V. in , Netherlands

Is the behaviour I am seeing expected with the docker setup? Or is there some flag to inject? Having DNS not from the VPN provider is worrisome to me. AirVPN seems to highlight that the DNS servers should be pulled from their servers (https://airvpn.org/specs/)

MarlonSchultz avatar Dec 11 '21 14:12 MarlonSchultz

I did open a pull request at the base image repository.

https://github.com/binhex/arch-int-vpn/pull/29

MarlonSchultz avatar Dec 20 '21 07:12 MarlonSchultz